Solved

Question about WSUS updates not using GPO

Posted on 2014-10-06
1
175 Views
Last Modified: 2014-10-20
I am seeing that computers that I have not assigned a GPO to, download and install updates on weekends nevertheless.

I have a computer group called Domain Controllers and Critical Servers, that seem to have updated this weekend, based on the install timestamp, despite not having any GPO assigned to them for scheduling. Therefore, I have configured a GPO and attached it to the Domain Controllers OU and disabled "Enable client-side targeting", "Specify internet Microsoft update service location" and "Configure Automatic Updates", so that no action will be taken with servers residing in the Domain Controllers OU.

Is this the way to go when attempting to prevent these machines from getting updated?

When I want them to be updated in a staggered fashion, I simply move a single DC to a server group that I know has a configured GPO assigned to it.

As it is now, any computers assigned to a Computer Group, despite not having an GPO applied to them, update nevertheless by default.

Is this correct?
0
Comment
Question by:nurturer69
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 35

Accepted Solution

by:
Seth Simmons earned 500 total points
ID: 40363807
i would leave those 2 settings (client-side targeting; intranet location) as not configured and only configure the option to only "download and notify for install"
that way it won't automatically install and reboot
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question