windows server 2016 essentials group policy?

Discussion in 'Windows Server' started by linux4life, May 9, 2017.

  1. linux4life

    linux4life MDL Novice

    Feb 17, 2013
    4
    0
    0
    ive been using windows 2k16 and was thumbing around the essentials dashboard and I saw something about group policy. I know just enough about it to get myself in trouble =P it set up folder redirection to the server as well as firewall settings for the domain it setup during install. but nothing else.

    so I have a couple questions before I tear into gpmc.msc and potentially break something

    1. how do I disable the ctr-alt-delete log on requirement for domain pc's
    2. how hard is it to setup wsus?

    as for pc's,

    my server running windows 2k16
    1 desktop with windows 10 pro
    1 desktop with windows 7 ult
    2 laptops with windows 7 ult
    all joined to the domain
     
  2. GodHand

    GodHand MDL Addicted

    Jul 15, 2016
    534
    926
    30
    You can disable CTRL+ALT+DEL in GPO.

    Tools > Group Policy Management > Right-click and Edit your domain policy > Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options. You'll see the option for "Interactive Logon: Do not require CTRL+ALT+DEL."

    WSUS is just installing the Feature and making sure you have about 10 gigs of space on a connected drive formatted in NTFS. It can take a while to connect and sync, so just be patient.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. linux4life

    linux4life MDL Novice

    Feb 17, 2013
    4
    0
    0
    thank you for helping me with the ctrl+alt+del it worked like a champ.

    however with wsus the snap-in for server manager shows no computers connected to it does that require a GPO as well? or will the PC's just go "oh the update I need is here at server X I don't need to go to the internet to get it"
     
  4. GodHand

    GodHand MDL Addicted

    Jul 15, 2016
    534
    926
    30
    Go to the Update Services console, click Options and make sure the "Use Group Policy or registry settings on computer" is selected. Then synchronize the updates by clicking "Synchronizations."

    Go to GPO > Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update
    1. Select Configure Automatic Update," enable it then configure your update settings to what you require
    2. Select "Specify intranet Microsoft update service location," enable it and then set the URI to your WSUS server.
    3. Select "Allow none-administrators to receive update notifications" and enable it.
    4. Select "Enable client-side targeting," enable it and enter the target group name as you have defined in WSUS (see #6 if you have not done this yet).
    5. Back out of your domain's GPO, force update the GPO by opening command-prompt and typing gpupdate /force and you will see the new updated settings in your WSUS GPO.
    6. Go into the Update Services console, right-click "All Computers" and add a new Computer Group and enter the identical group name you defined in your GPO.
    Make sure the firewall is not affecting the WSUS server, as well.

    You should be set after that. If the server is not being displayed on the client PCs, you can manually detect the server from the client PCs by going into command prompt and typing wuauclt /detectnow, then "Check for Updates" and it should start pulling updates from the server.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...