Announcement

Collapse
No announcement yet.

How to apply WSUS update to selected Windows Server only (not all domain) ?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to apply WSUS update to selected Windows Server only (not all domain) ?

    Hi All,

    can some one confirms me that the following steps is correct for applying WSUS update to selected Windows Server only ?

    On ADUC

    1. Create a custom OU for WS 2003
    2. drag n drop the WS 2003 computer account into the custom OU
    3. right click on the custom OU above and create WSUS policy to be applied only for those WS2003 inside the custom OU

    On WSUS 3.0 console

    1. Create rule for auto approve update for the selected WS 2003 custom OU
    2. Synch the WSUS server

    The reason that i don't want to update all PC/Server is that some Critical Windows Server I prefer to manually update it (through browser).

    Please let me know if I miss something here.

    Thanks.

  • Ossian
    replied
    Re: How to apply WSUS update to selected Windows Server only (not all domain) ?

    What I would recommend is to have all computers under WSUS but:
    1) Put clients and servers in separate OUs
    2) Set a GPO for client OU to automatically update from WSUS
    3) Set a GPO for server OU to get updates from WSUS but NOT to automatically install

    That way you are controlling the updates at two levels:
    A) allowing them into WSUS
    B) deciding when/if to install them on the servers

    Leave a comment:


  • tehcamel
    replied
    Re: How to apply WSUS update to selected Windows Server only (not all domain) ?

    yes, that would work
    your other option would be to have all devices get the wsus policy regardless, but then using computer groups within wsus, separate them that way, and only approve patches to a specific group...

    Leave a comment:

Working...
X