Difference between revisions of "Active Directory/Documentation/Configuring Domain Computers"
m |
m |
||
| Line 1: | Line 1: | ||
'''''I've updated my <OU>-OU Policy to the new target server and specified a 'Normal' target group for the 'client-side targeting' setting. But it seems clear to me that I also need to connect to the production WSUS server and create my target group(s) and add computers to those groups as I see fit. Is that correct?''''' | '''''I've updated my <OU>-OU Policy to the new target server and specified a 'Normal' target group for the 'client-side targeting' setting. But it seems clear to me that I also need to connect to the production WSUS server and create my target group(s) and add computers to those groups as I see fit. Is that correct?''''' | ||
| − | All you need to do is | + | Do NOT set the name of the central server in your OU Policy -- we set this up centrally. If you set it locally, and then we change the servername, your computers will not be automatically updated. All you need to do is set the correct target group in your GPO (the group the computer is in is defined by the GP applied to it). |
| − | + | All you need to do is drop GPOs throughout your OU that point the computers in each sub-OU to the group you want them in. So you might define "ECE-Normal" at the top of your OU, then override it as "ECE-Servers-Late" at the top of your Servers sub-OU. The servers would see this setting and the rest of your computers would request to be in your 'normal' group. | |
As we sit here managing the servers, we're told whenever a computer talking to the server requests to be placed in a computer group that doesn't exist. We create that group and place it in the correct hiearchy -- based on those early/normal/late tags. | As we sit here managing the servers, we're told whenever a computer talking to the server requests to be placed in a computer group that doesn't exist. We create that group and place it in the correct hiearchy -- based on those early/normal/late tags. | ||
Latest revision as of 10:49, 31 March 2009
I've updated my <OU>-OU Policy to the new target server and specified a 'Normal' target group for the 'client-side targeting' setting. But it seems clear to me that I also need to connect to the production WSUS server and create my target group(s) and add computers to those groups as I see fit. Is that correct?
Do NOT set the name of the central server in your OU Policy -- we set this up centrally. If you set it locally, and then we change the servername, your computers will not be automatically updated. All you need to do is set the correct target group in your GPO (the group the computer is in is defined by the GP applied to it).
All you need to do is drop GPOs throughout your OU that point the computers in each sub-OU to the group you want them in. So you might define "ECE-Normal" at the top of your OU, then override it as "ECE-Servers-Late" at the top of your Servers sub-OU. The servers would see this setting and the rest of your computers would request to be in your 'normal' group.
As we sit here managing the servers, we're told whenever a computer talking to the server requests to be placed in a computer group that doesn't exist. We create that group and place it in the correct hiearchy -- based on those early/normal/late tags.
How do I connect to the production WSUS server? I installed the WSUS snap-in and attempted to connect but I was denied access.
You'll not be able to connect to the actual servers -- only the WSUS Admins can do this.