Different policy for different sites

Discussion in 'Update Services' started by Bhoogs, Jul 1, 2005.

  1. Bhoogs

    Bhoogs Guest

    We have 2 sites in our domain. I wanted to setup 2 policies for each site. 1
    policy to have unassigned/all comupters to have an AU policy and another
    having a target group use a different AU policy. I've tested different
    scenarios and all scenarios does not pickup the policy I created using a
    target group.
    Bhoogs, Jul 1, 2005
    1. Advertisements

  2. Bhoogs

    JeffG Guest

    There is no direct integration with Active Directory in WSUS. So, you
    can't affect the "target groups" in WSUS directly with a group policy
    - the policies only affect the machine by it's location in AD.

    To get at your results, you would have to create an "unassigned" group
    (OU) in AD, match the membership to what WSUS shows in the unassigned
    category, and apply the policy at OU level. Your "another" group
    would have to be the same - OU created through AD, policy applied at
    that OU, and computer members moved to the OU to match the membership
    in your WSUS target group "another".

    However, the "All Computers" group is going to contain members of
    every target group anyway by WSUS design - and the machine accounts
    can't exist in multiple OU's in AD - so I see no way to use the "all
    computers" group and still have a different policy apply to the ones
    that are in a different OU (or a different target group in WSUS).

    If I've misunderstood the question, (or you've misunderstood the
    answer!) let the group know.
    JeffG, Jul 1, 2005
    1. Advertisements

  3. Bhoogs

    kj Guest

    Just not enough information to say if it's possible or not, but a WMI
    filtered Group Policy /might/ be able to achieve the results he's looking
    for - if I understand his intent. If there's some intent to keep any
    computers out of the WSUS "All computers" group then that's not going to

    kj, Jul 1, 2005
  4. Bhoogs

    Steve Musser Guest

    Try applying your policy on the site level. Works just fine for me. However,
    I am running an update server for each of those respective sites/subnets.
    Otherwise let all the workstations go into the "unassigned group in for
    computers in the console. Then create individual groups as move them as you
    like. For example on of my setups I have six different groups and then
    manage detect, install, etc. from there. Works good.

    Steve Musser, Jul 1, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.