Thanks. I've been experimenting and I've narrowed things down. To establish that GPO settings are getting passed down from the domain controller to the PCs, I selected a setting I figured was old and probably present back to WinXP. I selected "Remove the Desktop Cleanup Wizard" in "User Configuration - Administrative Templates - Desktop"
I enabled this and then went to both XP and Win7 PCs in the OU and executed gpupdate /force and rsop.msc. This setting reliably could be turned on and off without problem. However, when I enabled "Specify intranet Microsoft update service location" in "Computer Configuration - Administrative Templates - Windows Update", the setting would not appear on either XP or Win7 PCs that worked with the Desktop Cleanup Wizard. Based on this, I have to believe that I have an issue with my version of Active Directory. Our Domain Controller is running Windows 2003 R2 Std. SP2. I checked and HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\System Schema Version = 31. This corresponds with Windows 2003 R2. I'm confused. Why would the WSUS GPOs be available to configure on our domain controller and yet not be propogated out to the member PCs? ---------------------- Bob Hartung Wisco Industries, Inc. 736 Janesville St. Oregon, WI 53575 Tel: (608) 835-3106 x215 Fax: (608) 835-7399 e-mail: bhartung(at)wiscoind.com _____ From: Ben Scott [mailto:[email protected]] To: NT System Admin Issues [mailto:[email protected]] Sent: Tue, 01 Feb 2011 15:31:05 -0600 Subject: Re: WSUS - XP Clients not getting GPO settings On Tue, Feb 1, 2011 at 3:24 PM, Bob Hartung <[email protected]> wrote: > When I setup XP PCs to get the WSUS GPO config, they continue to access the > MS Windows Update website. Use GPRESULT (CLI) or RSOP.MSC (GUI) to make sure the policy is actually applying properly. This applies even for the machine-local GPO. Check C:\Windows\WindowsUpdate.log for clues. > Am I missing some kind of optional Windows XP update to make this work? We don't have to install anything special to get XP SP3 to honor our WSUS GPO. The GPO settings we use are: Computer Config -> Admin Templates -> Windows Components -> Windows Update Config Auto Updates = Enabled, 4 (Auto download & schedule install), 0 (Every day), 4:00 AM Specify intranet service location = Enabled, http://foo [where "foo" is the name of our WSUS server] Reschedule installs = 60 minutes No auto-restart = Disabled Auto Update detect freq = 22 hours Allow immediate install = Enabled -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
