Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×

Computers not taking WSUS policy


Recommended Posts


I have a policy created for my new WSUS install, which contains basically all endpoint client computers. All the GPO does is set the update interval and point to my intranet WSUS server.

The issue I am having is that I created a security group in AD which contains all of my endpoints that I plan on pointing to the WSUS server, but only a handful of my approximately 50 endpoints are actually picking up the policy.

I had read somewhere that this could be a DNS issue, so I checked there. There were duplicate entries for my DC, but removing the duplicates did not change anything.

Also, to be clear I used Computers, not Users in the group. I had made that mistake already.

Link to comment
Share on other sites

what OS is running on the endpoints?

for XP run gpupdate /r then gpresult on the endpoint

for windows 7 or 8, from an elevated command line run gpupdate /r then a gpresult

you should see your group policy listed in the resulting list of group policies applied to the machine. If not run a group policy modeling wizard from the GPMC console on one the machines that should be getting the policy.

at that point you may have to turn on verbose logging on the machine for GPO if it applying but reciving the settings.

Link to comment
Share on other sites

Gpupdate didnt do anything, that is part of the reason I was worried. BUT the systems started to fill in. It just took two days.

Upon researching why it appears this particular type of policy requires a full reboot, and two at that. One to initiate the change and one to apply it is how I read it described.

They also suggested requiring full network credentials instead of cached credentials but I did not do that because many of our users use laptops, and i did not want to potentially stop offsite logins. (Computer config -> Policies -> Adm. Templates -> System -> Logon -> 'Always wait for the network at computer startup and login')

Sorry to waste your time! At least this may help someone else who is in panic mode like I was.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Create New...