Our Network Admin, who toughed it out for 3 months here, setup a virtual WSUS server and added Group Policy to enforce a WSUS policy on about 1/3 of our workstations. The virtual WSUS server has since been removed, but the policy is still preventing users from getting updates from Windows Update — says it's being controlled by the domain.
Question is: How do I remove all pointers to the non-existent WSUS?
There are a few WSUS GPOs in Group Policy Management, and there is a WSUS object in AD Users & Computers, with all the of the systems it's set to control inside. I tried dragging these workstations back to Computers, but Windows Server 2008 gave a warning about
things "not working as they were designed" if I did this. I'd rather that statement not apply to our entire domain 😉
So… drag computer objects? unlink policies? delete policies? What's the right way to go about this?
Thanks.
Best Answer
The "not working the way they were designed" thing is a generic warning that occurs when you drag and drop in ADU&C, it's nothing to do with WSUS. You can avoid it by right-clicking and selecting "Move". I've never seen any negative impact from it anyway.
As others have said, just hunting down those WSUS policies and dealing with them in your preferred manner is the way to go. If I was you though I'd build a new WSUS box and point them at it instead.