3

Our Network Admin, who toughed it out for 3 months here, setup a virtual WSUS server and added Group Policy to enforce a WSUS policy on about 1/3 of our workstations. The virtual WSUS server has since been removed, but the policy is still preventing users from getting updates from Windows Update -- says it's being controlled by the domain.

Question is: How do I remove all pointers to the non-existent WSUS?

There are a few WSUS GPOs in Group Policy Management, and there is a WSUS object in AD Users & Computers, with all the of the systems it's set to control inside. I tried dragging these workstations back to Computers, but Windows Server 2008 gave a warning about things "not working as they were designed" if I did this. I'd rather that statement not apply to our entire domain ;)

So... drag computer objects? unlink policies? delete policies? What's the right way to go about this?

Thanks.

Sean O
  • 277
  • 3
  • 5
  • 16
  • 2
    It is better not to drag objects around in AD - instead select the objects you want to move, right-click them, and select Move. AD complains about the drag-and-drop method, because you could accidentally drag something into the wrong OU if you are not careful and break something. – August Aug 05 '09 at 19:43

4 Answers4

5

Just delete (or unlink, or disable, or unset, or whatever else you want) your WSUS-related policies.

Massimo
  • 68,714
  • 56
  • 196
  • 319
2

The "not working the way they were designed" thing is a generic warning that occurs when you drag and drop in ADU&C, it's nothing to do with WSUS. You can avoid it by right-clicking and selecting "Move". I've never seen any negative impact from it anyway.

As others have said, just hunting down those WSUS policies and dealing with them in your preferred manner is the way to go. If I was you though I'd build a new WSUS box and point them at it instead.

Maximus Minimus
  • 8,937
  • 1
  • 22
  • 36
  • Right-click to move. Simple enough, and it worked. Thanks to everyone's suggestions, using them all. Will be right-click moving each computer back into the Computers container, unlinking all WSUS policies, deleting all WSUS policies, rebuilding WSUS VM, creating new policies. – Sean O Aug 06 '09 at 13:18
  • You can block-select then right-click/move also; I don't know if that came across in my answer. – Maximus Minimus Aug 06 '09 at 13:23
1

You have to get rid of GP of the WSUS. That alone should be enough, w/o having to move/remove OUs. You can at least stop enforcing the GP.

RateControl
  • 1,207
  • 9
  • 20
1

You can simply move the computers back to their original OU. That will remove them from the policy aplied at the OU level. You should then clean up by deleting both the OU and the policy (after verifying that it's only setting WSUS).

You should at some point figure out what broke WSUS in the first place (unless it's ok have your machines go to windows update for updates)

Jim B
  • 23,938
  • 4
  • 35
  • 58