• Announcements

    • xper

      MSFN Sponsorship and AdBlockers!   07/10/2016

      Dear members, MSFN is made available via subscriptions, donations and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, become a site sponsor and ads will be disabled automatically and by subscribing you get other sponsor benefits.

Computers not taking WSUS policy

3 posts in this topic


I have a policy created for my new WSUS install, which contains basically all endpoint client computers. All the GPO does is set the update interval and point to my intranet WSUS server.

The issue I am having is that I created a security group in AD which contains all of my endpoints that I plan on pointing to the WSUS server, but only a handful of my approximately 50 endpoints are actually picking up the policy.

I had read somewhere that this could be a DNS issue, so I checked there. There were duplicate entries for my DC, but removing the duplicates did not change anything.

Also, to be clear I used Computers, not Users in the group. I had made that mistake already.


Share this post

Link to post
Share on other sites

what OS is running on the endpoints?

for XP run gpupdate /r then gpresult on the endpoint

for windows 7 or 8, from an elevated command line run gpupdate /r then a gpresult

you should see your group policy listed in the resulting list of group policies applied to the machine. If not run a group policy modeling wizard from the GPMC console on one the machines that should be getting the policy.

at that point you may have to turn on verbose logging on the machine for GPO if it applying but reciving the settings.


Share this post

Link to post
Share on other sites

Gpupdate didnt do anything, that is part of the reason I was worried. BUT the systems started to fill in. It just took two days.

Upon researching why it appears this particular type of policy requires a full reboot, and two at that. One to initiate the change and one to apply it is how I read it described.

They also suggested requiring full network credentials instead of cached credentials but I did not do that because many of our users use laptops, and i did not want to potentially stop offsite logins. (Computer config -> Policies -> Adm. Templates -> System -> Logon -> 'Always wait for the network at computer startup and login')

Sorry to waste your time! At least this may help someone else who is in panic mode like I was.


Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.