We're introducing WSUS inside our network in one bigger location but our company have mutliple small offices. Our people move a lot so I would like them to use WSUS when inside main location and in other places where WSUS will be available and Windows Updates from Microsoft directly when they are roaming in our small satellite sites.
I found out that if I would like clients to use WSUS based on location they are in you have to use more or less following steps:
- Enable Round Robin and Netmask Ordering in the properties of your DNS server.
- Choose a DNS name for WSUS. For instance, wsus.example.com
- Create an A record in DNS for each WSUS server. Call them all wsus.example.com or whatever you have chosen as the DNS name. Give each new A record an IP address of each WSUS server.
- Use the DNS name you have created, wsus.example.com or equivalent, to configure group policy or otherwise distribute the WSUS server setting to the clients.
- Clients will now use the round robin in DNS to resolve the nearest WSUS server.
Could I use this methodology and add a new DNS record (wsus.example.com) in our small offices where WSUS is not available and point it to http://windowsupdate.microsoft.com? Will clients wanting WSUS server recognize it as Remote WSUS and get updates from Microsoft thinking it's their WSUS server? Or will it simple fail? (hope that's not too confusing).
Is there any other solution I could use for this?
Edit. We came up with another idea. If we point updates.microsoft.com in our DNS to WSUS will clients use WSUS when being locally or clients will not treat wsus as Windows Updates from Microsoft? This would actually be nice solution if it works..
Best Answer
Why such convoluted circumventions ?
Just create a group policy that sets a WSUS server and apply it only to the computers in the subnet/site that you want to use WSUS for.