Question

Locked

WSUS and Domain Controllers/Servers - Help Please!

By dishneggo ·
Here is my scenario:

Workstations are working flawlessly. However domain servers lost the ability to manually check for update.

Newly installed WSUS server:
-Created OU and added all the workstations from each location to it.
-Created Security group inside OU for each location and added the workstations to it.
-Configured WSUS GP and linked the OU.
Linked the Security group under the Security filtering inside the GP.

What am I missing here?
Any server that is a domain member is located under the Server OU in its respective location.

Any help is greatly appreciated!

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

What software are you using?

It will help us if you could add on a little more detail about your software.

Collapse -

Sounds like WSUS is working like it should.

by CG IT In reply to WSUS and Domain Controlle ...

Once installed, no hosts [and that's servers, workstations] should be able to manually update from Microsoft's Windows Update site. All updates come from WSUS so when you go to Microsoft's site, all should get an error stating contact the network admin.

Collapse -

that's correct - look for them in your WSUS Console

by netwrk_admn In reply to Sounds like WSUS is worki ...

Looks for them inside your WSUS server.

if you can't see them there, these command lines will force it (if your check-in interval is set high).

wuauclt.exe /detectnow

wuauclt.exe /reportnow

Collapse -

I might have confused you guys..

by dishneggo In reply to Sounds like WSUS is worki ...

The WSUS is working fine for all workstations.

I want to exclude Servers from WSUS, and the steps listed in my original post, clearly shows I have excluded Servers from the WSUS Group and OU's.

Am I missing something that it is still not excluding the servers?

Thanks all for the replies.

Collapse -

No inheritance setting?

by netwrk_admn In reply to I might have confused you ...

Without know the entire OU structure, is the policy applied on a parent folder where the server OU exists? Therefore it needs to not listen to the parent OU.

I simply have my structure
Computers
> Workstations*
> Servers*

And have applied my OUs at the asterisk level. My only difference is that one group is told it belongs in WORKSTATION folder, and the servers need to go into a SERVER folder on the WSUS.

Collapse -

Re: No inheritance setting?

by dishneggo In reply to No inheritance setting?

My OU's are like this:

Chicago Office
-Servers
-CHI-Computers *

Florida Office
-Servers
-FLL-Computers *

The WSUS GP is linked directly to the *

I don't want the servers to pull from WSUS at all..

Thanks!

Collapse -

well they will still show up in WSUS console

by CG IT In reply to I might have confused you ...

but you can exclude them from WSUS.

Excluded computers in the Software Update Settings window Included and Excluded computer settings.

right from WSUS:

Included Computers adds the machine account to the proper WSUS group and to the security filter of either the Update Services Client Computers or Update Services Server Computers GPOs:

excluding servers is simply not adding them in the included servers setting.

Back to Networks Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums