+ Reply to Thread
Results 1 to 12 of 12

Thread: WSUS question

  1. Old git
    Join Date
    Nov 2008
    Location
    UK
    Posts
    44

    Certifications
    Network+, MCP 70-270 , MCP 70-290. MCP 70-291 - studying right now...
    #1

    Default WSUS question

    The lab I was following had me set up WSUS 2 on Win2K3 and use the default domain GPO to set up the client side of things. So what happens now to updates for the server itself? is that now considered a client? If so how come it doesn's show up in the Computers list. If not then how come it's Automatic Updates applet is disabled, like the workstation clients are?
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Oct 2008
    Posts
    492
    #2
    Is your server a domain controller as well? have you checked the default domain controllers policy?

    run an rsop.msc and see what policies have applied to it.

    I haven't used the default domain policy for this, it doesnt sound right to me.

    I have used the wuau policy template and linked each of these policies to different ou's.

    For example, if you had a sales ou and you wanted to deploy IE7 to all computers in sales, then you wouldn't want to use the default domain policy as it will affect all computers.
    create a gpo for the computer target group you want and link that to the ou of your choice.

    try having a policy for each computer group in wsus.

    just my thoughts.....
    Reply With Quote Quote  

  4. Senior Member someeh's Avatar
    Join Date
    Sep 2008
    Location
    Bronx, NYC
    Posts
    142

    Certifications
    A+,Network+, MCP Certified, 290, 291 in progress
    #3
    Quote Originally Posted by NozzaC View Post
    The lab I was following had me set up WSUS 2 on Win2K3 and use the default domain GPO to set up the client side of things. So what happens now to updates for the server itself? is that now considered a client? If so how come it doesn's show up in the Computers list. If not then how come it's Automatic Updates applet is disabled, like the workstation clients are?

    When enabling client side targetting you must give a target group name. This group name will also have to be created in the Update Services console, you must specify the server's HTTP://servername and all the appropiate settings afterwards.
    You need to create a new GPO for this and is not recommended to use the Domain Default Policy. You need to load the wuau.adm template as well. Once you have all that in place do a gpupdate on your clients and in the Computer group you will see your clients snycing up including the server.
    Reply With Quote Quote  

  5. Its all smoke and mirrors dales's Avatar
    Join Date
    Jan 2008
    Posts
    223

    Certifications
    vExpert 2014+2015, VCP5-DT,VCP3+5, CCE-V, CCE-AD, CCP-AD ,CCEE, CCAA XenApp, CCA Netscaler,Xenapp 6.5,Xendesktop 5 & Xenserver 6,MCSA, MCDST, MCP, A+
    #4
    Yes because every computer within that domain sucks in the default domain policy the wsus server also becomes a client and will update itself accordingly. Of course that is fine for a rlab environment (and recommended so it doesnt get too complicated to start with) but in the real world your likely to come into problems with that.

    You'd normally have a test wsus gpo, and apply new updates to a number of computers to make sure it doesnt bring the network and applications crashing down around your ears. I believe updates to servers are generally done manually unless you have lots of them.
    Kind Regards
    Dale Scriven

    Twitter:dscriven
    Blog: vhorizon.co.uk
    Reply With Quote Quote  

  6. Old git
    Join Date
    Nov 2008
    Location
    UK
    Posts
    44

    Certifications
    Network+, MCP 70-270 , MCP 70-290. MCP 70-291 - studying right now...
    #5
    OK so that makes sense.

    I'm not sure it actually working yet though. When I run a report on the status of my client computers all the updates show up as status "unknown". I don't think any actual updates are happening?
    Reply With Quote Quote  

  7. Old git
    Join Date
    Nov 2008
    Location
    UK
    Posts
    44

    Certifications
    Network+, MCP 70-270 , MCP 70-290. MCP 70-291 - studying right now...
    #6
    Got it working now thanks. It just needed a bit of time.

    I'm going to upgrade my WSUS 2 to 3 now and see how that changes things. The book unfortunately only covers v2.
    Reply With Quote Quote  

  8. Senior Member someeh's Avatar
    Join Date
    Sep 2008
    Location
    Bronx, NYC
    Posts
    142

    Certifications
    A+,Network+, MCP Certified, 290, 291 in progress
    #7
    Quote Originally Posted by NozzaC View Post
    Got it working now thanks. It just needed a bit of time.

    I'm going to upgrade my WSUS 2 to 3 now and see how that changes things. The book unfortunately only covers v2.
    V3 is a snap in console... it's pretty straight forward.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Oct 2008
    Posts
    492
    #8
    if you want to check how the client pc is doing, go to c:\windows\windowsupdate.log and check it is reporting properly.

    also, run wuauclt /detectnow from client pc to force it to look for updates from wsus.
    Reply With Quote Quote  

  10. Old git
    Join Date
    Nov 2008
    Location
    UK
    Posts
    44

    Certifications
    Network+, MCP 70-270 , MCP 70-290. MCP 70-291 - studying right now...
    #9
    Thanks guys - good stuff. SUS is not something I've had practical experience of so it's new to me.

    V3 is a lot slicker isn't it? I wonder why they went with that IIS website UI in the first place?
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Oct 2008
    Posts
    492
    #10
    yep its miles better, just wish the reporting was a little better.... but... it's free so cant moan!
    Reply With Quote Quote  

  12. Senior Member someeh's Avatar
    Join Date
    Sep 2008
    Location
    Bronx, NYC
    Posts
    142

    Certifications
    A+,Network+, MCP Certified, 290, 291 in progress
    #11
    Quote Originally Posted by mrmcmint View Post
    yep its miles better, just wish the reporting was a little better.... but... it's free so cant moan!
    I figured out the reporting features, it is a lot clearer once you are guided in the right direction.
    What part of the reporting do you feel needs improvement?

    NozzaC
    Thanks guys - good stuff. SUS is not something I've had practical experience of so it's new to me.

    V3 is a lot slicker isn't it? I wonder why they went with that IIS website UI in the first place?

    IIS website was required in V2 since it was web based.
    Reply With Quote Quote  

  13. Its all smoke and mirrors dales's Avatar
    Join Date
    Jan 2008
    Posts
    223

    Certifications
    vExpert 2014+2015, VCP5-DT,VCP3+5, CCE-V, CCE-AD, CCP-AD ,CCEE, CCAA XenApp, CCA Netscaler,Xenapp 6.5,Xendesktop 5 & Xenserver 6,MCSA, MCDST, MCP, A+
    #12
    Yes I've found that the initial adding of computers takes a while I suppose the machines register themselves with wsus first then at the next check cycle then looks for updates. But patience or wuauclt.exe /detectnow works wonders
    Kind Regards
    Dale Scriven

    Twitter:dscriven
    Blog: vhorizon.co.uk
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks