The official blog for Windows Server Essentials and Small Business Server support and product group communications.
EPS Team Blogs
[Today's post comes to us courtesy of Ed Walters]
Please click HERE for the steps to manually create the SBS 2011 Standard and WSUS Group Policies Objects.
Update Services Policies:
Windows SBS Policies:
We do not cover the steps to create the Default Domain Controllers Policy or the Default Domain Policy in this post. Either restore these policies from backup or contact Microsoft Product Support Services for assistance.
Important: The Set the intranet update service for detecting updates and Set the intranet statistics server policies are specific to your server and must be configured with http://<YourServerName>:8530
Note: The above report for this GPO shows the “enabled” and “disabled” policy settings only. Any policy that does not appear in the above report should be set to “Not configured” on your server.
The configuration on the Scope tab for each new Update Services GPO needs to be as follows:
Once the WSUS policies have been updated and applied, Security Filtering on the Client Computers and Server Computers GPOs will begin populating with the machine accounts of your domain joined clients and servers. This is done automatically by SBS every 5 minutes.
This is an optional GPO. Follow these steps only if you wish to use folder redirection
These steps will create the following GPOs:
"Once the WSUS policies have been updated and applied, Security Filtering on the Client Computers and Server Computers GPOs will begin populating with the machine accounts of your domain joined clients and servers. This is done automatically by SBS."
Automatically? Even if we have manually created the GPO and linked them to the domain OU?
How does the server computer policy know it applies to an object in the SBS Computers - Servers OU (or the client to clients) if they are linked to the domain GPO?
The instructions on technet are the same as you have here, so I was glad of the opportunity to ask about this.
The Windows SBS Manager service (DataCollectorSvc) does this for you based on the group membership in WSUS that you have chosen for your machines. For more info on this, have a look at http://blogs.technet.com/sbs/archive/2009/06/23/update-services-in-sbs-2008.aspx