question

avilavinash-2191 avatar image
0 Votes"
avilavinash-2191 asked ·

WSUS Policy Requriements

I have a AD environment with GPO for WSUS. I have a unique requirement, by default all systems should have WSUS service disabled. We will identify a few systems where we intend to install patches from WSUS and reboot the systems. After deployment again we need to keep the WSUS service disabled on these systems. How can I achieve this? It has to be done from GPO.

windows-group-policy
· 4
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

To follow-up, Please let us know if you have further query on this.
Please don’t forget to Accept the answer

0 Votes 0 ·

To follow-up, Please let us know if you have further query on this.
Please don’t forget to Accept the answer

0 Votes 0 ·

Hello @avilavinash-2191,
How are things going on your end? Please keep me posted on this issue.
If you have any further questions or concerns about this question, please let us know.
I appreciate your time and efforts.

Best Regards,
Daisy Zhou

0 Votes 0 ·

Hello @avilavinash-2191,
I just want to confirm the current situations.

Please feel free to let us know if you need further assistance.


Best Regards,
Daisy Zhou

0 Votes 0 ·
learn2skills avatar image
0 Votes"
learn2skills answered ·

Hi @avilavinash-2191
Yes, you can archive WSUS updates on windows server using gpo.

Refer - step-by-step details Configuring WSUS on Windows Server
install & configure WSUS in Windows Server

If the Answer is helpful, please click Accept Answer and up-vote, this can be beneficial to other community members.


·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DaisyZhou-MSFT avatar image
0 Votes"
DaisyZhou-MSFT answered ·

Hello @avilavinash-2191,

Thank you for posting here.

Based on the description "by default all systems should have WSUS service disabled.", what do you mean WSUS service?
As I understand, only the server with WSUS role installed will have WSUS service via services.msc.
72942-wsus.png


For your request "We will identify a few systems where we intend to install patches from WSUS and reboot the systems. After deployment again we need to keep the WSUS service disabled on these systems.", if you want to these systems install patches from WSUS, you can configure the following GPO setting, then if you do not want to these systems install patches from WSUS, you can remove the following GPO setting.

72952-wsus1.png


For more information, we can refer to the link below.
Step 4: Configure Group Policy Settings for Automatic Updates
https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates



Best Regards,
Daisy Zhou



wsus.png (357.3 KiB)
wsus1.png (36.1 KiB)
·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.