Re: Patch Management GPO Question
- From: "Steve Foster [SBS MVP]" <steve.foster@xxxxxxxxxxxxx>
- Date: Wed, 22 Oct 2008 09:47:16 -0700
Lesa H. wrote:
I want to implement a patch management scheme where most of the workstations download and install patches automatically. There may be a few workstations that we shouldn't allow to restart automatically so I need to have those download and notify. Finally, I want the servers to download and notify. I know with SBS if I wanted all the workstations to install and reboot, I could apply a GPO to the SBSComputers under MyBusiness\Computers, but in my scenario this wouldn't work. I plan to link a WSUS GPO for servers to the MyBusiness\Computers\SBSServers since all the servers in the network will have the same setting.
What is the best way to use a group policy to get this setup properly? Is group policy the way to go for this or is there a better way?
SBS2003 R2 and SBS2008 have WSUS3 included, and should have appropriate GPOs in place. If you're running SBS2003 SP1, you would need to install WSUS3 for yourself, and create appropriate GPOs.
You have a couple of ways to implement finer control over the process to deal with a small number of "special cases":
* create a separate group for them within WSUS (keeps the GPO simple), or
* create separate GPOs for them, and use GPO security to restrict which GPO applies to each machine.
--
Steve Foster [SBS MVP]
---------------------------------------
MVPs do not work for Microsoft. Please reply only to the newsgroups.
.
- Follow-Ups:
- Re: Patch Management GPO Question
- From: Lesa H.
- Re: Patch Management GPO Question
- References:
- Patch Management GPO Question
- From: Lesa H.
- Patch Management GPO Question
- Prev by Date: Re: Error in Daily Server Performance Report
- Next by Date: Re: XP, SBS 2008 and another question
- Previous by thread: Re: Patch Management GPO Question
- Next by thread: Re: Patch Management GPO Question
- Index(es):
Relevant Pages
|
