Problem with SUS policy

[Dende]

Hi, I have some problem with SUS policy on client side.
I have set on the server in the policy (Computer Configuration section,
Administrative Templates, Windows Components, Windows Update) the
appropriate configuration. When a client join the active directory
domain for the first time, the windows update policy are set correctly
but if after I modify this policy on the client, this client never
takes the policy set on the server.
Who can help me?

Thanks and sorry for my bad english

 

[Ryan Hanisco]

Dende,


Remember that a local policy will override a domain policy. So, if you make
a change there, the domain policy will not take effect. You shoudl do this
at the Domain or OU level and leave it as such.

 

[Cary Shultz [A.D. MVP]]

Ryan,

Maybe I am missing something. But the pecking order is local, Site, Domain,
OU.....

So, in a situation where there is a common setting that has conflicting
settings the Site-based GPO should override a local-based GPO. And, a
Domain-based GPO should override a Site-based GPO etc. etc. etc.

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com

 

[Dende]

Ryan,

Maybe I am missing something. But the pecking order is local, Site, Domain,
OU.....

So, in a situation where there is a common setting that has conflicting
settings the Site-based GPO should override a local-based GPO. And, a
Domain-based GPO should override a Site-based GPO etc. etc. etc.

Yes, I understand but if I set a policy domain and after i change this
policy on a local pc, the policy domain don't override the local policy...

 

[Cary Shultz [A.D. MVP]]

Okay,

Not what I would expect. You might want to post this to the SUS news group.
That would be the microsoft.public.softwareupdatesvcs news group. They
might be able to get to the bottom of this rather quickly.

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com

 

[Ryan Hanisco]

Cary,

You, right as usual... and here is the article to prove it.
http://www.microsoft.com/technet/pr...elp/5e45bb2f-49dc-4a5a-86bb-46b3fdb8db56.mspx

I have my loopback processing set to merge -- which is what I was working
with all day. At the end of the day and coming right from that, I guess I
was a bit biased. I guess I'll stop answering questions when I'm tired.
<G>

Ryan

 

[Cary Shultz [A.D. MVP]]

Don't do that! Keep on answering questions. Nobody is perfect. Some are
closer than others, though! And make no mistake, I am not one of them! ;-)

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com

 

[Cary Shultz [A.D. MVP]]

Actually, I should be a little bit more specific in my response. Sending
you off to the SUS news group is kinda chicken on my part.

If there is a local policy that has a setting conflict with a Domain-level
policy and the local policy is 'winning' then I would suggest that the
Domain-level GPO is not being applied. Well, that would be the quick
assessment.

What have you done in the way of checking to see what is going on here?
There could be several things.

One of them is that the client PC is authenticating against a DC and that DC
is not replicating with the others. Probably not the case here but it is a
possibility. Have you use GPOTool or GPResult? If this is a WIN2003
environment have you looked at RSoP? That is a really neat tool ( and I
have played with it only once or twice ).

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com