I would like to configure WSUS so that employees arrive in main location they use WSUS to download stuff, and when they are in other locations (different locations / home etc) they use Windows Updates.
It was suggested in this question to use subnets/locations
to do that. This is fine solution however we decided that only about 10-15 computers will get automatic installation of updates
, and rest will get an update/download
only information.
So we're in situation where we should use a combination of GPO for Location and GPO for OU based (the automatic guys will get their own OU).
Is there a way to configure the windows clients so that WSUS will take it's information from 2 GPO's? Also what about Home
/ customers locations where we don't know the subnets
? Can we somehow configure GPO so that computer when outside of known subnets/locations
will turn on another GPO using Windows Updates from Microsoft but keeping our "choice" of automatic download vs download-only (depending on employee).
We choose to install everything for backoffice employees and download-only for programmers (which is 90% of company).
Best Answer
You need multiple GPOS.
As far as connecting to WU, You need to have a company policy that remote users VPN in at some interval, to facilitate updates. create a replica server in your DMZ with no content so the systems will get the content from the microsoft update servers (so you won't need to be connected to the VPN to get the updates