Managing Computer Groups

The heart of WSUS management is the capability to target updates to groups of client computers. WSUS provides a mechanism to help you ensure that the right computers get the rights updates at the right time. In fact, computer groups ensure that client computers receive their updates in a consistent manner on an ongoing basis. Computers will always belong to two groups. Every computer belongs to the All Computers group. However, they will also belong to the Unassigned Computers group until you...

Disconnected Networks

Image Disconnected Process

If your organization includes WSUS servers on disconnected networks, you can follow a two-step export and import process (see Figure 9.4) to update those replica servers.This process requires additional management overhead, but it does guarantee update consistency between all WSUS servers however, there can be a high degree of lag time for this type of asynchronous synchronization. Good planning will optimize the process and minimize the time it takes to synchronize WSUS servers on disconnected...

Using the REG Command for a Quick Display of Client Setup

The quickest way to identify WSUS client settings is to create a simple script file that can be used to query the registry keys you are interested in, and pipe them to the console for quick review. This can be used for troubleshooting purposes or for random audits of your WSUS clients, to make sure that you are not having GPO inheritance, blocking, or conflict problems. To remotely query your WSUS computer's registry, you need the reg.exe command-line utility, which is part of the Windows...

Applying WSUS for Clients Manually

Windows Update Services Name

The process for applying changes to use SSL manually on clients is not as easy as changing it on a GPO.To address various client types, the following procedure assumes a Windows 2000 client 2. Next, open the registry editor.Type regedit in the Run window. 3. Drill down into the tree to the following subkey WindowsUpdate. 5. In the main window, the following keys appear (Default), WUServer, and WUStatusServer (see Figure 8.16). 6. Open the WUServer and WUStatusServer keys one at a time, and...

Using Client Side Targeting

By using client-side targeting, WSUS can figure out how to assign computers to different groups by looking at Group Policy or Registry keys on each machine to automatically collect computers into a group. Client-side targeting saves you the trouble of manually adding computers, moving them around in groups, and generally resorting to tedious administrative methods. To enable this, use Group Policy to configure the AU software on each computer. Enable the client-side targeting option by clicking...

Local Machine Registry

Regardless of the front end, almost all software configurations ultimately end up manipulating the Windows registry for final client configuration commitments. That being said, you can edit the registry directly to configure your WSUS-specific client configuration needs. In situations where Group Policy is not available due to the lack of an active Directory domain and where configuring local policy becomes too tedious because of each logical machine visit, a few scripting techniques might help...