0

I am trying to set up a group policy (Under Windows Server 2003) so that staff computers will point to a WSUS server for Windows update, while computers in another group (IT & Test group) will update from the Microsoft site.

I have set up two policies and from what I can see it should work.

However unless I have the WSUS server specified in "Specify Intranet Microsoft Update Service" in the global policy the staff computers (All XP Pro) still download updates from the Microsoft site. If I do put the intranet site in the global policy then the test group won't download from Microsoft.

I would be very grateful for any assistance as I can't see why it is doing this.

I have a document showing the settings as they are just now, but the forum won't allow me to post pictures and will only allow one link. The quality of the file at the below link isn't great. But if anyone can help I can send them a copy of settings.

Pierre.Vriens
  • 1,159
  • 34
  • 15
  • 19
user48318
  • 21
  • 3

1 Answers1

1

When you say group do you really mean OU? If not then that's the problem. You need to group these computers into different OU's and apply a separate GPO to each OU with the appropriate Windows Update settings in each GPO.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • Sorry I should have said, yes, the Staff and IT Staff "groups" are separate OUs. Users are then assigned to the OU depending on what permissions they need. The default domain policy applies to both OUs, but the IT or Staff policy on the container is above it in the hierarchy. Other policies like hiding the control panel in the staff policy but showing it in the IT one work as expected, but Windows update just doesn’t. – user48318 Aug 20 '10 at 11:27
  • My suggestion would be to run gpresults against one of the affected users logged on to one of the affected machines and see which policy settings are being applied and from which policy. – joeqwerty Aug 20 '10 at 12:12