Windows Server - Company merger scenario - two seperate WSUS

Asked By IanRowle on 08-Oct-08 08:59 AM
I have the following scenario:

Company A & Company B have merged. They each have their own WSUS services.

Comp A's is configured for manual approvals and a large variety of update
types & software.

Comp B's is configured for automatic approval/install of OS critical and
security updates only.

They are effectively on the same network and there is a trust between the
two AD forests.

The plan is for everything to eventually migrate to Comp B. Can Comp A just
change the GPO to point to the WSUS server in Comp B? My reading so far
suggests not. If not, then how to "migrate" clients to WSUS in Comp B?
Bearing in mind this is before any AD migration - that's a headache for
another time!

Any help, info or tips appreciated



Lawrence Garvin replied on 08-Oct-08 10:42 AM
Absolutely. The auto-approval rules of Company B are applied by GROUPNAME.
The auto-install rules are applied by POLICY.

As long as you create the Company A GROUPNAMEs on the Company B WSUS Server,
it is as simple as redirecting the clients to the new server.

Remember this: WSUS knows *nothing* about Active Directory or AD/domain

Group Policy is used merely as a mechanism for loading configuration data
into the registry of the client.

Once the client is configured, the WSUS Server and the client are oblivious
to the presence or absence of Active Directory.

Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)

MS WSUS Website:
My Websites:;
My MVP Profile:
IanRowle replied on 08-Oct-08 11:07 AM
thanks for the quick reply

clearly i misunderstood a couple things;)