Wsus group membership not updating
All you have to do is make a some configuration settings in WSUS, create a new GPO (Group Policy Object), configure that GPO, and attach it to an OU (Organizational Unit) in AD. First let’s configure WSUS settings; open your WSUS console, go to Options and click Computers. The main purpose of groups in WSUS are to organize computers. To create some groups right-click on All Computers an choose Add Computer Group. You remember on WSUS those two groups that we created (XP Computers and 7 Computers), now is time to use one of them.This is where we tell WSUS how computers are added to groups. The default option is to add those computers manually, but we don’t want that, so choose the second option Use Group Policy or registry setting on computers. I’m going to create two groups here, one will be Group Policy Management. As you can see we have a lot of options here to configure Windows updates, but I’m going to configure just some of them, the rest I’ll live it to you. In the Target group name for this computer type XP Computers, click OK, and close the Group Policy Management Editor.I created this step-by-step guide for those people that don’t understand or want to know how to configure WSUS to deploy updates using Group Policy.
Here we need to create two GPO, one for the Windows XP computers and another one for Windows 7 computers. Open Configure Automatic Updates, select Enable and under Options choose the way updates are going to be installed on clients. Port is optional, and use it only if your WSUS site is installed on a different port (8530). We still need to configure updates for the Windows 7 systems, so create a new GPO on the Windows 7 OU.Right click the OU where your Windows XP computers reside and choose Create a group policy in this domain, and link it here. Follow the same steps like before until you reach Enable client-side targeting. Your GP Management console should look like this by now: We are done configuring, it’s time to test.Hello, I have a wsus server and client are shown on the server. After assigning computers to groups I come back the next day and find that the computers previously assigned to computer groups have been reassigned back the unassigned computers group.
Restart the clients or force the policy on them in order to take effect; but if you are not in rush, just wait between 90-120 min for the policy to apply on clients.I forced the policy (since I have only two clients) using gpupdate /force command.