Shared WSUS server for domain and non-domain joined servers

Question

We currently have a single WSUS server in our domain that all domain-joined servers and PCs point to. For a new project, we will have a several servers that will be on the local network, but NOT domain-joined. We would like to control Windows updates on these endpoints also. Two options, Option 1 is to use the current WSUS server, create new groups for these non-domain joined devices, and edit the registry on those devices to point to the WSUS server. Option 2 is to spin up a completely new WSUS server to manage updates for these non-domain joined devices only, and keep it completely separate from the existing WSUS server. Any recommendations as to which option we go with? Any possible gotchas or drawbacks to one or the other? Curious if anyone else has something similar in their environment. Thanks.

Answer 1

Keep it simple. Use your existing WSUS server and use registry edits to make the non-domain joined systems seek updates from the WSUS server. Make it easier for you too. Run local group policy on one system and configure it the way you want it and then use regedit to export the settings for easy import into your other systems.

Answer 2

That's what we are leaning towards, but wasn't sure if there would be any issue lurking in the shadows that could cause problems for us later down the road.