setting up OU structure


  • Guys,

    When installing Wsus, how should i setup my OU structure and link and create the policy's?
    Should i create a test ou structure for testing the patches for every os? If so, how should i get the approved patches to the production workstation and servers? 

    2018년 5월 8일 화요일 오전 6:37

모든 응답

  • there is really no need to change your OU structure in this case: you can use WSUS client side targeting feature to group computers into "WSUS computer groups" and then approve updates to pre-production group prior to deploying them for all client computers.

    Here is a simplified example of what you can do:

    Create a "common update settings" GPO that specifies WSUS location, update schedule and other update options. Link this policy to OUs containing your client computer accounts, so that the policy will apply to all clients.

    Create a security group for "test clients". Manually add test computers to this group.

    Create a pre-production update GPO, link it to computer OUs and use security filtering to limit GPO scope to "test clients" group. Turn on "Windows Update\Enable client-side targeting" policy. Type inn computer group name, for example "Pre-production". Create Pre-production group in WSUS. Computers that are members of the "test computers" security group will now automatically appear in pre-production group in WSUS. When new updates arrive, you can first approve them for pre-production group only. Once tested, updates can be approved for all computers group.


    2018년 5월 8일 화요일 오전 9:26
  •  Any thanks for the reply. Do you know if some decent blogs exist or tutorials about wsus and setting up ou's?
    2018년 5월 17일 목요일 오후 2:23
  • My blog on June 1st will have a guide on how to setup, manage, and maintain WSUS. Reply back on June 1st so that I remember to post the URL.

    Adam Marshall, MCSE: Security
    Microsoft MVP - Windows and Devices for IT

    2018년 5월 18일 금요일 오전 2:02