Shared WSUS server for domain and non-domain joined servers

Bill Clark 181 Reputation points
2021-06-22T17:03:58.737+00:00

We currently have a single WSUS server in our domain that all domain-joined servers and PCs point to. For a new project, we will have a several servers that will be on the local network, but NOT domain-joined. We would like to control Windows updates on these endpoints also. Two options, Option 1 is to use the current WSUS server, create new groups for these non-domain joined devices, and edit the registry on those devices to point to the WSUS server. Option 2 is to spin up a completely new WSUS server to manage updates for these non-domain joined devices only, and keep it completely separate from the existing WSUS server. Any recommendations as to which option we go with? Any possible gotchas or drawbacks to one or the other? Curious if anyone else has something similar in their environment. Thanks.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,169 questions
0 comments
Accepted answer
  1. Adam J. Marshall 8,706 Reputation points MVP
    2021-06-22T17:25:55.273+00:00

    Keep it simple. Use your existing WSUS server and use registry edits to make the non-domain joined systems seek updates from the WSUS server. Make it easier for you too. Run local group policy on one system and configure it the way you want it and then use regedit to export the settings for easy import into your other systems.

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bill Clark 181 Reputation points
    2021-06-22T18:42:50.797+00:00

    That's what we are leaning towards, but wasn't sure if there would be any issue lurking in the shadows that could cause problems for us later down the road.

    0 comments