Win Upd local computer policies vs. AD policies

Discussion in 'Windows Update' started by rick, Nov 14, 2003.

    I am trying to deploy SUS across a Win 2000 domain. Most
    of the member machines will be able to use the Windows
    Update settings defined in the OU group policy which will
    install updates daily. However, some development
    machines will need unique control over which updates they

    Since I already have a dozen or so OU's containing
    computers, I don't really want to double that number by
    splitting those OU's into automatic daily updates vs.
    user-defined updates. Plus many of those machines are
    rebuilt and renamed frequently and it would be difficult
    to keep up with which OU they belonged to.

    What I wanted to do was to apply the automatic daily
    update schedule across the whole domain as a non-
    mandatory policy and allow development machines to
    configure their own local computer policy to override the
    OU policy. So far every time I try the OU policy wins
    out over the local policy. Is there a way to allow local
    policies to override non-mandatory domain/OU policies?
    Or is there another way to accomplish what I am wanting?

    Thanks for your help.
    rick, Nov 14, 2003
  2. OU policies are applied last and thus "wins".

    Is it possible to set "No Override" on the policy you want
    to take effect?

    Could you add the desired Group Policy to individual
    Computer Accounts with No Override?

    Kind Regards,
    Frank Thingholm
    Frank Thingholm, Nov 14, 2003
