The official blog for Windows Server Essentials and Small Business Server support and product group communications.
[This post comes to us courtesy of Charanjeet Singh and Rituraj Choudhary from Microsoft Commercial Technical Support]
Certain Group Policy Objects (GPOs) are created and configured by default during the installation of Windows Small Business Server 2011 Standard. This blog post will cover how to create these GPOs manually in the event that they are missing or have been accidentally deleted without a backup. Note: If one or more of these GPOs are missing as the result of a failed install, you should not follow this procedure. We recommend that you call Microsoft Product Support as other components are likely to be broken. The steps have been broken down into two types of Group Policies.
Update Services Policies:
Windows SBS Policies:
We do not cover the steps to create the Default Domain Controllers Policy or the Default Domain Policy in this post. Either restore these policies from backup or contact Microsoft Product Support Services for assistance.
Important: The Set the intranet update service for detecting updates and Set the intranet statistics server policies are specific to your server and must be configured with http://<YourServerName>:8530
Note: The above report for this GPO shows the “enabled” and “disabled” policy settings only. Any policy that does not appear in the above report should be set to “Not configured” on your server.
Update Services Client Computers Policy
Update Services Server Computers Policy
Update Services Common Settings Policy
Once the WSUS policies have been updated and applied, Security Filtering on the Client Computers and Server Computers GPOs will begin populating with the machine accounts of your domain joined clients and servers. This is done automatically by SBS every 5 minutes.
Create the Small Business Server Folder Redirection Policy (Optional):
This is an optional GPO. Follow these steps only if you wish to use folder redirection.
These steps will create the following GPOs:
Would love to see a post how to and best practices for setting up WSUS on Windows Server 2012 Essentials.
The SBS 2011 WSUS GPO's rely on Security Filtering ...specifically there is some automatic mechanism for adding computer accounts and server accounts specifically to the correlating WSUS policies. I've gone into a business that mistakenly and unnecessarily moved WSUS onto a member server by breaking all the SBS WSUS integration including the GPO's. When I've tried to reenable SBS integrated WSUS, I can repair/create the GPO's but I don't want to manually add back in every computer & server account. Also I want newly added computers to be added automatically to the security filtering as intended by SBS's design. Why is that broke and what magic is workign that automatically adds these computer and server accounts to the appropriate security filtering under these related GPO's?