Default Domain Policy and Domain Controllers SUS settings

  • Thread starter Thread starter ira_dorman
  • Start date Start date
I

ira_dorman

Hi,

Basically I want to assign windows update settings for
all workstations but not member servers or Domain
controllers. I would like the workstations to
automatically download and install patches from an
Software update server I have set up in our domain and
reboot (if necessary). However, I don't want the servers
doing this. I want to do them manually, for obvious
reasons. My question is dothe settings under >Default
domain Policy >Administrative Templates\Windows
Componenets\Windows Update. also apply to domain
controllers?

Thanks for your help.
 
My question is dothe settings under >Default
domain Policy >Administrative Templates\Windows
Componenets\Windows Update. also apply to domain
controllers?
Click to expand...


The default domain policy applies to the entire domain. To use SUS only on
client computers, move the computers into their own OU. Apply the SUS GP to
this OU only.

hth
DDS W 2k MVP MCSE
 
If settings are configured in the default domain policy they will override
the policy settings in the default Domain Controllers policy if the settings
are not defined in the default DC policy. If the setting is defined in the
Default DC policy then those settings will override any setting that are
configured in policies from above. In order to prevent the setting from
applying to the domain controllers you will need to define the settings in a
policy that is applied to the DC OU.


--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Thank you for your reply. Just so I understand Could I
specify the settings in the default domain policy and
then specify a different setting in the DC policy
settings?
 
Thank you. I appreciate your answer that is begining to
look like the best course of action.
 
That is correct. Those settings will override the settings from above
unless you have marked no override on a policy from above.

--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
I face the same case mentioned below. I created an new OU,
and add a new group policy to apply the SUS settings under
the new OU. However, I found that when I logon into the
client workstation, the group policy dose not work at all.
According to SUS deployment guide. The client's local
registry should add a new entry which point to the local
SUS server. But I cannot found the entry.

The group policy's behaviour is very strange
under "computer component" part. It seems only afect the
new computer member only. As I tested. All the existing
computers (workstation) are not respond to the group
policy.

Why this happen?
 
Back
Top