|
|
I have 3 Macintosh computers binded to my SBS 2003 domain. Is there any way
to still have these computers still within the domain but not listed on WSUS
as computer that have not registered with update services?
Sam
|
|
Hi,
SBS handles wsus configuration thorugh GPO, so probably you may create
a different OU put there thos pcs and unlink the gpo that configures
wsus. (just a though, never tried before.,..)
Sam Wynens ha scritto:
[Quoted Text] > I have 3 Macintosh computers binded to my SBS 2003 domain. Is there any way
> to still have these computers still within the domain but not listed on WSUS
> as computer that have not registered with update services?
>
> Sam
|
|
Hmmm, ok. I'll give that a try and post the results.
Sam
On 5/14/07 6:46 AM, in article
1179139616.897954.140200[ at ]q75g2000hsh.googlegroups.com, "cparmy[ at ]gmail.com"
<cparmy[ at ]gmail.com> wrote:
[Quoted Text] > Hi,
>
> SBS handles wsus configuration thorugh GPO, so probably you may create
> a different OU put there thos pcs and unlink the gpo that configures
> wsus. (just a though, never tried before.,..)
>
>
>
> Sam Wynens ha scritto:
>
>> I have 3 Macintosh computers binded to my SBS 2003 domain. Is there any way
>> to still have these computers still within the domain but not listed on WSUS
>> as computer that have not registered with update services?
>>
>> Sam
>
|
|
No luck on that front. I think I read somewhere that WSUS queries AD for any
computers within the domain and adds them to the database regardless of any
OU structure.
Guess I'll just have to put up with them staying on the list.
Sam
On 5/14/07 2:35 PM, in article C26E2429.1F3F%indy[ at ]indy1979.com, "Sam Wynens"
<indy[ at ]indy1979.com> wrote:
[Quoted Text] > Hmmm, ok. I'll give that a try and post the results.
>
> Sam
>
>
> On 5/14/07 6:46 AM, in article
> 1179139616.897954.140200[ at ]q75g2000hsh.googlegroups.com, "cparmy[ at ]gmail.com"
> <cparmy[ at ]gmail.com> wrote:
>
>> Hi,
>>
>> SBS handles wsus configuration thorugh GPO, so probably you may create
>> a different OU put there thos pcs and unlink the gpo that configures
>> wsus. (just a though, never tried before.,..)
>>
>>
>>
>> Sam Wynens ha scritto:
>>
>>> I have 3 Macintosh computers binded to my SBS 2003 domain. Is there any way
>>> to still have these computers still within the domain but not listed on WSUS
>>> as computer that have not registered with update services?
>>>
>>> Sam
>>
>
|
|
No WSUS does not query AD for anything. The client gets the GPO setting and
report to the WSUS server. Once the client has reported they will continue
to show in the WSUS server until one of 2 things are done.
1. Manually delete the computer from WSUS, if they still have a GPO
pointing them to WSUS they will show up again.
2. Wait for more than 30 days for the client to age, then run the Server
clean-up wizard to remove the computers.
--
Cecil [MSFT]
Deployment, WSUS
Microsoft
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Sam Wynens" <indy[ at ]indy1979.com> wrote in message
news:C26E33BB.1F4B%indy[ at ]indy1979.com...
[Quoted Text] > No luck on that front. I think I read somewhere that WSUS queries AD for
> any
> computers within the domain and adds them to the database regardless of
> any
> OU structure.
>
> Guess I'll just have to put up with them staying on the list.
>
> Sam
>
>
> On 5/14/07 2:35 PM, in article C26E2429.1F3F%indy[ at ]indy1979.com, "Sam
> Wynens"
> <indy[ at ]indy1979.com> wrote:
>
>> Hmmm, ok. I'll give that a try and post the results.
>>
>> Sam
>>
>>
>> On 5/14/07 6:46 AM, in article
>> 1179139616.897954.140200[ at ]q75g2000hsh.googlegroups.com, "cparmy[ at ]gmail.com"
>> <cparmy[ at ]gmail.com> wrote:
>>
>>> Hi,
>>>
>>> SBS handles wsus configuration thorugh GPO, so probably you may create
>>> a different OU put there thos pcs and unlink the gpo that configures
>>> wsus. (just a though, never tried before.,..)
>>>
>>>
>>>
>>> Sam Wynens ha scritto:
>>>
>>>> I have 3 Macintosh computers binded to my SBS 2003 domain. Is there any
>>>> way
>>>> to still have these computers still within the domain but not listed on
>>>> WSUS
>>>> as computer that have not registered with update services?
>>>>
>>>> Sam
>>>
>>
>
|
|
"Cecils(MSFT)" <cecils[ at ]online.microsoft.com> wrote in message
news:uE%23irRolHHA.1532[ at ]TK2MSFTNGP03.phx.gbl...
[Quoted Text] > No WSUS does not query AD for anything. The client gets the GPO setting
> and report to the WSUS server. Once the client has reported they will
> continue to show in the WSUS server until one of 2 things are done.
>
> 1. Manually delete the computer from WSUS, if they still have a GPO
> pointing them to WSUS they will show up again.
> 2. Wait for more than 30 days for the client to age, then run the Server
> clean-up wizard to remove the computers.
My question would be... how did an OS X computer get listed on a WSUS server
to begin with!?
--
Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)
https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E
Everything you need for WSUS is at
http://technet2.microsoft.com/windowsserver/en/technologies/featured/wsus/default.mspx
And, almost everything else is at
http://wsusinfo.onsitechsolutions.com
.....
|
|
Ok, so let me see if I have my thoughts in order.
I have the computers broken up into separate their own OU (Macs and PCs).
If I were to move the GPOs out from the top Domain level and put them in to
an OU that has the managed Windows machines, the windows machines will be
the only ones that receive the WSUS settings?
Sorry, I'm trying to learn AD on my home server and still figuring out how
everything works together.
Sam
On 5/15/07 7:00 PM, in article e8j9JT0lHHA.3804[ at ]TK2MSFTNGP03.phx.gbl,
"Lawrence Garvin (MVP)" <onsitech[ at ]community.nospam> wrote:
[Quoted Text] > "Cecils(MSFT)" <cecils[ at ]online.microsoft.com> wrote in message
> news:uE%23irRolHHA.1532[ at ]TK2MSFTNGP03.phx.gbl...
>> No WSUS does not query AD for anything. The client gets the GPO setting
>> and report to the WSUS server. Once the client has reported they will
>> continue to show in the WSUS server until one of 2 things are done.
>>
>> 1. Manually delete the computer from WSUS, if they still have a GPO
>> pointing them to WSUS they will show up again.
>> 2. Wait for more than 30 days for the client to age, then run the Server
>> clean-up wizard to remove the computers.
>
> My question would be... how did an OS X computer get listed on a WSUS server
> to begin with!?
|
|
I should also note that the Macs only appear in the MMC snap-in on my SBS
2003 box in the server management window. They don't show up on the
web-based admin panel.
Sam
On 5/16/07 1:25 PM, in article C270B6CD.210B%indy[ at ]indy1979.com, "Sam Wynens"
<indy[ at ]indy1979.com> wrote:
[Quoted Text] > Ok, so let me see if I have my thoughts in order.
>
> I have the computers broken up into separate their own OU (Macs and PCs).
>
> If I were to move the GPOs out from the top Domain level and put them in to
> an OU that has the managed Windows machines, the windows machines will be
> the only ones that receive the WSUS settings?
>
> Sorry, I'm trying to learn AD on my home server and still figuring out how
> everything works together.
>
> Sam
>
>
> On 5/15/07 7:00 PM, in article e8j9JT0lHHA.3804[ at ]TK2MSFTNGP03.phx.gbl,
> "Lawrence Garvin (MVP)" <onsitech[ at ]community.nospam> wrote:
>
>> "Cecils(MSFT)" <cecils[ at ]online.microsoft.com> wrote in message
>> news:uE%23irRolHHA.1532[ at ]TK2MSFTNGP03.phx.gbl...
>>> No WSUS does not query AD for anything. The client gets the GPO setting
>>> and report to the WSUS server. Once the client has reported they will
>>> continue to show in the WSUS server until one of 2 things are done.
>>>
>>> 1. Manually delete the computer from WSUS, if they still have a GPO
>>> pointing them to WSUS they will show up again.
>>> 2. Wait for more than 30 days for the client to age, then run the Server
>>> clean-up wizard to remove the computers.
>>
>> My question would be... how did an OS X computer get listed on a WSUS server
>> to begin with!?
>
|
|
On Wed, 16 May 2007 13:25:33 -0400, Sam Wynens <indy[ at ]indy1979.com> wrote:
[Quoted Text] >Ok, so let me see if I have my thoughts in order.
>
>I have the computers broken up into separate their own OU (Macs and PCs).
>
>If I were to move the GPOs out from the top Domain level and put them in to
>an OU that has the managed Windows machines, the windows machines will be
>the only ones that receive the WSUS settings?
What makes you think that a MAC machine could ever get a setting from a GPO. It
is a Windows only feature. I do not use MACs and am slightly surprised that they
can even get and use an account in AD let alone take part in Group Policy. I
always thought they were like W9x PCs the user can have an AD account but the PC
cannot.
>
>Sorry, I'm trying to learn AD on my home server and still figuring out how
>everything works together.
>
>Sam
>
>
>On 5/15/07 7:00 PM, in article e8j9JT0lHHA.3804[ at ]TK2MSFTNGP03.phx.gbl,
>"Lawrence Garvin (MVP)" <onsitech[ at ]community.nospam> wrote:
>
>> "Cecils(MSFT)" <cecils[ at ]online.microsoft.com> wrote in message
>> news:uE%23irRolHHA.1532[ at ]TK2MSFTNGP03.phx.gbl...
>>> No WSUS does not query AD for anything. The client gets the GPO setting
>>> and report to the WSUS server. Once the client has reported they will
>>> continue to show in the WSUS server until one of 2 things are done.
>>>
>>> 1. Manually delete the computer from WSUS, if they still have a GPO
>>> pointing them to WSUS they will show up again.
>>> 2. Wait for more than 30 days for the client to age, then run the Server
>>> clean-up wizard to remove the computers.
>>
>> My question would be... how did an OS X computer get listed on a WSUS server
>> to begin with!?
--
Dave Mills
There are 10 type of people, those that understand binary and those that don't.
|
|
I didn't know. Sorry. I'm not aware of how deep AD goes in to a Mac. When I
binded the macs to the domain, they had computer accounts set up for them
and I am logging in to the macs using my domain username and pass. I also
have folder redirection set up for the My Documents folder and that shows up
when I log into the macs. Like I said, I'm not sure how deep AD is
integrated with the mac.
Now, back on subject. This little excerpt was taken from the MMC snap-in
help file:
"Update Services keeps track of the computers that are registered with it,
and it periodically compares this list with Active Directory. Computers that
are listed in Active Directory and that are not registered with Update
Services are shown in a warning message in the Update Services home page
status area."
So it looks like WSUS queries AD for a list of computers...
Sam
On 5/16/07 3:45 PM, in article fhnm435e7ssvcit0tbd051hbm42sklte9t[ at ]4ax.com,
"DaveMills" <DaveMills[ at ]newsgroup.nospam> wrote:
[Quoted Text] > On Wed, 16 May 2007 13:25:33 -0400, Sam Wynens <indy[ at ]indy1979.com> wrote:
>
>> Ok, so let me see if I have my thoughts in order.
>>
>> I have the computers broken up into separate their own OU (Macs and PCs).
>>
>> If I were to move the GPOs out from the top Domain level and put them in to
>> an OU that has the managed Windows machines, the windows machines will be
>> the only ones that receive the WSUS settings?
>
> What makes you think that a MAC machine could ever get a setting from a GPO.
> It
> is a Windows only feature. I do not use MACs and am slightly surprised that
> they
> can even get and use an account in AD let alone take part in Group Policy. I
> always thought they were like W9x PCs the user can have an AD account but the
> PC
> cannot.
>
>>
>> Sorry, I'm trying to learn AD on my home server and still figuring out how
>> everything works together.
>>
>> Sam
>>
>>
>> On 5/15/07 7:00 PM, in article e8j9JT0lHHA.3804[ at ]TK2MSFTNGP03.phx.gbl,
>> "Lawrence Garvin (MVP)" <onsitech[ at ]community.nospam> wrote:
>>
>>> "Cecils(MSFT)" <cecils[ at ]online.microsoft.com> wrote in message
>>> news:uE%23irRolHHA.1532[ at ]TK2MSFTNGP03.phx.gbl...
>>>> No WSUS does not query AD for anything. The client gets the GPO setting
>>>> and report to the WSUS server. Once the client has reported they will
>>>> continue to show in the WSUS server until one of 2 things are done.
>>>>
>>>> 1. Manually delete the computer from WSUS, if they still have a GPO
>>>> pointing them to WSUS they will show up again.
>>>> 2. Wait for more than 30 days for the client to age, then run the Server
>>>> clean-up wizard to remove the computers.
>>>
>>> My question would be... how did an OS X computer get listed on a WSUS server
>>> to begin with!?
|
|
On Wed, 16 May 2007 17:15:30 -0400, Sam Wynens <indy[ at ]indy1979.com> wrote:
[Quoted Text] >I didn't know. Sorry. I'm not aware of how deep AD goes in to a Mac.
No need to be sorry. I have a few MACs on site but none have an AD account. I do
not manage the MACs and know little about them. I may be out of date on how MACs
work in AD or you may have add on software that integrates with AD. However the
fact that an account is created does not mean they will understand Group policy.
When NT4 joins a domain there is a computer account for it but is cannot process
GPOs
>When I
>binded the macs to the domain, they had computer accounts set up for them
>and I am logging in to the macs using my domain username and pass. I also
>have folder redirection set up for the My Documents folder and that shows up
>when I log into the macs. Like I said, I'm not sure how deep AD is
>integrated with the mac.
>
>Now, back on subject. This little excerpt was taken from the MMC snap-in
>help file:
>
>"Update Services keeps track of the computers that are registered with it,
>and it periodically compares this list with Active Directory. Computers that
>are listed in Active Directory and that are not registered with Update
>Services are shown in a warning message in the Update Services home page
>status area."
This is news to me and I have not yet seen this message but I have only just
upgraded to WSUS 3. I will need to watch for it. Thanks.
>
>So it looks like WSUS queries AD for a list of computers...
>
>Sam
>
>
>
>
>On 5/16/07 3:45 PM, in article fhnm435e7ssvcit0tbd051hbm42sklte9t[ at ]4ax.com,
>"DaveMills" <DaveMills[ at ]newsgroup.nospam> wrote:
>
>> On Wed, 16 May 2007 13:25:33 -0400, Sam Wynens <indy[ at ]indy1979.com> wrote:
>>
>>> Ok, so let me see if I have my thoughts in order.
>>>
>>> I have the computers broken up into separate their own OU (Macs and PCs).
>>>
>>> If I were to move the GPOs out from the top Domain level and put them in to
>>> an OU that has the managed Windows machines, the windows machines will be
>>> the only ones that receive the WSUS settings?
>>
>> What makes you think that a MAC machine could ever get a setting from a GPO.
>> It
>> is a Windows only feature. I do not use MACs and am slightly surprised that
>> they
>> can even get and use an account in AD let alone take part in Group Policy. I
>> always thought they were like W9x PCs the user can have an AD account but the
>> PC
>> cannot.
>>
>>>
>>> Sorry, I'm trying to learn AD on my home server and still figuring out how
>>> everything works together.
>>>
>>> Sam
>>>
>>>
>>> On 5/15/07 7:00 PM, in article e8j9JT0lHHA.3804[ at ]TK2MSFTNGP03.phx.gbl,
>>> "Lawrence Garvin (MVP)" <onsitech[ at ]community.nospam> wrote:
>>>
>>>> "Cecils(MSFT)" <cecils[ at ]online.microsoft.com> wrote in message
>>>> news:uE%23irRolHHA.1532[ at ]TK2MSFTNGP03.phx.gbl...
>>>>> No WSUS does not query AD for anything. The client gets the GPO setting
>>>>> and report to the WSUS server. Once the client has reported they will
>>>>> continue to show in the WSUS server until one of 2 things are done.
>>>>>
>>>>> 1. Manually delete the computer from WSUS, if they still have a GPO
>>>>> pointing them to WSUS they will show up again.
>>>>> 2. Wait for more than 30 days for the client to age, then run the Server
>>>>> clean-up wizard to remove the computers.
>>>>
>>>> My question would be... how did an OS X computer get listed on a WSUS server
>>>> to begin with!?
--
Dave Mills
There are 10 type of people, those that understand binary and those that don't.
|
|
I would like to put a little clarification here. WSUS does not query AD in
any way. If you have the resource that this quote came from I can see what
I can do to get clarification around the posting.
--
Cecil [MSFT]
Deployment, WSUS
Microsoft
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"DaveMills" <DaveMills[ at ]newsgroup.nospam> wrote in message
news:hklp43huio7raadrrjv9lub7tv4nrei2m4[ at ]4ax.com...
[Quoted Text] > On Wed, 16 May 2007 17:15:30 -0400, Sam Wynens <indy[ at ]indy1979.com> wrote:
>
>>I didn't know. Sorry. I'm not aware of how deep AD goes in to a Mac.
>
> No need to be sorry. I have a few MACs on site but none have an AD
> account. I do
> not manage the MACs and know little about them. I may be out of date on
> how MACs
> work in AD or you may have add on software that integrates with AD.
> However the
> fact that an account is created does not mean they will understand Group
> policy.
> When NT4 joins a domain there is a computer account for it but is cannot
> process
> GPOs
>
>>When I
>>binded the macs to the domain, they had computer accounts set up for them
>>and I am logging in to the macs using my domain username and pass. I also
>>have folder redirection set up for the My Documents folder and that shows
>>up
>>when I log into the macs. Like I said, I'm not sure how deep AD is
>>integrated with the mac.
>>
>>Now, back on subject. This little excerpt was taken from the MMC snap-in
>>help file:
>>
>>"Update Services keeps track of the computers that are registered with it,
>>and it periodically compares this list with Active Directory. Computers
>>that
>>are listed in Active Directory and that are not registered with Update
>>Services are shown in a warning message in the Update Services home page
>>status area."
> This is news to me and I have not yet seen this message but I have only
> just
> upgraded to WSUS 3. I will need to watch for it. Thanks.
>
>>
>>So it looks like WSUS queries AD for a list of computers...
>>
>>Sam
>>
>>
>>
>>
>>On 5/16/07 3:45 PM, in article fhnm435e7ssvcit0tbd051hbm42sklte9t[ at ]4ax.com,
>>"DaveMills" <DaveMills[ at ]newsgroup.nospam> wrote:
>>
>>> On Wed, 16 May 2007 13:25:33 -0400, Sam Wynens <indy[ at ]indy1979.com>
>>> wrote:
>>>
>>>> Ok, so let me see if I have my thoughts in order.
>>>>
>>>> I have the computers broken up into separate their own OU (Macs and
>>>> PCs).
>>>>
>>>> If I were to move the GPOs out from the top Domain level and put them
>>>> in to
>>>> an OU that has the managed Windows machines, the windows machines will
>>>> be
>>>> the only ones that receive the WSUS settings?
>>>
>>> What makes you think that a MAC machine could ever get a setting from a
>>> GPO.
>>> It
>>> is a Windows only feature. I do not use MACs and am slightly surprised
>>> that
>>> they
>>> can even get and use an account in AD let alone take part in Group
>>> Policy. I
>>> always thought they were like W9x PCs the user can have an AD account
>>> but the
>>> PC
>>> cannot.
>>>
>>>>
>>>> Sorry, I'm trying to learn AD on my home server and still figuring out
>>>> how
>>>> everything works together.
>>>>
>>>> Sam
>>>>
>>>>
>>>> On 5/15/07 7:00 PM, in article e8j9JT0lHHA.3804[ at ]TK2MSFTNGP03.phx.gbl,
>>>> "Lawrence Garvin (MVP)" <onsitech[ at ]community.nospam> wrote:
>>>>
>>>>> "Cecils(MSFT)" <cecils[ at ]online.microsoft.com> wrote in message
>>>>> news:uE%23irRolHHA.1532[ at ]TK2MSFTNGP03.phx.gbl...
>>>>>> No WSUS does not query AD for anything. The client gets the GPO
>>>>>> setting
>>>>>> and report to the WSUS server. Once the client has reported they
>>>>>> will
>>>>>> continue to show in the WSUS server until one of 2 things are done.
>>>>>>
>>>>>> 1. Manually delete the computer from WSUS, if they still have a GPO
>>>>>> pointing them to WSUS they will show up again.
>>>>>> 2. Wait for more than 30 days for the client to age, then run the
>>>>>> Server
>>>>>> clean-up wizard to remove the computers.
>>>>>
>>>>> My question would be... how did an OS X computer get listed on a WSUS
>>>>> server
>>>>> to begin with!?
> --
> Dave Mills
> There are 10 type of people, those that understand binary and those that
> don't.
|
|
On Thu, 17 May 2007 16:15:36 -0700, "Cecils\(MSFT\)"
<cecils[ at ]online.microsoft.com> wrote:
[Quoted Text] >I would like to put a little clarification here. WSUS does not query AD in
>any way. If you have the resource that this quote came from I can see what
>I can do to get clarification around the posting.
Phew! I thought I had missed something important. Thanks for the clarification.
--
Dave Mills
There are 10 type of people, those that understand binary and those that don't.
|
|
Straight from Microsoft...
http://www.microsoft.com/technet/prodtechnol/sbs/2003/support/documentation/
a27267d5-3411-49d6-9726-68cbcfb84ce3.mspx?mfr=true
Expand Introduction to Update Services. Expand Troubleshooting and click
Common Problems
It's the first paragraph.
Sam
On 5/18/07 12:32 AM, in article 22bq435aujp95ksajidbe5dsl4imjaa22m[ at ]4ax.com,
"DaveMills" <DaveMills[ at ]newsgroup.nospam> wrote:
[Quoted Text] > On Thu, 17 May 2007 16:15:36 -0700, "Cecils\(MSFT\)"
> <cecils[ at ]online.microsoft.com> wrote:
>
>> I would like to put a little clarification here. WSUS does not query AD in
>> any way. If you have the resource that this quote came from I can see what
>> I can do to get clarification around the posting.
>
> Phew! I thought I had missed something important. Thanks for the
> clarification.
|
|
"Sam Wynens" <indy[ at ]indy1979.com> wrote in message
news:C270B6CD.210B%indy[ at ]indy1979.com...
[Quoted Text] > Ok, so let me see if I have my thoughts in order.
>
> I have the computers broken up into separate their own OU (Macs and PCs).
>
> If I were to move the GPOs out from the top Domain level and put them in
> to
> an OU that has the managed Windows machines, the windows machines will be
> the only ones that receive the WSUS settings?
Yes, and that would definitely be the preferable configuration.
Only apply a GPO to the *domain* if the policy needs to be applied to
*every* computer in that domain.
> Sorry, I'm trying to learn AD on my home server and still figuring out how
> everything works together.
Gotcha! See above advice. :-)
--
Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)
https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E
Everything you need for WSUS is at
http://technet2.microsoft.com/windowsserver/en/technologies/featured/wsus/default.mspx
And, almost everything else is at
http://wsusinfo.onsitechsolutions.com
.....
|
|
|
|
|
|
|