Moving Remote Computers Between Groups Automatically

[Ben]

Hi,

We've been using WSUS, for the past year, to update all our servers and
clients. I have setup 3 groups to organise all our computers, 'Servers',
'Office Internal' & 'VPN Clients'. Now when I approve updates, I set
'Servers' and 'Office Internal' to always 'Install', so they are updated
automatically, but 'VPN Clients' usually get 'Detect Only', as I don't want
huge amounts of updates being piped down our VPN connect to dozens of VPN
users. However, some of the remote users are people with laptops, who may
come in to the office occasionally. Is there anyway to automatically set
their group to 'Office Internal' when they're on site, but 'VPN Clients'
when they are dialling-in? It's a shame there isn't some way to configure
different subnets as groups, i.e. everything on 192.168.0.x is internal and
gets updates installed, and everything on 192.168.10.x is VPN and only
detects!

Any advice greatly appreciated

Ben

 

[maximillianx]

You could run a startup script that would detect their subnet, run a reg key
to apply their computers to the 'internal' group, then on shutdown another
script would run, placing them back into the 'VPN' group...

You may have to include some code in both scripts to stop/restart automatic
update service to force the WU agent to recognize the change.

This might require modifying their GPO to not apply a target group setting,
as the GPO would override the reg change. In which case, you would need to
have an OU that would contain only the laptop/traveling computers.

You could then write your startup script to detect if the third octet of
your subnet is 0, then apply computer to internal group, if third octet is
10, then apply computer to VPN group. This is very simplistic, but in
essence, it should do what you want.

Rob