WSUS configuration Setting from Group Policy

Confiugre group policy setting for WSUS create a new group policy ( Dont edit default Domain Contorller group policy)

Creating a new group policy for WSUS

1. From Domain Controller go to Active Directory user and computer

2. Right click on your Organization unit and select properties

3. Click the Group Policy Tab then click open

4. Right click on Group policy object and create a new Group Policy for WSUS (example: WSUSUPDATE)

5. Then Drag the WSUSUPDATE to your organization unit or your domain to link with OUs or Domain.

6. For configure Group Policy for WSUS we must ensure that the latest administrative template has been loaded on the computer used to administer Group Policy (Wuau.adm)

To add the WSUS Administrative Template

a. Right click on newly crated group policy(WSUSUPDATE) and select edit

b. From Group Policy Object editor right click administrative templates nodes and click Add/Remove Template ( For Computer configuration and User Configuration).

c. Click add

d. From Policy Template dialog box select Wuau.adm and then click Open

e. Then close add remove templates

Create a new group for WSUS Update

1. Create a new group to manage user updates and add user in this group ( You can make different group for manage user for WSUS update, exam: WSUSUser/WSUSServer etc)

2. Add this group in Group WSUS Group policy

a.  Click WSUSUpdate (Group Policy for WSUS)

b. In Security filtering add all the groups you crated for WSUS update. exmp: add WSUSUser and WSUSServer

Configure Automatic Update

1. Right click on Group Policy then click edit

2. From Computer configuration click Administrative template then click windows componetnt then click windows update

3. From Windows Update Setting

a. Enable this setting and fix configure automatic updating schedule date and time for user.

b. Enable Specify intranet Microsoft update service location Properties and type the HTTP(S) URL of the same WSUS server in the Set the intranet update service for detecting updates box and in the Set the intranet statistics server box. For example, type http(s)://servername in both boxes. or IP address of your WSUS server exmp: 

c. Then Enable Client-side targeting propeties and write group name (you crated for WSUS update) in Target group name for this computer exmp: WSUSUser

Configure WSUS Server setting:

1. Add all the user group you crated for WSUS update in

d. Then enable Automatic Update detection frequency Properties.

Except above four setting  you can enable or disable any other setting as your requirement if needed.

WSUS Server Setting for Group Policy

1. From WSUS Server open Mircorsoft Windows Server Update Services

2. Expand the templates form right pane of Update Services

3. Right click on All computers from Computers and Add Computer Group ( Same Group Name which you created for WSUS update exmp: WSUSUser and WSUSServer

4. Click the option and then click computer and select user group policy or resistry on computers

After doing all the process you can run WSUS from Group Policy


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: