Hi There,

I am relatively new to AD, and am interested in doing the following:

Setting up Organizational Units, by department, so that I can push out MS
Patch updates via Group Policies, and have some of the OU's automatically
install and reboot after the patches are installed, and other OU's NOT
automatically reboot, but just push the updates out and hold until they are
manually rebooted.

The reason for this is that we are also a laboratory, and restarting some
computers while testing is going on will cause significant problems,
including damage to some of our proprietary hardware, which we build
in-house.

Can anyone point me to articles or white papers on how to do what I'd like
to do, or, if this is an impractical approach, offer an alternative?

Best Regards,
David


--
David Reed
Nework Administrator
(E-Mail Removed)

It is possible to achieve what you are asking. Just put them in separate
OU's and apply the SUS group policy accordingly.
See:
http://support.microsoft.com/default...b;en-us;810796

hth
DDS W 2k MVP MCSE

"David Reed" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi There,
>
> I am relatively new to AD, and am interested in doing the following:
>
> Setting up Organizational Units, by department, so that I can push out MS
> Patch updates via Group Policies, and have some of the OU's automatically
> install and reboot after the patches are installed, and other OU's NOT
> automatically reboot, but just push the updates out and hold until they
are
> manually rebooted.
>
> The reason for this is that we are also a laboratory, and restarting some
> computers while testing is going on will cause significant problems,
> including damage to some of our proprietary hardware, which we build
> in-house.
>
> Can anyone point me to articles or white papers on how to do what I'd like
> to do, or, if this is an impractical approach, offer an alternative?
>
> Best Regards,
> David
>
>
> --
> David Reed
> Nework Administrator
> (E-Mail Removed)
>
>

You can keep the client from automatically rebooting by specifying that
option in the windows update policy if you are using SUS. It is discussed
in the following article. You will need SUS SP1 for this.

328010 How to Configure Automatic Updates by Using Group Policy or Registry
http://support.microsoft.com/?id=328010

--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


"David Reed" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi There,
>
> I am relatively new to AD, and am interested in doing the following:
>
> Setting up Organizational Units, by department, so that I can push out MS
> Patch updates via Group Policies, and have some of the OU's automatically
> install and reboot after the patches are installed, and other OU's NOT
> automatically reboot, but just push the updates out and hold until they
are
> manually rebooted.
>
> The reason for this is that we are also a laboratory, and restarting some
> computers while testing is going on will cause significant problems,
> including damage to some of our proprietary hardware, which we build
> in-house.
>
> Can anyone point me to articles or white papers on how to do what I'd like
> to do, or, if this is an impractical approach, offer an alternative?
>
> Best Regards,
> David
>
>
> --
> David Reed
> Nework Administrator
> (E-Mail Removed)
>
>

Tim Hines [MSFT] wrote:
> You can keep the client from automatically rebooting by specifying that
> option in the windows update policy if you are using SUS. It is discussed
> in the following article. You will need SUS SP1 for this.
>
> 328010 How to Configure Automatic Updates by Using Group Policy or Registry
> http://support.microsoft.com/?id=328010
>

I got it now, I think I'm all set.

I guess, and this I didn't know, that you have to apply the GP to each OU?

For example, I thought I could make a GPO in

TOPOU
+ADMIN

And have it apply to all of these:

+ADMIN
+FINANCE
+IT
+SUPPORTSTAFF
+ETC

And it would automatically inherit to all below ADMIN.

Guess not, huh?

I couldn't figure out why the updates I was approving weren't going out,
even though I created the policy in +ADMIN !!!

David

"blip" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Tim Hines [MSFT] wrote:
> > You can keep the client from automatically rebooting by specifying that
> > option in the windows update policy if you are using SUS. It is
discussed
> > in the following article. You will need SUS SP1 for this.
> >
> > 328010 How to Configure Automatic Updates by Using Group Policy or
Registry
> > http://support.microsoft.com/?id=328010
> >
>