<div>
<div class="content wysiwyg-content">
I am seeing that computers that I have not assigned a GPO to, download and install updates on weekends nevertheless. <br />
<br />
I have a computer group called Domain Controllers and Critical Servers, that seem to have updated this weekend, based on the install timestamp, despite not having any GPO assigned to them for scheduling. Therefore, I have configured a GPO and attached it to the Domain Controllers OU and disabled &quot;Enable client-side targeting&quot;, &quot;Specify internet Microsoft update service location&quot; and &quot;Configure Automatic Updates&quot;, so that no action will be taken with servers residing in the Domain Controllers OU.<br />
<br />
Is this the way to go when attempting to prevent these machines from getting updated? <br />
<br />
When I want them to be updated in a staggered fashion, I simply move a single DC to a server group that I know has a configured GPO assigned to it.<br />
<br />
As it is now, any computers assigned to a Computer Group, despite not having an GPO applied to them, update nevertheless by default. <br />
<br />
Is this correct?
</div>
</div>


I am seeing that computers that I have not assigned a GPO to, download and install updates on weekends nevertheless. 

I have a computer group called Domain Controllers and Critical Servers, that seem to have updated this weekend, based on the install timestamp, despite not having any GPO assigned to them for scheduling. Therefore, I have configured a GPO and attached it to the Domain Controllers OU and disabled "Enable client-side targeting", "Specify internet Microsoft update service location" and "Configure Automatic Updates", so that no action will be taken with servers residing in the Domain Controllers OU.

Is this the way to go when attempting to prevent these machines from getting updated? 

When I want them to be updated in a staggered fashion, I simply move a single DC to a server group that I know has a configured GPO assigned to it.

As it is now, any computers assigned to a Computer Group, despite not having an GPO applied to them, update nevertheless by default. 

Is this correct?

Question about WSUS updates not using GPO

Windows Server 2012 is the server version of Windows 8 and the successor to Windows Server 2008 R2. Windows Server 2012 is the first version of Windows Server to have no support for Itanium-based computers since Windows NT 4.0. Windows Server 2012, now in its second release (Windows Server 2012 Release 2) includes Foundation, Essentials, Standard and Datacenter, and does not support IA-32 or IA-64 processors.

Windows Server 2012

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).

Windows Server 2003

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.