Changing WSUS default domain policy
Maybe a really silly question
A WSUS policy was set on the default domain policy which encompasses servers and workstations(not ideal) the server that this policy points to no longer exists and I have already built a brand new WSUS server ready to roll, main goal as well as updates, is to accomodate Forefront AV auto updates.
I want to either remove the entry in default domain policy (and create a new GPO with the new WSUS server to apply to PCs - servers i will rather handle manually for updates)
Or change the existing entry to point to the new WSUS server, however, that does not give me two seperate policies for servers or workstations?
I'm mindful however, if i remove the existing default domian policy WSUS setting my servers might revert to download updates automatically with interesting consequences!
Also am I right in saying even if the GPO points the machines to the correct WSUS server it wont apply updates until I assign these machines to a WSUS group and approve updates in the host WSUS server(this would be ideal, i want some control and only want the workstations updated by WSUS for now. Ie Servers can sty in the unassigned group. For example.
Hope this makes sense but i guess my piority is to get worstations PCs to automatically update forefront definitions from WSUS server for easter, and do windows updates that are approved in seperate WSUS groups. Servers i would rather be manually done for now.
Any advice ould be appreciated.