"Take Aim, Even Badly" 🙂

How to configure clients to pull updates from a WSUS server through Group Policy Management

image 748657

 
Open Group Policy Management (above).
 
Drill down to the Organizational Unit containing the computers you would like to configure this for. This is a Computer Policy so no need to apply this to any OU containing Users. Right-click and choose Create a GPO in this domain, and Link it here…
 
image 749866
 
Name it.
 
image 750460
 
Click OK. Drill down to Computer Configuration –> Policies –> Administrative Templates –> Windows Components –> Windows Update.
 
image 751183
 
Here are some of my settings. Notice the setting called Enable client side targeting. This is where you name the target group that these computers are listed under in the WSUS console.
 
image 752062
 
The most important one is the one that tells your computers where your WSUS update server is.
 
Scroll down to find Specify intranet Microsoft update service location. Enter your WSUS server’s Fully Qualified Domain Name (FQDN) followed by the port number. I set them both the same. The default port is 8530.
 
ex. server.ad.mycompany.com:8530
 
image 753140
 
That’s it. You should see the Group Policy Object (GPO) that you just created in the Organizational Unit. Assuming you’ve properly organized your computers into this group, once your clients do a Group Policy Update, they should begin pulling updates from the WSUS server you set up. You can also force a Group Policy update on the clients by opening a command prompt and typing ‘gpupdate’.