You could run a startup script that would detect their subnet, run a reg key
to apply their computers to the 'internal' group, then on shutdown another
script would run, placing them back into the 'VPN' group...
You may have to include some code in both scripts to stop/restart automatic
update service to force the WU agent to recognize the change.
This might require modifying their GPO to not apply a target group setting,
as the GPO would override the reg change. In which case, you would need to
have an OU that would contain only the laptop/traveling computers.
You could then write your startup script to detect if the third octet of
your subnet is 0, then apply computer to internal group, if third octet is
10, then apply computer to VPN group. This is very simplistic, but in
essence, it should do what you want.
Rob
"Ben" <> wrote in message
news:...
> Hi,
>
> We've been using WSUS, for the past year, to update all our servers and
> clients. I have setup 3 groups to organise all our computers, 'Servers',
> 'Office Internal' & 'VPN Clients'. Now when I approve updates, I set
> 'Servers' and 'Office Internal' to always 'Install', so they are updated
> automatically, but 'VPN Clients' usually get 'Detect Only', as I don't
> want huge amounts of updates being piped down our VPN connect to dozens of
> VPN users. However, some of the remote users are people with laptops, who
> may come in to the office occasionally. Is there anyway to automatically
> set their group to 'Office Internal' when they're on site, but 'VPN
> Clients' when they are dialling-in? It's a shame there isn't some way to
> configure different subnets as groups, i.e. everything on 192.168.0.x is
> internal and gets updates installed, and everything on 192.168.10.x is VPN
> and only detects!
>
> Any advice greatly appreciated
>
> Ben
>
|
Similar Threads
Linear Mode
