SUS and Group Policy

TheMSsForum.com: The Microsoft Software Forum

Things seem to be working right but I think I might have
broken a few rules
to get there...

Here's what I did.

After installing SUS on our SBS2K I made a new OU
directly below the
"company.local" domain in Active Directory
called "Workstations". I then
moved all the client PC's that I wanted to be updated (ie
all but the server
and a remote client) out of the "Computers" default
container in Active
directory and into the Workstations OU. (This is where I
think I may have it
wrong). I then made a new GPO for the Workstations OU and
set windows update
to automatically download and install updates. I made a
seperate GPO in the
Domain Controllers OU for the server that just auto
downloads and notifies
when ready to install.

Although all the workstations have taken on the policy
(Windows Update
settings are reflecting the policy settings and are
greyed out) I'm thinking
that I shouldn't have moved the client PCs from the
Computers default
container in active directory. Should I have made a group
within the
Workstations OU and added the client computers to this
group? If so, should
it be a security group or a distribution group (whats the
difference)?

Thanks in advance,

Ryan
Top

Re: SUS and Group Policy by Mark

Mark
Mon Nov 10 20:26:33 CST 2003

security group - permissions
distribution group - email
you could have done a domain wide policy for all but what you did was fine
to separate. Don't add computers to groups, just users.

--
Sincerely,
Mark Mancini, CCA, CCNA, Master CIW&CI, CNE 4&5, MCSE+I 4&2000
www.MCSE2000.com
www.AppLauncher.com



"Ryan Boyes" <ryanb@NOSPAM-apcoengineering.com> wrote in message
news:069601c3a7f8$920428e0$a301280a@phx.gbl...
> Things seem to be working right but I think I might have
> broken a few rules
> to get there...
>
> Here's what I did.
>
> After installing SUS on our SBS2K I made a new OU
> directly below the
> "company.local" domain in Active Directory
> called "Workstations". I then
> moved all the client PC's that I wanted to be updated (ie
> all but the server
> and a remote client) out of the "Computers" default
> container in Active
> directory and into the Workstations OU. (This is where I
> think I may have it
> wrong). I then made a new GPO for the Workstations OU and
> set windows update
> to automatically download and install updates. I made a
> seperate GPO in the
> Domain Controllers OU for the server that just auto
> downloads and notifies
> when ready to install.
>
> Although all the workstations have taken on the policy
> (Windows Update
> settings are reflecting the policy settings and are
> greyed out) I'm thinking
> that I shouldn't have moved the client PCs from the
> Computers default
> container in active directory. Should I have made a group
> within the
> Workstations OU and added the client computers to this
> group? If so, should
> it be a security group or a distribution group (whats the
> difference)?
>
> Thanks in advance,
>
> Ryan
>


Top

Re: SUS and Group Policy by Dave

Dave
Tue Nov 11 10:32:34 CST 2003

FWIW, that's exactly what I did, right down to the name of the OU (except I
still do everything manually on the servers). Been working perfectly for a
couple of months now.

Someone in this group commented that automatically deploying software to
workstations will only work if the workstations are in the "Computers"
container. However, I will just create the computer in Computers, deploy
the software (modem sharing, etc.), then move it to the Workstations OU.
Especially since SP's now install with SUS, I don't plan to roll out
software that way after the initial setup anyway.


"Ryan Boyes" <ryanb@NOSPAM-apcoengineering.com> wrote in message
news:069601c3a7f8$920428e0$a301280a@phx.gbl...
> Things seem to be working right but I think I might have
> broken a few rules
> to get there...
>
> Here's what I did.
>
> After installing SUS on our SBS2K I made a new OU
> directly below the
> "company.local" domain in Active Directory
> called "Workstations". I then
> moved all the client PC's that I wanted to be updated (ie
> all but the server
> and a remote client) out of the "Computers" default
> container in Active
> directory and into the Workstations OU. (This is where I
> think I may have it
> wrong). I then made a new GPO for the Workstations OU and
> set windows update
> to automatically download and install updates. I made a
> seperate GPO in the
> Domain Controllers OU for the server that just auto
> downloads and notifies
> when ready to install.
>
> Although all the workstations have taken on the policy
> (Windows Update
> settings are reflecting the policy settings and are
> greyed out) I'm thinking
> that I shouldn't have moved the client PCs from the
> Computers default
> container in active directory. Should I have made a group
> within the
> Workstations OU and added the client computers to this
> group? If so, should
> it be a security group or a distribution group (whats the
> difference)?
>
> Thanks in advance,
>
> Ryan
>


Top