Endpoint Services, WSUS, Configuring WSUS Clients

How to configure clients to use the Technology Services WSUS Service.

Systems

Windows Server Update Services (WSUS)

Affected Customers

University of Illinois IT Pros leveraging Technology Services Windows Server Update Services (WSUS)

General Information

Group Policy Objects (GPOs) can be used to configure client computers to use the Technology Services WSUS service, and to determine which updates they will receive.

Clients will need to be on-campus, or use the VPN, in order to receive GPO policies; however, they do not subsequently require use of the VPN to access the WSUS service while off-campus.

Security-Provided GPOs

The EPS team and the Technology Services Security group together maintain a relatively extensive list of GPOs that IT Pros can apply to their AD OUs in order to simplify the process of configuring clients to utilize the EPS WSUS service. Follow these steps to link one or more of these existing policies to an OU:

    1. Open the Group Policy Management Console
    2. Right-click on the OU you'd like to link to a WSUS GPO
    3. Click Link Existing GPO
    4. Search for the desired WSUS GPO(s):
    • DEPT_UseCITESWSUSServer_3AMUpdate_Security
    • DEPT_UseCITESWSUSServer_9AMUpdate_Security
    • DEPT_UseCITESWSUSServer_5PMUpdate_Security
    • DEPT_SetWSUSGroup-Upgrades_Security
    • DEPT_SetWSUSGroup-Upgrades10only_Security
    • DEPT_SetWSUSGroup-AllServicePacks_Security
    • DEPT_SetWSUSGroup-AllUpdates_Security
    • DEPT_SetWSUSGroup-AppServicePacks_Security
    • DEPT_SetWSUSGroup-Baseline_Security
    • DEPT_SetWSUSGroup-OSServicePacks_Security

Creating Your Own GPOs

For IT Pros who choose to create their own WSUS GPOs, the following client-side targeting groups are configured on the EPS WSUS server and may be used to determine which updates clients will receive. Updates that are classified by Microsoft as Critical, Definition, or Security updates are auto-approved for immediate release; all other updates are held until Thursday morning.

    • All Updates: This group will receive all updates from Microsoft including all of the critical updates, definitions, and security updates with the exception of driver updates.

    • Application Service Packs: This group will receive all of the critical updates, definitions, and security updates in addition to service packs for applications.

    • OS Service Packs: This group will receive all of the critical updates, definitions, and security updates in addition to service packs for the Operating System. Additionally, this group will receive updates for Internet Explorer as well as the .NET framework due to their thorough integration into the operating system on many computers. This group does not receive Skype for Business updates.

    • Upgrades: This group will all receive feature updates (aka upgrades) for Windows 11 and 10 features and functionality, dependent upon hardware compatibility. 

    • Upgrades Windows 10 only: This group is specifically for Windows 10 devices. Devices in this group will receive feature updates (aka upgrades) for Windows 10 features and functionality. 

    • All Service Packs: This group will receive all of the critical updates, definitions, and security updates in addition to the updates from the Application Service Packs and the OS Service Packs groups.

  • Baseline: This group will only receive all of the critical updates, definitions, and security updates. This does not include any application or OS service packs, including Skype for Business updates.
  • All Updates Minus Previews: This group will only receive all of the Updates and Tools minus the Preview of Monthly Quality Roll-up for Windows updates. 

To request further information or support please contact the EPS team.

Contact the EPS team