• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 57
  • Last Modified:

Need to have users computers get their windows updates from our SUS server

I have a SUS server setup and now I need to know where in the Group Policy I can push out to all of the users computers, so that they they get their updates from our SUS server and not from Microsoft site..
Can anyone tell me where this is on the Group Policy and what I need to set?
0
vmich
Asked:
vmich
1 Solution
 
yo_beeDirector of ITCommented:
Check to see if you have Computer Configuration\Administrative Templates\Windows Components\Windows Update..  If not you will need to download the ADM file and add it to your GP.
 
Here is the TechNet that you should follow.
You will need to add WSUS ADM file to your system
https://msdn.microsoft.com/en-us/library/dd939933(v=ws.10).aspx
https://technet.microsoft.com/en-us/library/cc720539(v=ws.10).aspx
0
 
IvanSystem EngineerCommented:
Hi,

settings can be found in Computer Configuration --> Policies --> Administrative Templates --> Windows Componenets --> Windows Update
In there, 2 options that you must set are:
1. Configure Automatic Updates
2. Specify intranet Microsoft Update service location --> this is your wsus server

You can off course configure additional options, but those 2 are must.

Regards,
Ivan.
0
 
No MoreCommented:
You need to create groups on WSUS server, 1 group for user computers and 1 for servers

Then Group policy:

Computer Policy\Administrative Templates\Windows Components\Windows Update

1, Specify Intranet Microsoft Update Service Location     \\yourWSUSserver
2, Enable Client-Side Targeting       Users computers   (Set up on WSUS)

There are few more options , which are up to you
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
vmichAuthor Commented:
can this be done also just via the SUS server and not via the GP or does it have to be setup in the GP also?
0
 
No MoreCommented:
Group Policy  has to be set / aplied to computers to make this work
0
 
vmichAuthor Commented:
Ok just so I am 100% sure on this, even though I setup the SUS side and have computers showing up in there, I have to still enable the GP piece also for this to work correct, not just setting up the SUS side correct?
0
 
No MoreCommented:
Specify Intranet Microsoft Update Service Location = Is a must
this tuns on "Download Updates From Wsus"
0
 
vmichAuthor Commented:
Ok will check it out.
Thanks
0
 
No MoreCommented:
Also don't forget It will download only those updates you Aprove
0
 
vmichAuthor Commented:
Ok
0
 
vmichAuthor Commented:
David,
Just an update..
I have checked a couple computers and they do have the registry entry(WUServer and WUStatusserver) with the name of our SUS server on them but we don't have anything setup via GPO just via the SUS server itself.
Also when I check the computer policy on these same computers, they don't show anything enabled meaning nothing from a GP.
Is there anyway to tell if these workstations are getting their updates via Microsoft web site and not our SUS?
0
 
No MoreCommented:
I actually think by default it's that way unless you change settings in WSUS

WSUS : Options - Computer

By default computers will be added to unassigned computer group in WSUS

Wuauclt /registernow /detectnow     to recheck WSUS on Computers
0
 
vmichAuthor Commented:
David,
Two things.
First do I run that command (wuauclt)you gave on the pc at the dos prompt because when I run it, it looks like it runs but I never see anything come up or do I run that on the SUS server?

Ok I see on our network appliance that the other day there was about 450 request going out to
au.ds.windowsupdates.com
This should not be since it appears the  pc look as if they are talking with our SUS server.
Any idea what this means?
0
 
No MoreCommented:
Wuauclt /registernow /detectnow  this comomand    won't show output, as it's just to make sure, that Computers are using WSUS as a source of updates

You are sorted

But, I would suggest, to set it for GPO options in some stage, in case you need to control / manage specific updates to certain groups / departments
0
 
vmichAuthor Commented:
David,
Sorry to bother you again with this but I found in our GPO yesterday that there is two GPOs one for computers and one for servers and they are named SCE Managed Group Policy Computers and
SCE Managed Group Policy Servers. We did not create these so I am wondering if this Is this what is created if you have the selection in computers for use the update service console?
When I check one of the pc's, it does show our SUS server name that it appears to be using.
0
 
No MoreCommented:
I would say WSUS created these groups for it self, I actually never ran WSUS in setup what you have, I always had full GPO control.
0
 
vmichAuthor Commented:
create groups in wsus and setup in GP
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now