Discussion:
How do I ADD computers to the "Unassigned Computers" group?
(too old to reply)
Ed Flecko
2005-10-19 17:10:06 UTC
Permalink
The computers that I currently have in the "Unassigned Computers" group seem
to be working O.K. with my new WSUS server. To be honest, I'm not even sure
how they got into that group, but since things seem to be working O.K., I'd
like to add the rest of my LAN computers to this group.

Can someone tell me how to do that?

Thank you,
Ed
David Hennessey (MSFT)
2005-10-19 17:25:08 UTC
Permalink
A couple of quick facts :).

- Every computer attached to the WSUS server will be present in the All
Computers target group
- Every computer not assigned to a specific target group (i.e. Not the All
Computers TG) will be a member of the Unassigned Computers Target Group.

Unassigned is meant to be there as a place holder so you can figure out what
specific target group you want them to be in.

If you don't need to control groups of computers individually then just
ignore the Unassigned TG and make all your approvals to the All Computers
TG.
--
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Post by Ed Flecko
The computers that I currently have in the "Unassigned Computers" group seem
to be working O.K. with my new WSUS server. To be honest, I'm not even sure
how they got into that group, but since things seem to be working O.K., I'd
like to add the rest of my LAN computers to this group.
Can someone tell me how to do that?
Thank you,
Ed
Ed Flecko
2005-10-19 17:38:02 UTC
Permalink
Hi David,
Thank you for the reply.

I'm confused. What do you mean when you say, "Every computer attached to the
WSUS server will be present in the All Computers target group."

I guess that's what I'm trying to figure out; how do I "attach" all of my
computers to my WSUS server! :-)

Thank you,
Ed
Post by David Hennessey (MSFT)
A couple of quick facts :).
- Every computer attached to the WSUS server will be present in the All
Computers target group
- Every computer not assigned to a specific target group (i.e. Not the All
Computers TG) will be a member of the Unassigned Computers Target Group.
Unassigned is meant to be there as a place holder so you can figure out what
specific target group you want them to be in.
If you don't need to control groups of computers individually then just
ignore the Unassigned TG and make all your approvals to the All Computers
TG.
--
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Post by Ed Flecko
The computers that I currently have in the "Unassigned Computers" group seem
to be working O.K. with my new WSUS server. To be honest, I'm not even sure
how they got into that group, but since things seem to be working O.K., I'd
like to add the rest of my LAN computers to this group.
Can someone tell me how to do that?
Thank you,
Ed
David Hennessey (MSFT)
2005-10-19 17:50:05 UTC
Permalink
When the client contacts the WSUS server it registers itself with the
server. That is what I mean by attach, its not really something you do
explicitly, I just mean that every client that talks to the WSUS server will
be a member of the All Computers target group.
--
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Post by Ed Flecko
Hi David,
Thank you for the reply.
I'm confused. What do you mean when you say, "Every computer attached to the
WSUS server will be present in the All Computers target group."
I guess that's what I'm trying to figure out; how do I "attach" all of my
computers to my WSUS server! :-)
Thank you,
Ed
Post by David Hennessey (MSFT)
A couple of quick facts :).
- Every computer attached to the WSUS server will be present in the All
Computers target group
- Every computer not assigned to a specific target group (i.e. Not the All
Computers TG) will be a member of the Unassigned Computers Target Group.
Unassigned is meant to be there as a place holder so you can figure out what
specific target group you want them to be in.
If you don't need to control groups of computers individually then just
ignore the Unassigned TG and make all your approvals to the All Computers
TG.
--
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Post by Ed Flecko
The computers that I currently have in the "Unassigned Computers" group seem
to be working O.K. with my new WSUS server. To be honest, I'm not even sure
how they got into that group, but since things seem to be working O.K., I'd
like to add the rest of my LAN computers to this group.
Can someone tell me how to do that?
Thank you,
Ed
Ed Flecko
2005-10-19 18:30:05 UTC
Permalink
Thank you, David.

O.K. I am applying my WSUS policies via A.D. Group Policy. I have a simple
GP created, and it is linked to an OU within my domain. In the "Security
Filtering" field, I have only a handfull of my PCs "manually" added. So I
wonder...

Do I need to add ALL of my PCs to the Security Filtering field (or will the
"Authenticated Users" group work just fine)? Do you think this is why ALL of
my computers haven't "checked-in" with the WSUS server (because they're not
listed in the Security Filtering field, GP isn't being applied, and
hence...they're not attached)?

Thank you,
Craig
Post by David Hennessey (MSFT)
When the client contacts the WSUS server it registers itself with the
server. That is what I mean by attach, its not really something you do
explicitly, I just mean that every client that talks to the WSUS server will
be a member of the All Computers target group.
--
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Post by Ed Flecko
Hi David,
Thank you for the reply.
I'm confused. What do you mean when you say, "Every computer attached to the
WSUS server will be present in the All Computers target group."
I guess that's what I'm trying to figure out; how do I "attach" all of my
computers to my WSUS server! :-)
Thank you,
Ed
Post by David Hennessey (MSFT)
A couple of quick facts :).
- Every computer attached to the WSUS server will be present in the All
Computers target group
- Every computer not assigned to a specific target group (i.e. Not the All
Computers TG) will be a member of the Unassigned Computers Target Group.
Unassigned is meant to be there as a place holder so you can figure out what
specific target group you want them to be in.
If you don't need to control groups of computers individually then just
ignore the Unassigned TG and make all your approvals to the All Computers
TG.
--
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Post by Ed Flecko
The computers that I currently have in the "Unassigned Computers" group seem
to be working O.K. with my new WSUS server. To be honest, I'm not even sure
how they got into that group, but since things seem to be working O.K., I'd
like to add the rest of my LAN computers to this group.
Can someone tell me how to do that?
Thank you,
Ed
David Hennessey (MSFT)
2005-10-19 19:08:57 UTC
Permalink
I'm afraid you just left my area of expertise. I would hope the Deployment
Guide has enough information on how to configure AD group policy to
efficiently get clients talking to the server. Otherwise I'm sure others
here are more familiar with AD policies to help :).

One side note though, if your client machines are imaged (not sysprep'd)
then you will run into problems because they will all contact the server
using the same Client ID. This will cause clients to vanish and reappear in
the Admin UI. There are multiple threads in this forum that deals with this
particular issue and how to resolve it.
--
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Post by Ed Flecko
Thank you, David.
O.K. I am applying my WSUS policies via A.D. Group Policy. I have a simple
GP created, and it is linked to an OU within my domain. In the "Security
Filtering" field, I have only a handfull of my PCs "manually" added. So I
wonder...
Do I need to add ALL of my PCs to the Security Filtering field (or will the
"Authenticated Users" group work just fine)? Do you think this is why ALL of
my computers haven't "checked-in" with the WSUS server (because they're not
listed in the Security Filtering field, GP isn't being applied, and
hence...they're not attached)?
Thank you,
Craig
Post by David Hennessey (MSFT)
When the client contacts the WSUS server it registers itself with the
server. That is what I mean by attach, its not really something you do
explicitly, I just mean that every client that talks to the WSUS server will
be a member of the All Computers target group.
--
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Post by Ed Flecko
Hi David,
Thank you for the reply.
I'm confused. What do you mean when you say, "Every computer attached
to
the
WSUS server will be present in the All Computers target group."
I guess that's what I'm trying to figure out; how do I "attach" all of my
computers to my WSUS server! :-)
Thank you,
Ed
Post by David Hennessey (MSFT)
A couple of quick facts :).
- Every computer attached to the WSUS server will be present in the All
Computers target group
- Every computer not assigned to a specific target group (i.e. Not the All
Computers TG) will be a member of the Unassigned Computers Target Group.
Unassigned is meant to be there as a place holder so you can figure
out
what
specific target group you want them to be in.
If you don't need to control groups of computers individually then just
ignore the Unassigned TG and make all your approvals to the All Computers
TG.
--
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Post by Ed Flecko
The computers that I currently have in the "Unassigned Computers"
group
seem
to be working O.K. with my new WSUS server. To be honest, I'm not
even
sure
how they got into that group, but since things seem to be working
O.K.,
I'd
like to add the rest of my LAN computers to this group.
Can someone tell me how to do that?
Thank you,
Ed
Ed Flecko
2005-10-19 19:28:07 UTC
Permalink
Thank you, David.

That's good to know! My clients aren't imaged (or sysprepped), but I'm very
familiar with sysprepping machines. Thank you for you help. :-)

Ed
Post by David Hennessey (MSFT)
I'm afraid you just left my area of expertise. I would hope the Deployment
Guide has enough information on how to configure AD group policy to
efficiently get clients talking to the server. Otherwise I'm sure others
here are more familiar with AD policies to help :).
One side note though, if your client machines are imaged (not sysprep'd)
then you will run into problems because they will all contact the server
using the same Client ID. This will cause clients to vanish and reappear in
the Admin UI. There are multiple threads in this forum that deals with this
particular issue and how to resolve it.
--
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Post by Ed Flecko
Thank you, David.
O.K. I am applying my WSUS policies via A.D. Group Policy. I have a simple
GP created, and it is linked to an OU within my domain. In the "Security
Filtering" field, I have only a handfull of my PCs "manually" added. So I
wonder...
Do I need to add ALL of my PCs to the Security Filtering field (or will the
"Authenticated Users" group work just fine)? Do you think this is why ALL of
my computers haven't "checked-in" with the WSUS server (because they're not
listed in the Security Filtering field, GP isn't being applied, and
hence...they're not attached)?
Thank you,
Craig
Post by David Hennessey (MSFT)
When the client contacts the WSUS server it registers itself with the
server. That is what I mean by attach, its not really something you do
explicitly, I just mean that every client that talks to the WSUS server will
be a member of the All Computers target group.
--
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Post by Ed Flecko
Hi David,
Thank you for the reply.
I'm confused. What do you mean when you say, "Every computer attached
to
the
WSUS server will be present in the All Computers target group."
I guess that's what I'm trying to figure out; how do I "attach" all of my
computers to my WSUS server! :-)
Thank you,
Ed
Post by David Hennessey (MSFT)
A couple of quick facts :).
- Every computer attached to the WSUS server will be present in the All
Computers target group
- Every computer not assigned to a specific target group (i.e. Not the All
Computers TG) will be a member of the Unassigned Computers Target Group.
Unassigned is meant to be there as a place holder so you can figure
out
what
specific target group you want them to be in.
If you don't need to control groups of computers individually then just
ignore the Unassigned TG and make all your approvals to the All Computers
TG.
--
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Post by Ed Flecko
The computers that I currently have in the "Unassigned Computers"
group
seem
to be working O.K. with my new WSUS server. To be honest, I'm not
even
sure
how they got into that group, but since things seem to be working
O.K.,
I'd
like to add the rest of my LAN computers to this group.
Can someone tell me how to do that?
Thank you,
Ed
Bobbie Harder (MSFT)
2005-10-19 19:30:22 UTC
Permalink
Hi Ed, Couple pointers here if you'd like to use GP to configure your WSUS
clients. Check out the deployment guide - starting on ~page 60:
http://www.microsoft.com/downloads/details.aspx?FamilyId=E99C9D13-63E0-41CE-A646-EB36F1D3E987&displaylang=en

You can also use a sample tool we have called ADImporter which will let you
pre-populate WSUS target groups with computers from AD. You will still need
to configure these clients (via policy) to "talk" to your WSUS server but it
gives you a handy way to
leverage pre-existing OUs to populate WSUS target groups. Check out the
readme and sample from the WSUS product download page here under Windows
Server Update Services API Samples & Tools. The readme lists all the tools
functionality.
http://www.microsoft.com/windowsserversystem/updateservices/downloads/default.mspx

Hope this helps- Bobbie

Bobbie Harder
Program Manager, WSUS
Microsoft


This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Post by David Hennessey (MSFT)
I'm afraid you just left my area of expertise. I would hope the Deployment
Guide has enough information on how to configure AD group policy to
efficiently get clients talking to the server. Otherwise I'm sure others
here are more familiar with AD policies to help :).
One side note though, if your client machines are imaged (not sysprep'd)
then you will run into problems because they will all contact the server
using the same Client ID. This will cause clients to vanish and reappear
in the Admin UI. There are multiple threads in this forum that deals with
this particular issue and how to resolve it.
--
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Post by Ed Flecko
Thank you, David.
O.K. I am applying my WSUS policies via A.D. Group Policy. I have a simple
GP created, and it is linked to an OU within my domain. In the "Security
Filtering" field, I have only a handfull of my PCs "manually" added. So I
wonder...
Do I need to add ALL of my PCs to the Security Filtering field (or will the
"Authenticated Users" group work just fine)? Do you think this is why ALL of
my computers haven't "checked-in" with the WSUS server (because they're not
listed in the Security Filtering field, GP isn't being applied, and
hence...they're not attached)?
Thank you,
Craig
Post by David Hennessey (MSFT)
When the client contacts the WSUS server it registers itself with the
server. That is what I mean by attach, its not really something you do
explicitly, I just mean that every client that talks to the WSUS server will
be a member of the All Computers target group.
--
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Post by Ed Flecko
Hi David,
Thank you for the reply.
I'm confused. What do you mean when you say, "Every computer attached
to
the
WSUS server will be present in the All Computers target group."
I guess that's what I'm trying to figure out; how do I "attach" all of my
computers to my WSUS server! :-)
Thank you,
Ed
Post by David Hennessey (MSFT)
A couple of quick facts :).
- Every computer attached to the WSUS server will be present in the All
Computers target group
- Every computer not assigned to a specific target group (i.e. Not
the
All
Computers TG) will be a member of the Unassigned Computers Target Group.
Unassigned is meant to be there as a place holder so you can figure
out
what
specific target group you want them to be in.
If you don't need to control groups of computers individually then just
ignore the Unassigned TG and make all your approvals to the All Computers
TG.
--
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Post by Ed Flecko
The computers that I currently have in the "Unassigned Computers"
group
seem
to be working O.K. with my new WSUS server. To be honest, I'm not
even
sure
how they got into that group, but since things seem to be working
O.K.,
I'd
like to add the rest of my LAN computers to this group.
Can someone tell me how to do that?
Thank you,
Ed
Ed Flecko
2005-10-19 20:51:07 UTC
Permalink
Wow! Hey thank you Bobbie. I appreciate all the tips I can get. :-) P.S., I
figured out my problem about why not all of the PCs were checking in with my
WSUS server; sure enough...I just needed to add the "Authenticated Users"
group to my GPO and voila...they're "calling home to Mama" as we speak! Thank
you again. :-)

Ed
Post by Bobbie Harder (MSFT)
Hi Ed, Couple pointers here if you'd like to use GP to configure your WSUS
http://www.microsoft.com/downloads/details.aspx?FamilyId=E99C9D13-63E0-41CE-A646-EB36F1D3E987&displaylang=en
You can also use a sample tool we have called ADImporter which will let you
pre-populate WSUS target groups with computers from AD. You will still need
to configure these clients (via policy) to "talk" to your WSUS server but it
gives you a handy way to
leverage pre-existing OUs to populate WSUS target groups. Check out the
readme and sample from the WSUS product download page here under Windows
Server Update Services API Samples & Tools. The readme lists all the tools
functionality.
http://www.microsoft.com/windowsserversystem/updateservices/downloads/default.mspx
Hope this helps- Bobbie
Bobbie Harder
Program Manager, WSUS
Microsoft
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Post by David Hennessey (MSFT)
I'm afraid you just left my area of expertise. I would hope the Deployment
Guide has enough information on how to configure AD group policy to
efficiently get clients talking to the server. Otherwise I'm sure others
here are more familiar with AD policies to help :).
One side note though, if your client machines are imaged (not sysprep'd)
then you will run into problems because they will all contact the server
using the same Client ID. This will cause clients to vanish and reappear
in the Admin UI. There are multiple threads in this forum that deals with
this particular issue and how to resolve it.
--
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Post by Ed Flecko
Thank you, David.
O.K. I am applying my WSUS policies via A.D. Group Policy. I have a simple
GP created, and it is linked to an OU within my domain. In the "Security
Filtering" field, I have only a handfull of my PCs "manually" added. So I
wonder...
Do I need to add ALL of my PCs to the Security Filtering field (or will the
"Authenticated Users" group work just fine)? Do you think this is why ALL of
my computers haven't "checked-in" with the WSUS server (because they're not
listed in the Security Filtering field, GP isn't being applied, and
hence...they're not attached)?
Thank you,
Craig
Post by David Hennessey (MSFT)
When the client contacts the WSUS server it registers itself with the
server. That is what I mean by attach, its not really something you do
explicitly, I just mean that every client that talks to the WSUS server will
be a member of the All Computers target group.
--
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Post by Ed Flecko
Hi David,
Thank you for the reply.
I'm confused. What do you mean when you say, "Every computer attached
to
the
WSUS server will be present in the All Computers target group."
I guess that's what I'm trying to figure out; how do I "attach" all of my
computers to my WSUS server! :-)
Thank you,
Ed
Post by David Hennessey (MSFT)
A couple of quick facts :).
- Every computer attached to the WSUS server will be present in the All
Computers target group
- Every computer not assigned to a specific target group (i.e. Not
the
All
Computers TG) will be a member of the Unassigned Computers Target Group.
Unassigned is meant to be there as a place holder so you can figure
out
what
specific target group you want them to be in.
If you don't need to control groups of computers individually then just
ignore the Unassigned TG and make all your approvals to the All Computers
TG.
--
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Post by Ed Flecko
The computers that I currently have in the "Unassigned Computers"
group
seem
to be working O.K. with my new WSUS server. To be honest, I'm not
even
sure
how they got into that group, but since things seem to be working
O.K.,
I'd
like to add the rest of my LAN computers to this group.
Can someone tell me how to do that?
Thank you,
Ed
Lawrence Garvin [MVP]
2005-10-19 21:37:01 UTC
Permalink
"Ed Flecko" <***@discussions.microsoft.com> wrote in message news:8AFC7FB9-74BA-4089-B75E-***@microsoft.com...

You don't need to add /any/ computers to the security filtering for the GPO
/unless/ you have multiple GPOs linked to the same OU and you want different
systems to respond to different GPOs.

"Authenticated Users" includes all computers that are joined to the domain.

No... I don't think your lack of listing systems in the security filtering
has affected their reporting to WSUS unless you /removed/ Authenticated
Users from the security permissions.
Post by Ed Flecko
Thank you, David.
O.K. I am applying my WSUS policies via A.D. Group Policy. I have a simple
GP created, and it is linked to an OU within my domain. In the "Security
Filtering" field, I have only a handfull of my PCs "manually" added. So I
wonder...
Do I need to add ALL of my PCs to the Security Filtering field (or will the
"Authenticated Users" group work just fine)? Do you think this is why ALL of
my computers haven't "checked-in" with the WSUS server (because they're not
listed in the Security Filtering field, GP isn't being applied, and
hence...they're not attached)?
Thank you,
Craig
Post by David Hennessey (MSFT)
When the client contacts the WSUS server it registers itself with the
server. That is what I mean by attach, its not really something you do
explicitly, I just mean that every client that talks to the WSUS server will
be a member of the All Computers target group.
--
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Post by Ed Flecko
Hi David,
Thank you for the reply.
I'm confused. What do you mean when you say, "Every computer attached
to
the
WSUS server will be present in the All Computers target group."
I guess that's what I'm trying to figure out; how do I "attach" all of my
computers to my WSUS server! :-)
Thank you,
Ed
Post by David Hennessey (MSFT)
A couple of quick facts :).
- Every computer attached to the WSUS server will be present in the All
Computers target group
- Every computer not assigned to a specific target group (i.e. Not the All
Computers TG) will be a member of the Unassigned Computers Target Group.
Unassigned is meant to be there as a place holder so you can figure
out
what
specific target group you want them to be in.
If you don't need to control groups of computers individually then just
ignore the Unassigned TG and make all your approvals to the All Computers
TG.
--
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Post by Ed Flecko
The computers that I currently have in the "Unassigned Computers"
group
seem
to be working O.K. with my new WSUS server. To be honest, I'm not
even
sure
how they got into that group, but since things seem to be working
O.K.,
I'd
like to add the rest of my LAN computers to this group.
Can someone tell me how to do that?
Thank you,
Ed
Continue reading on narkive:
Loading...