WSUS Policy Requriements

Ataro 26 Reputation points
2021-02-27T12:35:30.297+00:00

I have a AD environment with GPO for WSUS. I have a unique requirement, by default all systems should have WSUS service disabled. We will identify a few systems where we intend to install patches from WSUS and reboot the systems. After deployment again we need to keep the WSUS service disabled on these systems. How can I achieve this? It has to be done from GPO.

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,967 questions
{count} votes

2 answers

Sort by: Most helpful
  1. SUNOJ KUMAR YELURU 14,011 Reputation points MVP
    2021-02-27T13:57:36.747+00:00

    Hi @Ataro
    Yes, you can archive WSUS updates on windows server using gpo.

    Refer - step-by-step details Configuring WSUS on Windows Server
    install & configure WSUS in Windows Server

    If the Answer is helpful, please click Accept Answer and up-vote, this can be beneficial to other community members.

    0 comments No comments

  2. Daisy Zhou 20,471 Reputation points Microsoft Vendor
    2021-03-01T08:58:21.667+00:00

    Hello @Ataro ,

    Thank you for posting here.

    Based on the description "by default all systems should have WSUS service disabled.", what do you mean WSUS service?
    As I understand, only the server with WSUS role installed will have WSUS service via services.msc.
    72942-wsus.png

    For your request "We will identify a few systems where we intend to install patches from WSUS and reboot the systems. After deployment again we need to keep the WSUS service disabled on these systems.", if you want to these systems install patches from WSUS, you can configure the following GPO setting, then if you do not want to these systems install patches from WSUS, you can remove the following GPO setting.

    72952-wsus1.png

    For more information, we can refer to the link below.
    Step 4: Configure Group Policy Settings for Automatic Updates
    https://learn.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates

    Best Regards,
    Daisy Zhou

    0 comments No comments