Hi, We have two wsus servers and some machine are connect to wsus 1 and some 2. All of the machines are in same OU. How do i stop these machine download updates from windows. I want them to get all updates from sccm
Very Informative, but can you show us what happened on WSUS server side after the policy has been applied ? and how to make sure the proper windows updates are being pushed now that PC is relying on the WSUS server and cannot get internet updates.
Sorry, I don't have these virtual machines in place anymore. From the WSUS server, you can set up standard 'accept' rules to automatically download and deliver updates based on their level of importance (recommended vs critical) as well as purpose (feature update vs security), etc. Using Group Policy to direct the computer to get updates from the WSUS server, the two will communicate back and forth so you can visually get a report/representation of the updates installed to the computer based on what is applicable and approved by the WSUS configuration. You can also use Group Policy and Active Directory Groups to apply different policies to different computers. As an example, you might set one rule for beta testers/users to apply updates a couple of days after Microsoft releases updates, while another rule will deliver those updates 2 weeks later to the rest of your organization.
I guess reboot is not necessary to get GPO updates. Killing kerberos ticket is enough. Command: klist purge -li 0x3e7 Adter that you can run gpupdate /force
Thanks - very good tutorial!
love everything here ....thanks for sharing
good work!!
very helpful thank you
Thank you. I have idea like improve my WSUS.
nice job!
Hi, We have two wsus servers and some machine are connect to wsus 1 and some 2. All of the machines are in same OU. How do i stop these machine download updates from windows. I want them to get all updates from sccm
Very Informative, but can you show us what happened on WSUS server side after the policy has been applied ? and how to make sure the proper windows updates are being pushed now that PC is relying on the WSUS server and cannot get internet updates.
Sorry, I don't have these virtual machines in place anymore. From the WSUS server, you can set up standard 'accept' rules to automatically download and deliver updates based on their level of importance (recommended vs critical) as well as purpose (feature update vs security), etc. Using Group Policy to direct the computer to get updates from the WSUS server, the two will communicate back and forth so you can visually get a report/representation of the updates installed to the computer based on what is applicable and approved by the WSUS configuration. You can also use Group Policy and Active Directory Groups to apply different policies to different computers. As an example, you might set one rule for beta testers/users to apply updates a couple of days after Microsoft releases updates, while another rule will deliver those updates 2 weeks later to the rest of your organization.
I guess reboot is not necessary to get GPO updates. Killing kerberos ticket is enough.
Command: klist purge -li 0x3e7
Adter that you can run gpupdate /force