No announcement yet.

GPO and WSUS server

  • Filter
  • Time
  • Show
Clear All
new posts

  • GPO and WSUS server

    Here is my problem, please help if you have any sugesstions.
    specs: windows 2003 sp1 servers, active directory.
    I have 3 dc's and 1 wsus server. 50 xp sp2 clients.
    I have defined an OU for workstations and a gpo for applying wsus updates (wsusclients_gpo). The domain policy does not have any modifications regarding wsus updates.
    Now the policy for clients is working fine.but Although I haven't defined any settings in domain policy, I can see my domain controlers in wsus server console as clients.
    It seems that wsusclients_gpo is applying to DC's , but it's not, because the settings for windows updates are not changed. The dc's seems to report to wsus server their state.(I want to update the servers manualy)

    I want to mention that everything worked very well for a couple of months. I have not done any changes to gpo's or servers.
    I also have 3 fileservers (win2k3 sp1) in a SERVERS ou... and they do not appear in wsus console. All the workstation in COMPUTERS ou apear in wsus console....

    I repeat there is no GPO linked or enabled on these OUs other than domain policy.

    Any ideea why the dc's are apearing in wsus console

    I appreciate your time and help

  • #2
    Re: GPO and WSUS server

    Use GP modeling and GP results to see if the GPO is applying to the DC's. Most likely a security filtering issue. What I did was created 2 security groups, 1 group for computers I wanted WSUS policy to apply too, which consists of all workstations but not DC's or member servers.

    The other group was for all users accept for myself and several other admins. this group filter allows ONLY defined admins access to windows update to allow for manual updating on DC's and servers.