Announcement

Collapse
No announcement yet.

applying wsus gpo to only few users

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • applying wsus gpo to only few users

    I have created a new WSUS gpo and accidentally applied it to all domain. I caught it just in time and deleted it. I also deleted all computers from WUSU server what gpo added.

    How do i apply WSUS gpo to only a few users for testing purposes?

    our setup:
    AD: Server 2008 R2
    WUSU server: Server 2008 R2

    I need help with this ASAP!! please...

  • #2
    Re: applying wsus gpo to only few users

    Create a testing group in WSUS admin, and add only the computers you want to test the patches on, and approve the patches you would like to test for your testing group.
    Last edited by georgeeye; 6th August 2010, 19:04. Reason: added content

    Comment


    • #3
      Re: applying wsus gpo to only few users

      Also create a GPO linked to an OU and change the update settings there, then move the computers (not users) into that OU. If you dont do that, no computers will be picked up in WSUS
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: applying wsus gpo to only few users

        As Ossian suggested, create an OU (or a sub-OU of the current OU containing your computers) for the computers to apply the policy to. This is far more managable than security filtering of the GPO.

        Also keep in mind that registering a computer with WSUS is a computer setting, not a user setting.
        Gareth Howells

        BSc (Hons), MBCS, MCP, MCDST, ICCE

        Any advice is given in good faith and without warranty.

        Please give reputation points if somebody has helped you.

        "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

        "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

        Comment


        • #5
          Re: applying wsus gpo to only few users

          Thank you all. i will create an OU, move my computers to it and apply the GPO to that container.

          Also, as stated earlier, i had applied the wusu GPO by mistake to the whole domain and caught it just in time and removed it. In that little time, 5 servers and 6 workstations were added to WSUC, which i have since removed.

          Do i have to go into these servers and computers and manually set the windows download to " download from Microsoft "? Or should it have automatically be revert back?

          I don't want this setting for good.

          I hope you understand what i am trying to say.

          thank you

          Comment


          • #6
            Re: applying wsus gpo to only few users

            Yes, you will probably need to reset each machine's settings.

            Out of interest... why on earth would you not want everything to go through WSUS? Even for servers - you would still configure them to only install updates when you want it to rather than automatically, but you download everything once rather than once per machine, you get central approval of updates and you get reports of the status of each machine.
            Gareth Howells

            BSc (Hons), MBCS, MCP, MCDST, ICCE

            Any advice is given in good faith and without warranty.

            Please give reputation points if somebody has helped you.

            "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

            "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

            Comment


            • #7
              Re: applying wsus gpo to only few users

              This is the route we are taking. Once i test the heck out of wsus, i will link wsus gop to the domain and have everything go through wsus server.

              for now, i want to remove the windows update agent that got installed on each server and worksation.

              How would i uninstall this agent? specially on server 2008 r2?

              Comment


              • #8
                Re: applying wsus gpo to only few users

                Create another GPO that points them all at Microsoft Update -- the agent is always there, it is just the target that changes
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment


                • #9
                  Re: applying wsus gpo to only few users

                  Thank you Ossian, this was a simple solution which i did not think of. I got so nervous thinking i screwed up our whole environment, but if all it takes is another gpo to point them back to Microsoft.com, thats easy.

                  thank you so much .

                  Comment


                  • #10
                    Re: applying wsus gpo to only few users

                    No problem!

                    WSUS is one of the less risky products in the MS range -- very robust, fit for purpose and easy to use. You will enjoy it!
                    Tom Jones
                    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                    PhD, MSc, FIAP, MIITT
                    IT Trainer / Consultant
                    Ossian Ltd
                    Scotland

                    ** Remember to give credit where credit is due and leave reputation points where appropriate **

                    Comment


                    • #11
                      Re: applying wsus gpo to only few users

                      Quick question for anyone to assist me.

                      I have set the gpo to 'download and notify' on users end via GPO. Also, i have applied this GPO to about 20 computers.

                      I can see the computers being populated in WUSU. I have also setup my WUSU to auto approve updates. Is this the proper way to go about this?

                      I am only downlading critical and security updates. Does this mean WSUS will download all these (1620) updates?

                      How does this work?

                      thank you in advance.

                      Comment


                      • #12
                        Re: applying wsus gpo to only few users

                        I would not auto approve updates in WSUS -- maybe it takes more time but I prefer to be in control

                        If WSUS is configured to download after approval it will only download required updates, not all of them, so the count may be less
                        Tom Jones
                        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                        PhD, MSc, FIAP, MIITT
                        IT Trainer / Consultant
                        Ossian Ltd
                        Scotland

                        ** Remember to give credit where credit is due and leave reputation points where appropriate **

                        Comment


                        • #13
                          Re: applying wsus gpo to only few users

                          OK i have disabled auto approval. But the first initial download of all udpates isnt going to cause any issues it? This is how i have setup my environment:

                          In my WSUS i see all my workstations and my servers. I have created 7 groups organized by OS versions (xp, 2000, 2003, 2003 r2, 2008, 2008 r2). I have placed servers and computers in their respective groups.

                          I had approved all updates ( i approved all updates the first time) and then WSUS started downlaoding them. After couple of hours, all updates have been downloaded (i am only downloading critical, security updates for the above mentioned OS'es).

                          This is where i am confused. Are my workstation and servers to automatically receive these updates? if so, i dont see any workstations being prompted. Under all Updats when i set the fiters to any, any, Most of the updates say 100% and under Approval it says Install. What does that mean? Quite a fiew have the yellow exclamation and some stop icons.

                          I have disabled auto approval of all updates after the first inital auto approval process.

                          thanks,

                          Comment


                          • #14
                            Re: applying wsus gpo to only few users

                            On the 2008 servers, run Windows Update and check it says "get updates from WSUS" or similar (but not "from Microsoft Update")

                            On 2003 machines, no easy way of checking they are OK but if they report to WSUS they should be
                            Tom Jones
                            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                            PhD, MSc, FIAP, MIITT
                            IT Trainer / Consultant
                            Ossian Ltd
                            Scotland

                            ** Remember to give credit where credit is due and leave reputation points where appropriate **

                            Comment


                            • #15
                              Re: applying wsus gpo to only few users

                              OK thanks. I am getting all the updates, and workstations are showing up WSUS, so far so good.

                              My only concern is that most of these updates talk about superseding updates which i am not sure how to find, besides that everything else is functioning.

                              thanks for all your assistance.

                              Comment

                              Working...
                              X