You have installed Windows Server Update Services (WSUS) on a machine and want all machines on your domain to fetch updates from that instead of the default, public Microsoft update site.
You do this via a GPO after WSUS is configured and ready to go.
- Log on to a Domain Controller and run the Group Policy Management console
- Right click on the name of the domain and select “Create a GPO in this domain and Link it here”. Name your policy something reasonable, like “WSUS Client Settings”.
- Edit the newly created policy object and expand Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update
- Edit the policy “Specify the Microsoft update service location”. Set it to enabled and enter the URL for the WSUS service in both fields. Remember that if the service was installed into it’s own IIS site (i.e. not part of the default site), the port will be different (probably 8530). Click OK to save the changes
- Edit the policy “Configure Automatic Updates”. Set it to enabled and change the Configure automatic updating option to “4 – Auto download and schedule the install”. Set the schedule for updates; this example uses the default Daily update at 3am. Click OK to save the changes; then close the policy editor.
- You’ll need to run gpupdate /force on all the clients, or just wait for normal group policy processing to push out the changes. As your machines receive the new policy, they should start appearing in your WSUS console.