1

I am trying to find out if this scenario is possible, here is the situation:

We have several remote sites that can have their own WSUS server and force the clients to connect via the subnet they are on. We also have lots of remote or field users that often never come into the office but do VPN in.

I want my in office people to get their updates from WSUS, and my field/remote users to get updates from WU. If for some reason my field/remote users are in the office, id like them to hit the WSUS server. Can someone point me in the right direction?

We're running Server 2008 R2 and would like to achieve this via Group Policy if possible.

HopelessN00b
  • 54,273
Kyle G
  • 11
  • 1

1 Answers1

2

The bit about having remote users contact Windows Update might require a bit of effort, depending on how your VPN is set up, but the rest is very possible. It's pretty easy to use GPOs to assign different WSUS servers to client at different AD sites, and AD sites are defined by subnet. So assuming that's all configured properly, this is a fairly simple task. Basically, you just create a GPO for each site to define the appropriate WSUS server, and link it to the appropriate OU.

As to your VPN users, that depends on how the VPN is configured, and if VPN users have their own site or OU in Active Directory. If not, it may be worth considering setting one up for your VPN users to make this easier to accomplish.

HopelessN00b
  • 54,273