Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
SUS Server and Group Policy in Active Directory 1
- Thread starter timlowe
- Start date
-
1
- #2
yes, use group policy to do this if your clients are XP and or W2k.
Create a new policy, from the Computer Configuration, expand the Administrative Templates --> Windows Components --> Windows Updates.
Make sure to enable the policies and choose what applies to your network. The server name should be Server Name.
NOTE: Client machines need to have BITS service enabled and started as well as Windows Update Service...
scottie
Create a new policy, from the Computer Configuration, expand the Administrative Templates --> Windows Components --> Windows Updates.
Make sure to enable the policies and choose what applies to your network. The server name should be Server Name.
NOTE: Client machines need to have BITS service enabled and started as well as Windows Update Service...
scottie
- Thread starter
- #3
- Thread starter
- #4
Client machines will only talk to the SUS server if the policy is applied correctly. Check clients C:\WINNT directory for Windows Update.log . This will log communications with the SUS server and what is going on.
Also, you can check the registry in the HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU -
you should see your server name listed as the SUS server...
Once everything is in order, the client will contact the server once (?) per day at a specified time to check on what updates have been downloaded and APPROVED by the administrator (you).
scottie
Also, you can check the registry in the HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU -
you should see your server name listed as the SUS server...
Once everything is in order, the client will contact the server once (?) per day at a specified time to check on what updates have been downloaded and APPROVED by the administrator (you).
scottie
- Thread starter
- #6
- Thread starter
- #7
Me again.. sorry to keep bothering you on this.. when i look in the registry, i do not have a Windows update under that path listed. so im assuming the policy didnt transfer over from the server. I set the Group Policy on the folder in active directory that contains my user name.. is there something I could have done wrong or missing? Thanks again..
Tim
Tim
- Thread starter
- #9
once again, i apologize.. im new to all this stuff and trying to learn.. In active directory users and computers..my tree kinda looks like this:
COMPUTER
MIS-(user defined)
FISCAL - (user defined)
CLERICAL - (user defined)
MR - (user defined)
MH - (user defined)
My Login is under the MIS folder.. I set the group policy on that folder.. i tried to set a group policy on the "Computer" folder, but there is no option for that..
not sure what gpresult.exe does..
Tim
COMPUTER
MIS-(user defined)
FISCAL - (user defined)
CLERICAL - (user defined)
MR - (user defined)
MH - (user defined)
My Login is under the MIS folder.. I set the group policy on that folder.. i tried to set a group policy on the "Computer" folder, but there is no option for that..
not sure what gpresult.exe does..
Tim
yes, find your computer object, right click and choose to move. select the MIS OU as the target to move to...
verify that your computer object is now in the OU for the MIS department. yes --- cool...
now any object within this OU will get the policies applied to them (user and computer objects are two different things) and Group Policy can be applied to either the User or Computer object - (or both if it is complex)... anyway, once you have success in moving your computer account, reboot. then run gpresult.exe from a command prompt on the client machine. you should see your policy name "SUS Policy" listed in registry settings applied... if not, check back and we need to look at why the policy is not being applied....
verify that your computer object is now in the OU for the MIS department. yes --- cool...
now any object within this OU will get the policies applied to them (user and computer objects are two different things) and Group Policy can be applied to either the User or Computer object - (or both if it is complex)... anyway, once you have success in moving your computer account, reboot. then run gpresult.exe from a command prompt on the client machine. you should see your policy name "SUS Policy" listed in registry settings applied... if not, check back and we need to look at why the policy is not being applied....
- Thread starter
- #11
yep, if you see your SUS sever name listed in the reg, then this is where the client machine will look for updates (there are other values to tweak, but stick with the basics for now).
don't forget to approve the updates that you want to pass down from the SUS server. Server Name Here"/susadmin/ else no updates will flow down to the clients...
scottie
don't forget to approve the updates that you want to pass down from the SUS server. Server Name Here"/susadmin/ else no updates will flow down to the clients...
scottie
- Thread starter
- #13
- Status
Similar threads
- Locked
- Question
- Locked
- Question
