Once all Sites are visible, you can simply right click the Site name and link the GPO that contains the WSUS server address to that Site. You should now have Group Policy handing out WSUS server addresses based on the Site that the computers is currently in.If you find things are not working as expected, you can use the handy tool (resultant set of policy) and the command nltest /dsgetsite to find out to which Site a computer currently belongs.Very useful tip found on the internet : how to update a computer group membership without a reboot ?If, like me, you use Group Policies and apply them on computer account using security groups, you notice these GPOs do not apply with a simple First solution to the problem explained above : reboot.The Group Policy Client will then contact a domain controller.As the Kerberos cache is empty, the computer will have to deal with the domain controller to get a new Kerberos token.For reference we will be using some of the commands outlined here.
If you’ve just got all computers in a single location, it’s pretty easy to point all of your clients at your WSUS server via Group Policy.
Instead of showing that policy applied, when I run "GPResult /F /H report.html" in the File Server machine, the only policy applied is the "Default Domain Policy", which has some settings inside the "Computer Configuration" section but not at the keys I configured.
That GPO is linked to the domain root, affecting only to the "Authenticated users" group. Edit: Now I have removed the "My Servers Group" and configured the "Group Policy Modelling Wizard".
This will ensure that computers roaming between Sites will automatically switch to the local WSUS server saving you bandwidth and headaches.
Before you begin, you’ll need to make sure your AD Sites are configured correctly.