none
WSUS Targeting

    Question

  • Hi all,

    I reviewed some forum topics before posting but none of them actually refer to my question.

    I have WSUS environment with multiple OU's for computers. Let's say:

    - Computers

        - Site 1

        - Site 2

        - Site 3

    At the moment I have the default group policy assigned at Computers level to provide WSUS settings for all OUs inside, apart for the client side targeting. Then I have one additional policy per OU (Site 1, Site 2, Site 3) which then targets computers with this OU to the specific WSUS group and it's all working perfectly fine.

    Since I have about 20 OUs to manage, I ended up with 20 different targeting group policy objects, obviously one per OU.

    Is there any possibility to create the top level group policy which will move clients from different OUs to specific groups based on their OU or something else? In my opinion, this would not be possible because the group policy setting is not complex enough to know which PC's should go to which OU, therefore we need to apply per OU basis however I thought I'll ask anyway.

    Wednesday, November 11, 2015 9:08 AM

Answers

  • 1. Use Powershell for your task. There is special forum aiming at Powershell.

    2. For WSUS there is special forum. Perhaps you can discuss here your infrastructure from the point of view of optimal WSUS function.

    3. In GPO you can use filtering to achieve part of your task. I have divided groups of computers into specific OU. This was simple for small environment and small number of versions of operating systems and applications.

    Perhaps you will obtain answer faster if your description were better structured.

    Regards

    Milos

    Thursday, November 12, 2015 9:39 AM

All replies

  • Anybody?
    Thursday, November 12, 2015 9:08 AM
  • 1. Use Powershell for your task. There is special forum aiming at Powershell.

    2. For WSUS there is special forum. Perhaps you can discuss here your infrastructure from the point of view of optimal WSUS function.

    3. In GPO you can use filtering to achieve part of your task. I have divided groups of computers into specific OU. This was simple for small environment and small number of versions of operating systems and applications.

    Perhaps you will obtain answer faster if your description were better structured.

    Regards

    Milos

    Thursday, November 12, 2015 9:39 AM
  • Hi,

    Group Policies can be linked to Sites, Domains, or OUs, the local Group Policy object is applied first, then domain-linked ones in specified order, and lastly organizational unit-linked Group Policy objects beginning at the highest (in Active Directory hierarchy) organizational unit containing the user or computer account and ending with the lowest (closest to the user or computer) organizational unit containing the user or computer.

    So, you may create GPO on domain. You create a computer group that computers applicate same GP of WSUS, then, you could add the computer group to security filtering.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, November 13, 2015 9:30 AM
    Moderator