New to GPOs and have a multi-subnet domain that have site servers with WSUS on them for each subnet. Also have VPN users that go to a different WSUS server. The catch is I need the VPN users to access the site WSUS servers when the users are on-site instead of remote.
I have all the GPOs filtered by subnet using WMI Filtering and that seems to work in my testing. The question is when applying the GPO should I apply all the WSUS GPOs with filtering at the domain, so where ever the user is logged in they get the local WSUS or should I just apply to the individual OUs with VPN being the only one at the Domain level or do I add it to each individual OU as well?
Also would I need to use Enforced on either of them?
EDIT: Also if the user is tied to Site A and then relocates to Site B for a period of time. They want the user to be accessing Site B's WSUS server to minimize WAN traffic.