tech911
asked on
Group Policy - W2k8 R2 Server > How To Setup Windows Updates
Overview:
Network, 25 users, Win 7 Pro on desktops, Win 2K8 R2 Server as the Domain Controller, AD, etc...
Need Help With:
I am trying to set up Group Policy to manage the windows updates on both servers and the desktops.
I would like the the desktops to update everyday at 3:00 a.m.
I would like the server to update only on Sunday morning at 3:00 a.m.
I would like to avoid modifying the default domain policy.
( Currently I am just trying to get the desktop policy to work, I will work on the server policy after that)
What has been done so far:
In AD create a security group called = WinUpdateComputers
In AD create an OU called = WinUpdateDesktops
In AD move the WinUpdateComputers into the WinUpdateDesktops OU
Close AD
Open GP Management
Find OU called WinUpdateDesktops
Right Click - > Create and Link GP Here
Select policy configurations > Computer Config > Policyies > Administrative Templates > Windows Components > Windows Updates
Select the Configure Updates Policy > Set it to use the schedule, Select 0 for everyday, set time as 3 a.m.
Close the policy screen
Select the policy you created Find Security Filtering (Bottom of Right Window)
Add the security group WinUpdateComputers
Run gpupdate /force
Reboot one of the desktops to test.
Problem:
The policy does not seem to be applying to the desktop computers properly.
Comments:
All users are local admins on their computers.
SVA-GP1-SS.jpg
Network, 25 users, Win 7 Pro on desktops, Win 2K8 R2 Server as the Domain Controller, AD, etc...
Need Help With:
I am trying to set up Group Policy to manage the windows updates on both servers and the desktops.
I would like the the desktops to update everyday at 3:00 a.m.
I would like the server to update only on Sunday morning at 3:00 a.m.
I would like to avoid modifying the default domain policy.
( Currently I am just trying to get the desktop policy to work, I will work on the server policy after that)
What has been done so far:
In AD create a security group called = WinUpdateComputers
In AD create an OU called = WinUpdateDesktops
In AD move the WinUpdateComputers into the WinUpdateDesktops OU
Close AD
Open GP Management
Find OU called WinUpdateDesktops
Right Click - > Create and Link GP Here
Select policy configurations > Computer Config > Policyies > Administrative Templates > Windows Components > Windows Updates
Select the Configure Updates Policy > Set it to use the schedule, Select 0 for everyday, set time as 3 a.m.
Close the policy screen
Select the policy you created Find Security Filtering (Bottom of Right Window)
Add the security group WinUpdateComputers
Run gpupdate /force
Reboot one of the desktops to test.
Problem:
The policy does not seem to be applying to the desktop computers properly.
Comments:
All users are local admins on their computers.
SVA-GP1-SS.jpg
ASKER
Thank you.
I had reviewed that before, does not seem to help.
I had reviewed that before, does not seem to help.
In AD move the WinUpdateComputers into the WinUpdateDesktops OU
Did you move the actual computer objects into the OU, or just the security group? If you only moved the security group, that's not going to work; the computers themselves must be in the OU for the GPO to apply to them.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
You are the Dr... Nice job, everything you explained makes perfect sense.
Thank you,
Chris
Thank you,
Chris
http://www.grouppolicy.biz/2010/05/how-to-apply-a-group-policy-object-to-individual-users-or-computer/