Hello all, I just wondered if it is possible in WSUS to have it turned on, but to only windows update one group of computers and leave the others off, whilst we test it. Is this possible and if so how?
Cheers
Printable View
Hello all, I just wondered if it is possible in WSUS to have it turned on, but to only windows update one group of computers and leave the others off, whilst we test it. Is this possible and if so how?
Cheers
You use group policy to tell your windows clients to use the local WSUS server rather than the microsoft online one.
SO as long as you apply that policy to one OU of machine then it will only apply to them
Yes, you could just auto-prove updates for a test group in WSUS, then manually approve updates for other groups in WSUS manually when you're ready.
Take a look at Client-side targeting. This involves setting up groups on WSUS then you apply settings via GPO to tell computers which group to join, you can then apply different approvals to the groups e.g. Test Group and General Group and so on.
wsus - Creating Target Groups
What I've done in my environnement is Target Group and Sub-Group.
So I create a group named Server and one named IT. Under IT, I've created another group named "Users".
Initially the only PCs hook up to the server were the IT one. I then approved many and many updates that I didn't want to re-approve for normal User. When beta-testing was over, I start adding User's PCs to the "User" group. So they automatically got the updates by heritance from the IT group.
Now, when I wanna test an update before to release it to everyone, I approved it for IT but I block the heritance for this particular update. If everything's fine after a week, I reinstate the heritance of the approval.
Bill