locked
Need to patch windows system on 121 different location through WSUS using a single sever. RRS feed

  • Question

  • My firm need to patch 121 different branch location through Single WSUS server, I am bit confused how to make GPO policy for 121 different branch location. I want client system to report in their branch folder in wsus. please help me in this situation. 
    Friday, February 8, 2019 6:16 AM

All replies

  • Hello,

    First, refer to the following article to get some information about the Group Policies could applied to WSUS clients.

    Configure Group Policy Settings for Automatic Updates
    https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates

    Then I would give some explanation and advice for you situation.

    1> Those Group Policies tell clients how to interact with WUA, that means how to scan/download/install updates from WSUS. How to make GPO policy for 121 different branch location? It really depends on your network hierarchy. If all your branches are in the same domain, you could create a set of GPOs and link them to your each branch OU. If they are in the different domains, you need to create GPOs in each domain. If there are work group computers, use local Group Policy instead.

    2> To make all your clients point to the single WSUS server, just set the "Specify intranet Microsoft update service location" to your WSUS server, and make sure all you clients have the same configuration for this policy.

    3> To make your clients report in their branch folder in WSUS, we need configure and apply policy "Enable client-side targeting". It could specify a computer group name for clients which link to the policy. So you should create different GPO to target the branch group to each branch OU. Just two things need to note.

    • You need to create each branch group in the WSUS console.
    • You need to select "Use Group Policy or Registry settings on computers" in WSUS Options/Computers.

     
    Hope my answer could help you and look forward to your feedback.
     
    Best Regards,
    Ray

           

    Please remembers to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, February 8, 2019 10:11 AM
  • Hello,
     
    I noticed that you have not updated for several days. So has your issue been solved? Or is there any update?
     
    Feel free to feedback.
     
    Best Regards,
    Ray

    Please remembers to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, February 11, 2019 2:01 AM
  • Here's my 8 part blog series on How to Setup, Manage, and Maintain WSUS. Think differently - why separate them? Instead, use a ring-method to approve updates.

    https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-1-choosing-your-server-os/


    Adam Marshall, MCSE: Security
    https://www.ajtek.ca
    Microsoft MVP - Windows and Devices for IT

    Wednesday, February 13, 2019 5:07 AM