WSUS question

NozzaCNozzaC Member Posts: 44 ■■□□□□□□□□
The lab I was following had me set up WSUS 2 on Win2K3 and use the default domain GPO to set up the client side of things. So what happens now to updates for the server itself? is that now considered a client? If so how come it doesn's show up in the Computers list. If not then how come it's Automatic Updates applet is disabled, like the workstation clients are?

Comments

  • mrmcmintmrmcmint Member Posts: 492 ■■■□□□□□□□
    Is your server a domain controller as well? have you checked the default domain controllers policy?

    run an rsop.msc and see what policies have applied to it.

    I haven't used the default domain policy for this, it doesnt sound right to me.

    I have used the wuau policy template and linked each of these policies to different ou's.

    For example, if you had a sales ou and you wanted to deploy IE7 to all computers in sales, then you wouldn't want to use the default domain policy as it will affect all computers.
    create a gpo for the computer target group you want and link that to the ou of your choice.

    try having a policy for each computer group in wsus.

    just my thoughts..... :)
  • someehsomeeh Member Posts: 143
    NozzaC wrote: »
    The lab I was following had me set up WSUS 2 on Win2K3 and use the default domain GPO to set up the client side of things. So what happens now to updates for the server itself? is that now considered a client? If so how come it doesn's show up in the Computers list. If not then how come it's Automatic Updates applet is disabled, like the workstation clients are?


    When enabling client side targetting you must give a target group name. This group name will also have to be created in the Update Services console, you must specify the server's [url]HTTP://servername[/url] and all the appropiate settings afterwards.
    You need to create a new GPO for this and is not recommended to use the Domain Default Policy. You need to load the wuau.adm template as well. Once you have all that in place do a gpupdate on your clients and in the Computer group you will see your clients snycing up including the server.
  • dalesdales Member Posts: 225
    Yes because every computer within that domain sucks in the default domain policy the wsus server also becomes a client and will update itself accordingly. Of course that is fine for a rlab environment (and recommended so it doesnt get too complicated to start with) but in the real world your likely to come into problems with that.

    You'd normally have a test wsus gpo, and apply new updates to a number of computers to make sure it doesnt bring the network and applications crashing down around your ears. I believe updates to servers are generally done manually unless you have lots of them.
    Kind Regards
    Dale Scriven

    Twitter:dscriven
    Blog: vhorizon.co.uk
  • NozzaCNozzaC Member Posts: 44 ■■□□□□□□□□
    OK so that makes sense.

    I'm not sure it actually working yet though. When I run a report on the status of my client computers all the updates show up as status "unknown". I don't think any actual updates are happening?
  • NozzaCNozzaC Member Posts: 44 ■■□□□□□□□□
    Got it working now thanks. It just needed a bit of time.

    I'm going to upgrade my WSUS 2 to 3 now and see how that changes things. The book unfortunately only covers v2.
  • someehsomeeh Member Posts: 143
    NozzaC wrote: »
    Got it working now thanks. It just needed a bit of time.

    I'm going to upgrade my WSUS 2 to 3 now and see how that changes things. The book unfortunately only covers v2.

    V3 is a snap in console... it's pretty straight forward.
  • mrmcmintmrmcmint Member Posts: 492 ■■■□□□□□□□
    if you want to check how the client pc is doing, go to c:\windows\windowsupdate.log and check it is reporting properly.

    also, run wuauclt /detectnow from client pc to force it to look for updates from wsus.
  • NozzaCNozzaC Member Posts: 44 ■■□□□□□□□□
    Thanks guys - good stuff. SUS is not something I've had practical experience of so it's new to me.

    V3 is a lot slicker isn't it? I wonder why they went with that IIS website UI in the first place?
  • mrmcmintmrmcmint Member Posts: 492 ■■■□□□□□□□
    yep its miles better, just wish the reporting was a little better.... but... it's free so cant moan! :)
  • someehsomeeh Member Posts: 143
    mrmcmint wrote: »
    yep its miles better, just wish the reporting was a little better.... but... it's free so cant moan! :)

    I figured out the reporting features, it is a lot clearer once you are guided in the right direction.
    What part of the reporting do you feel needs improvement?

    NozzaC
    Thanks guys - good stuff. SUS is not something I've had practical experience of so it's new to me.

    V3 is a lot slicker isn't it? I wonder why they went with that IIS website UI in the first place?

    IIS website was required in V2 since it was web based.
  • dalesdales Member Posts: 225
    Yes I've found that the initial adding of computers takes a while I suppose the machines register themselves with wsus first then at the next check cycle then looks for updates. But patience or wuauclt.exe /detectnow works wonders
    Kind Regards
    Dale Scriven

    Twitter:dscriven
    Blog: vhorizon.co.uk
Sign In or Register to comment.