Windows Update policy not being applied

G

Guest

Hello,

I have installed a WUS server in our environment and created a GPO to manage
windows updating.

Creating the GPO couldn't have been easier and I used the 10/14/2004
wuau.adm that came with WUS.

Now my problem. As simple as this should be, the GPO is not applying to
PC's that log in. The GPO sits in the OU where the user accounts are and its
applied to any authenticated user (and is linked). I have another GPO in
there for redirected folders and its working fine configured in the same
fashion. I don't know what I am missing. Its super straightforward and I
have the first 5 WU categories all populated with information, but when I log
in as a user, the local WU settings are as they were before. I've searched
all over the internet and I can find a million links on creating the GPO but
none on troubleshooting if it doesn't work.

There has to be an obvious reason why its not applying, but I can't see it.

Thoughts? Thanks!
 
G

Glenn L

There absolutely is an obvious reason the policy fails to apply.
The GPO settings that control WU behaviour are under the computer node of
the GPO.
Therefore you must link the GPO to the OU container that holds your computer
objects and NOT your user objects.

Settings under the computer node apply to computers.
Settings under the user node apply to users.
 
G

Guest

Thanks Glenn,

After a little more reading in the resource kit, this was becoming more
apparent.

One question though, all my computer objects import into the Computers
container... Its not a true OU where you can hang a GPO. Am I understanding
correctly what I am reading in that the computer objects have to be in an OU
where the GPO can either be linked or be inherited? In other words, these
computer objects sitting in the container are not going to have the GPO
(thats at the top level of the domain) applied to them.

Now if that is the case, is there a way to force computers to register into
an OU of my preference? Seems odd that by default Microsoft has computers
import into a container that you can't apply a GPO too.

Thanks Glenn!
 
G

Glenn L

You can either link your windows update GPO to the domain.
This will cause all computers to apply the policy. Workstations, servers,
domain controllers.

Or you can create a new OU and move all workstations from the computer
container into the new OU. You can highlight multiple computers and bulk
move them using the contxt menu.
If you are using the W2K3 admin pak, you can drag and drop the computer
accounts into the new OU.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Some parts of Windows 2008 GPO not applied for some users 1
GPO IE Zone Mapping issue on TS 2
GPO not applying 1
Help needed with W2K3 Group Policy not being applied at user logon 11
removed authenticated users but no policy applied 1
group policy still applied after removed 1
GPO not being applied 1
Group policy not being applied 2

Top