Solved

Need to have users computers get their windows updates from our SUS server

Posted on 2016-10-17
17
45 Views
Last Modified: 2016-10-21
I have a SUS server setup and now I need to know where in the Group Policy I can push out to all of the users computers, so that they they get their updates from our SUS server and not from Microsoft site..
Can anyone tell me where this is on the Group Policy and what I need to set?
0
Comment
Question by:vmich
17 Comments
 
LVL 22

Expert Comment

by:yo_bee
ID: 41846675
Check to see if you have Computer Configuration\Administrative Templates\Windows Components\Windows Update..  If not you will need to download the ADM file and add it to your GP.
 
Here is the TechNet that you should follow.
You will need to add WSUS ADM file to your system
https://msdn.microsoft.com/en-us/library/dd939933(v=ws.10).aspx
https://technet.microsoft.com/en-us/library/cc720539(v=ws.10).aspx
0
 
LVL 16

Expert Comment

by:Ivan
ID: 41846676
Hi,

settings can be found in Computer Configuration --> Policies --> Administrative Templates --> Windows Componenets --> Windows Update
In there, 2 options that you must set are:
1. Configure Automatic Updates
2. Specify intranet Microsoft Update service location --> this is your wsus server

You can off course configure additional options, but those 2 are must.

Regards,
Ivan.
0
 
LVL 7

Accepted Solution

by:
No More earned 500 total points
ID: 41846687
You need to create groups on WSUS server, 1 group for user computers and 1 for servers

Then Group policy:

Computer Policy\Administrative Templates\Windows Components\Windows Update

1, Specify Intranet Microsoft Update Service Location     \\yourWSUSserver
2, Enable Client-Side Targeting       Users computers   (Set up on WSUS)

There are few more options , which are up to you
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 1

Author Comment

by:vmich
ID: 41846698
can this be done also just via the SUS server and not via the GP or does it have to be setup in the GP also?
0
 
LVL 7

Expert Comment

by:No More
ID: 41846703
Group Policy  has to be set / aplied to computers to make this work
0
 
LVL 1

Author Comment

by:vmich
ID: 41846715
Ok just so I am 100% sure on this, even though I setup the SUS side and have computers showing up in there, I have to still enable the GP piece also for this to work correct, not just setting up the SUS side correct?
0
 
LVL 7

Expert Comment

by:No More
ID: 41846725
Specify Intranet Microsoft Update Service Location = Is a must
this tuns on "Download Updates From Wsus"
0
 
LVL 1

Author Comment

by:vmich
ID: 41846728
Ok will check it out.
Thanks
0
 
LVL 7

Expert Comment

by:No More
ID: 41846730
Also don't forget It will download only those updates you Aprove
0
 
LVL 1

Author Comment

by:vmich
ID: 41846738
Ok
0
 
LVL 1

Author Comment

by:vmich
ID: 41847049
David,
Just an update..
I have checked a couple computers and they do have the registry entry(WUServer and WUStatusserver) with the name of our SUS server on them but we don't have anything setup via GPO just via the SUS server itself.
Also when I check the computer policy on these same computers, they don't show anything enabled meaning nothing from a GP.
Is there anyway to tell if these workstations are getting their updates via Microsoft web site and not our SUS?
0
 
LVL 7

Expert Comment

by:No More
ID: 41847083
I actually think by default it's that way unless you change settings in WSUS

WSUS : Options - Computer

By default computers will be added to unassigned computer group in WSUS

Wuauclt /registernow /detectnow     to recheck WSUS on Computers
0
 
LVL 1

Author Comment

by:vmich
ID: 41847107
David,
Two things.
First do I run that command (wuauclt)you gave on the pc at the dos prompt because when I run it, it looks like it runs but I never see anything come up or do I run that on the SUS server?

Ok I see on our network appliance that the other day there was about 450 request going out to
au.ds.windowsupdates.com
This should not be since it appears the  pc look as if they are talking with our SUS server.
Any idea what this means?
0
 
LVL 7

Expert Comment

by:No More
ID: 41847114
Wuauclt /registernow /detectnow  this comomand    won't show output, as it's just to make sure, that Computers are using WSUS as a source of updates

You are sorted

But, I would suggest, to set it for GPO options in some stage, in case you need to control / manage specific updates to certain groups / departments
0
 
LVL 1

Author Comment

by:vmich
ID: 41848229
David,
Sorry to bother you again with this but I found in our GPO yesterday that there is two GPOs one for computers and one for servers and they are named SCE Managed Group Policy Computers and
SCE Managed Group Policy Servers. We did not create these so I am wondering if this Is this what is created if you have the selection in computers for use the update service console?
When I check one of the pc's, it does show our SUS server name that it appears to be using.
0
 
LVL 7

Expert Comment

by:No More
ID: 41848235
I would say WSUS created these groups for it self, I actually never ran WSUS in setup what you have, I always had full GPO control.
0
 
LVL 1

Author Closing Comment

by:vmich
ID: 41854280
create groups in wsus and setup in GP
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
On some Windows 7 (SP1) computers, Windows Update becomes super slow even the computer is reasonably fast.  There's one solution that seemed to have worked well for me (after trying a few other suggested solutions).
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question