Configure WSUS Computer Groups
Difficulty Level: Intermediate
The WSUS Console provides a very useful method to organize your computers. You can easily create Computer Groups to segment which computers get which approved updates. For example, you may want your workstations to receive an update that you do not want your servers to receive. So, you create a Workstations and Servers Computer Group.
To add a Computer Group, right-click All Computers > Add Computer Group...
Enter a Name and click Add.
Here is how I have my Computer Groups. Another example is you could have Production Servers and Test Servers then have Test Servers get the latest and greatest where Production is a month behind to ensure patch compatibility with your applications.
You can then manually add computers to a Computer Group by right-clicking the computer object under Unassigned Computers and click Change Membership... and selecting the desired Computer Group(s).
Alternatively, you can automate adding computers to Computer Groups by using Group Policy WMI filters or based on Active Directory Organizational Unit. By default all computers are added to the Unassigned Computers group. To change this click Options then Computers.
Select Use Group Policy or registry settings on computers and click OK.
Create a new Group Policy object and navigate to Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update. Enable the setting called Enable client-side targeting and enter the name of the Computer Group the computers who will receive this GPO will be joined to.
Lastly, you can create this policy on each Organizational Unit to have them automatically placed in a specific Computer Group.
Approve Updates
Post a Comment