Applying separate WSUS policies to each domain controller within single domain? (Network Steve Forum)

Applying separate WSUS policies to each domain controller within single domain?

OK here is what I am trying to accomplish. I have policies created for use with WSUS. I want to use a separate policy for each domain controller to determine a different scheduled install time so they do not all restart at the same time when updates are applied. My issue is by default all domain controllers are located in the Domain Controllers OU. I have read several articles that say you do not want to remove domain controllers from this OU. I also read another article which said it is OK to create new OU's underneath the domain controllers OU and place the domain controllers into the respective OU. I do not want to cause any issues on our domain by moving a domain controller. Does any currently have something similar to this working and if so would you please share how you have it setup? I need to set policy on each individual domain controller for windows updates so they update on a differing schedule Thanks in advance.

October 27th, 2011 8:03am

Hi, To achieve this goal, you can use Security filtering. 1. Create a WSUS GPO and link it to the Domain Controllers OU. 2. Highlight the GPO, on the right pane -> Scope tab -> Security Filtering, remove Authenticated Users group includes both users and computers. 3. Add the name of the DC that you want to apply this GPO to the Security Filtering. Then, this GPO will only apply to the DC you added and you do not need to separate them into different OUs. For more information, please refer to: Security filtering using GPMC http://technet.microsoft.com/en-us/library/cc781988(WS.10).aspx Hope this helps. Regards, Bruce

Free Windows Admin Tool Kit Click here and download it now

November 2nd, 2011 10:21pm

November 3rd, 2011 5:09am

This topic is archived. No further replies will be accepted.