OU's and Group Policy - MS Patch Deployment

  • Thread starter Thread starter David Reed
  • Start date Start date
D

David Reed

Hi There,

I am relatively new to AD, and am interested in doing the following:

Setting up Organizational Units, by department, so that I can push out MS
Patch updates via Group Policies, and have some of the OU's automatically
install and reboot after the patches are installed, and other OU's NOT
automatically reboot, but just push the updates out and hold until they are
manually rebooted.

The reason for this is that we are also a laboratory, and restarting some
computers while testing is going on will cause significant problems,
including damage to some of our proprietary hardware, which we build
in-house.

Can anyone point me to articles or white papers on how to do what I'd like
to do, or, if this is an impractical approach, offer an alternative?

Best Regards,
David
 
You should take a look at "Software Updates Services" from Microsoft. You
can build an SUS server and then have it push the updates out to your
W2K/XP/2k3 boxes for you. You configure through GPO's also. It works very
well and I would recommend it.

PHilip Nunn
 
Hi Philip,

Actually, I've had SUS running for about a year, maybe longer, now.

This is my issue: I have all our computers currently in one OU. That means
if I want to do, what I want to do, when the updates are installed, the
systems will automatically restart. HOWEVER, because of the nature of a
large percentage of systems on our network, if those systems (test systems
with proprietary hardware in them) are restarted without the proprietary
hardware being turned OFF first, it will badly damage our proprietary
hardware.

So what I need is a seperate group (policy?) for computers that CAN be
rebooted automatically, and those that can't, and can only have the updates
pushed out and installed, but have to be restarted manually.

And since I am inexperienced with OU's and GP's, I need some guidance...

Thanks,

David
 
Read the post titled Re: Loading service packs for multiple OS's thru same
policy

as you should be able to use security groups with the gpo.
 
I noticed today when I checked my SUS log that MS has a SP4 for Win2k
available through SUS updates now.

Pretty nifty.

Check your SUS log for today (and if you don't see it, re-sync and check
again)...it wasn't there this morning, but I manually synced just for kicks
a little while ago and got it by suprise. :)

David
 
Back
Top