Using Computer Groups

Computer groups are an important part of the most basic WSUS systems. Computer groups enable you to target updates to specific sets of computers that share some common criteria. WSUS ships with two default groups, called All Computers and Unassigned Computers. When each client computer initially contacts the WSUS server, the server adds it to both these groups. Of course, it is very likely that you will want to create your own computer groups, since you can control the deployment of updates much more granularly with them. For example, you can create a group named Test that contains some lab machines.You can initially deploy a new patch to the test group, and then, once you have verified the patch works on those machines, roll it out to other groups. Since there is no limit to the number of custom groups you can create, you can also block off machines into departments, function, roles, or any other denominator you wish to use.

Remember that computer group membership is not distributed throughout a replica group that you create. In other words, you always have to load client computers into computer groups. It is possible that not all the sites in your organization require the same computer groups, in which case you should have a sufficient number of computer groups on the administered server to satisfy the needs of the rest of the organization. Computers at different sites can be moved into a group appropriate for the site. Meanwhile, computer groups inappropriate for a particular site remain empty.

Setting up computer groups takes three steps. First, specify whether you intend to use server-side targeting, which involves manually adding each computer to its group by using WSUS, or client-side targeting, which involves automatically adding the clients by using either Group Policy or registry keys. Next, create the computer group on WSUS. Finally, move the computers into groups using whichever method you chose in the first step.

This section talks about server-side targeting, since it's the most likely method you will use.

To specify that you will use server-side targeting to select members of computer groups:

1. In the console toolbar, click Options, and then click Computer Options.

2. Click Use the Move computers task in Windows SUS in the Computer Options box.This is shown in Figure 5.7.

3. Within Tasks, click Save settings and then click OK to confirm your selection.

Figure 5.7 Server-Side Targeting

Figure 5.7 Server-Side Targeting

Next, create a computer group. In this example, we will create the Test group mentioned earlier in this chapter:

4. In the console toolbar, click Computers.

5. Within Tasks, click Create a computer group.

6. Enter test into the Group name box (see Figure 5.8) and then click OK.

Figure 5.8 Creating a Computer Group

Figure 5.8 Creating a Computer Group

Finally, add a machine to that group.You will need to follow the instructions within the client-side portion of this chapter to get the AU software deployed, which will populate the WSUS console with a list of available computers. Once that's done, follow these steps to add a machine to a group:

1. In the console toolbar, click Computers.

2. In the Groups box, click the All Computers group and then click the computer you want to move into the Test group.

3. Under Tasks, click Move the selected computer, and then select the Test group and click OK to perform the move (see Figure 5.9).

Figure 5.9 Adding a Machine to the Computer Group

Figure 5.9 Adding a Machine to the Computer Group

Repeat until you have a group structure appropriate to your network and deployment methodology.

Was this article helpful?

0 0

Post a comment