"Phil Angus" <> wrote in message
news:...
> OK, so final question then. If I want manual groups, I take it I still set
> the wsus server in a GPO (and assign the GPO to all OUs), and NOT enable
> client side targeting.
Correct, in fact, you should explicitly Disable that policy setting.
> This will then point all machines to the wsus server via group policy, put
> they will all be plonked in the group "Unassigned Computers", and as long
> as I select "Use the update services console" on the wsus options, I can
> then drop computers in to the relevant groups?
Correct.
> One thing that has been slightly confusing (certainly to me) is that I
> thought the options in the console were basically; use the update services
> console if non AD and use AD if AD environment. I couldn't decide whether
> the first option was viable within an AD environment, but you seem to say
> it is and in my case probably the best option.
Yes. The short history goes like this: In the days of WSUS v2 a computer
could only belong to one group, so the choices were pretty simple -- assign
that group by policy, or from the server. Most every organization that had
AD/GPO opted to use policy-based targeting. Then WSUS v3 (2007) introduced
hierarchical groups and the ability to belong to more than one group. Now,
assigning groups by policy became a bit more complicated for complex group
assignments, and, additionally, for special case scenarios, sometimes near
difficult because of change-management procedures surrounding getting a
policy created or updated.
So now there's really three scenarios in play:
[a] Organizations without AD/GPO. They must use server-side targeting.
[b] Organizations with AD/GPO who assign all attributes via policy. They use
client-side targeting.
[c] Organizations with AD/GPO who do not use policy for group assignments.
This leaves the WSUS Administrators free to assign and reassign groups as is
operationally necessary, or as befits the complexity of the needs of the
update deployment strategies of the organization, without cluttering up, or
over-complicating, the group policy environment.
--
Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
My Blog:
http://onsitechsolutions.spaces.live.com
Microsoft WSUS Website:
http://www.microsoft.com/wsus
My MVP Profile:
http://mvp.support.microsoft.com/pro...awrence.Garvin
Similar Threads
Linear Mode
