WSUS question

The lab I was following had me set up WSUS 2 on Win2K3 and use the default domain GPO to set up the client side of things. So what happens now to updates for the server itself? is that now considered a client? If so how come it doesn's show up in the Computers list. If not then how come it's Automatic Updates applet is disabled, like the workstation clients are?

Find more posts tagged with

Comments

mrmcmint

Is your server a domain controller as well? have you checked the default domain controllers policy?

run an rsop.msc and see what policies have applied to it.

I haven't used the default domain policy for this, it doesnt sound right to me.

I have used the wuau policy template and linked each of these policies to different ou's.

For example, if you had a sales ou and you wanted to deploy IE7 to all computers in sales, then you wouldn't want to use the default domain policy as it will affect all computers.
create a gpo for the computer target group you want and link that to the ou of your choice.

try having a policy for each computer group in wsus.

just my thoughts.....

someeh

NozzaC wrote: »

The lab I was following had me set up WSUS 2 on Win2K3 and use the default domain GPO to set up the client side of things. So what happens now to updates for the server itself? is that now considered a client? If so how come it doesn's show up in the Computers list. If not then how come it's Automatic Updates applet is disabled, like the workstation clients are?

When enabling client side targetting you must give a target group name. This group name will also have to be created in the Update Services console, you must specify the server's [url]HTTP://servername[/url] and all the appropiate settings afterwards.
You need to create a new GPO for this and is not recommended to use the Domain Default Policy. You need to load the wuau.adm template as well. Once you have all that in place do a gpupdate on your clients and in the Computer group you will see your clients snycing up including the server.

dales

Yes because every computer within that domain sucks in the default domain policy the wsus server also becomes a client and will update itself accordingly. Of course that is fine for a rlab environment (and recommended so it doesnt get too complicated to start with) but in the real world your likely to come into problems with that.

You'd normally have a test wsus gpo, and apply new updates to a number of computers to make sure it doesnt bring the network and applications crashing down around your ears. I believe updates to servers are generally done manually unless you have lots of them.

NozzaC

OK so that makes sense.

I'm not sure it actually working yet though. When I run a report on the status of my client computers all the updates show up as status "unknown". I don't think any actual updates are happening?

NozzaC

Got it working now thanks. It just needed a bit of time.

I'm going to upgrade my WSUS 2 to 3 now and see how that changes things. The book unfortunately only covers v2.

someeh

NozzaC wrote: »

Got it working now thanks. It just needed a bit of time.

I'm going to upgrade my WSUS 2 to 3 now and see how that changes things. The book unfortunately only covers v2.

V3 is a snap in console... it's pretty straight forward.

mrmcmint

if you want to check how the client pc is doing, go to c:\windows\windowsupdate.log and check it is reporting properly.

also, run wuauclt /detectnow from client pc to force it to look for updates from wsus.

NozzaC

Thanks guys - good stuff. SUS is not something I've had practical experience of so it's new to me.

V3 is a lot slicker isn't it? I wonder why they went with that IIS website UI in the first place?

mrmcmint

yep its miles better, just wish the reporting was a little better.... but... it's free so cant moan!

someeh

mrmcmint wrote: »

yep its miles better, just wish the reporting was a little better.... but... it's free so cant moan!

I figured out the reporting features, it is a lot clearer once you are guided in the right direction.
What part of the reporting do you feel needs improvement?

NozzaC
Thanks guys - good stuff. SUS is not something I've had practical experience of so it's new to me.

V3 is a lot slicker isn't it? I wonder why they went with that IIS website UI in the first place?

IIS website was required in V2 since it was web based.

dales

Yes I've found that the initial adding of computers takes a while I suppose the machines register themselves with wsus first then at the next check cycle then looks for updates. But patience or wuauclt.exe /detectnow works wonders