![]() In Group Policy Management, create a new GPO. Okay, so let's walk through the steps required to use Group Policy Preferences as a way to 1) set the WSUS server for client publishing, for clients that don't have the Configuration Manager client, and 2) have that setting stop being applied once the Configuration Manager client is installed.Ĭonfiguring the Group Policy Object and Group Policy Preferences In short, you should be all ready to begin using Group Policy Preferences -there's no dependency on upgrading domain controllers to Windows Server 2008 R2, or having all Windows 7 clients or later. Group Policy Preferences will work on those same operating systems, and Windows XP SP3 is also updated with the required client-side extensions. Group Policy Preferences is available from the Group Policy Management console running on Windows Server 2008 or later, and Windows Vista SP1 or later. In general, using Group Policy Preferences is a best practice in any Configuration Manager scenario where local and group policy might conflict, and you want local group policy to trump domain policy on a particular condition.Īs another example, you should use Group Policy Preferences when migrating software update operations from a standalone WSUS environment to Configuration Manager.įirst, let me provide a little background on Group Policy Preferences. This avoids the domain and local policy conflict, and allows software update point failover to work as designed. , Group Policy will NOT set the WSUS server, freeing up Configuration Manager local policy to set the appropriate software update point as needed. As an example, you can use preferences to ONLY set a specific WSUS server if the Configuration Manager client is NOT installed. Group Policy Preferences allow you to easily set conditional logic to configure specific settings. You need to use Group Policy Preferences to set the WSUS server only when the Configuration Manager client doesn't exist, or isn't running. There is a fairly easy way to apply a WSUS server for Configuration Manager client-publishing using group policy, and to still take advantage of software update point failover after the client is installed, and without an NLB dependency. How do I accomplish this without using NLB since I'm only able to set a single, logical WSUS server reference with Group Policy? That single WSUS server set through group policy will not allow Configuration Manager local policy to set an alternative software update point for failover. However, after the client is installed, I also want to take advantage of the new software update point failover design, which will allow my clients to failover to another software update point as needed. ![]() I use client publishing through WSUS and set the WSUS server through Group Policy. ![]() However, there is a fairly easy way to solve this problem, and it's outlined here. Since the domain policy is the authority, and it's binding the client to the WSUS server set for client publishing, Configuration Manager local policy used to change the software update point for failover reasons is blocked by domain policy. This is a great for assigning a WSUS server to get the client deployed, but not-so great for the new software update point failover design as it impacts a client's ability to switch software update points for failover. The problem is that the WSUS server for client publishing has to be set through Group Policy. Client publishing assumes that the Configuration Manager client does not yet exist on the clients (or has been removed), and needs to be delivered through WSUS. The most common scenario where group policy is used to set the WSUS server on computers is when you publish the Configuration Manager client through WSUS, and need to point your computers to the WSUS server to get the client. If you set a WSUS server on your clients through Group Policy for any reason, and you want to take advantage of the new software update point failover design in Configuration Manager SP1, you need to rethink how you specify a WSUS server on clients by using Group Policy. This change allows for placing software update points cross-forest, and providing fault tolerance without requiring an NLB. ![]() ![]() In System Center 2012 Configuration Manager Service Pack 1, we've added the ability to set multiple software update points per primary site. First published on CLOUDBLOGS on Mar 27, 2013 ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |