You could specify a GPO to override the WSUS setting and force the Win 8 machines to get their updates direct from Microsoft Servers:
- Setup a new Organizational Unit to target with the GPO: Create a Windows8 group under the Active Directory and move your Win8 machines into it.
- Create a new GPO called WSUS Win8 or similar then under Computer Configuration; Policies; Administrative Templates; Windows Components; Windows Updates change:
- Configure Automatic Updates Properties: Select Enabled and Auto download and schedule the install” then set a time to install. Remember to ensure this is after the WSUS server’s update schedule (see above).
- Specify intranet Microsoft update service location: Disabled
- Remove the link to the new GPO from the domain level (click on the domain then right click the link and delete).
- Right click the Windows8 Organizational Unit and 'Link existing GPO', choose WSUS Win8
- Use Group Policy Modeling to test the outcome is as the settings above.
- Force the GPO update on the client: Gpupdate
- Try Windows Update again
UPDATE: I found using OUs was too prescriptive e.g. I couldn't move my domain controllers into a new OU from Domain Controllers OU so instead I used Groups to achieve the same result:
- In Active Directory Users and computers, [Domain name], Computers: create two new Groups: Win2008 and Win2012
- Add the relevant computers to their respective groups.
- Setup the GPOs to apply to the relevant groups: In the Scope remove Authenticated Users and add Domain Users and the Win2008 Group
NB: User Domain Users not Authenticated Users as the latter includes all computers.
Use Group Policy Modelling Wizard to check your results. The applied GPOs are listed under: Summary, Computer Configuration Summary, Group Policy Objects, Applied and Denied GPOs.
No comments:
Post a Comment