Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account



Photo

Computers not taking WSUS policy


  • Please log in to reply
2 replies to this topic

#1
Cyrius

Cyrius

    Newbie

  • Member
  • 41 posts
  • Joined 10-October 11
  • OS:Windows 7 x64
  • Country: Country Flag
Hi,

I have a policy created for my new WSUS install, which contains basically all endpoint client computers. All the GPO does is set the update interval and point to my intranet WSUS server.

The issue I am having is that I created a security group in AD which contains all of my endpoints that I plan on pointing to the WSUS server, but only a handful of my approximately 50 endpoints are actually picking up the policy.

I had read somewhere that this could be a DNS issue, so I checked there. There were duplicate entries for my DC, but removing the duplicates did not change anything.

Also, to be clear I used Computers, not Users in the group. I had made that mistake already.


How to remove advertisement from MSFN

#2
fizban2

fizban2

    MSFN Addict

  • Super Moderator
  • 1,900 posts
  • Joined 14-April 05
  • OS:Windows 7 x64
  • Country: Country Flag
what OS is running on the endpoints?

for XP run gpupdate /r then gpresult on the endpoint

for windows 7 or 8, from an elevated command line run gpupdate /r then a gpresult

you should see your group policy listed in the resulting list of group policies applied to the machine. If not run a group policy modeling wizard from the GPMC console on one the machines that should be getting the policy.

at that point you may have to turn on verbose logging on the machine for GPO if it applying but reciving the settings.

#3
Cyrius

Cyrius

    Newbie

  • Member
  • 41 posts
  • Joined 10-October 11
  • OS:Windows 7 x64
  • Country: Country Flag
Gpupdate didnt do anything, that is part of the reason I was worried. BUT the systems started to fill in. It just took two days.

Upon researching why it appears this particular type of policy requires a full reboot, and two at that. One to initiate the change and one to apply it is how I read it described.

They also suggested requiring full network credentials instead of cached credentials but I did not do that because many of our users use laptops, and i did not want to potentially stop offsite logins. (Computer config -> Policies -> Adm. Templates -> System -> Logon -> 'Always wait for the network at computer startup and login')

Sorry to waste your time! At least this may help someone else who is in panic mode like I was.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users