Go to Settings icon>Features/call control.
Author: Bob Lin
How to apply group policy to computers
After installing WSUS on a server, creating computer group in WSUS, creating a group policy to use WSUS, you also need to add computers to the group policy so that the policy to apply to those computers. Here is how.
- Login DC.
- Open Group Policy Management.
- Navigate to the computer group policy, in our case it is EHC for WSUS.
- Click Add under Security Filtering.
5. Make sure check Computers in Object Types.
How to add a computer to Group Policy so that the policy can apply to the computer
- After installing WSUS on a server, creating computer group in WSUS, creating a group policy to use WSUS, you also need to add computers to the group policy so that the policy to apply to those computers. Here is how.
- Login DC. Then open Group Policy Management.
- Navigate to the computer group policy, in our case it is EHC for WSUS.
- Click Add under Security Filtering.
5. Make sure check Computers in Object Types.
7. After adding the computer into a group under group policy Management, you also need to create a OU to match the computer group name, for example EHC.
8. Now move the computers you want to be in EHC group from Computer.
9. Run gpupdate /force on the server and worksttaions. That should add those computers into WSUS. Or we can wait for 30 to 90 minutes.
How to configure Group Policy to download and install updates from WSUS
Configure client systems to download updates from WSUS – SolarWinds Worldwide, LLC. Help and Support
- Login DC.
- Open Group Policy Management.
- In the left pane, expand Computer Configuration > Administrative Templates > Windows Components, and then select Windows Update.
- In the right pane, select Configure Automatic Updates, and then enable the policy: 1) Click the Action menu, and then select Edit. 2) Select Enabled. 3) In the Options section, under Configure automatic updating, select the appropriate download and notification option. 4) If you selected option 4 – Auto download and schedule the install, select the appropriate options under Scheduled install day and next to Scheduled install time. 5) Click OK.
- In the Group Policy Editor window, select Specify intranet Microsoft update service location.
- Enable the policy. 1) Click the Action menu, and then select Edit. 2) Select Enabled. 3) In the Options section, under Set the intranet update service for detecting updates, enter the URL for the WSUS server.
For example, enterhttp://wsusServer[:port]
, wherewsusServer
is the name of the WSUS server andport
is the port number, if the WSUS server uses a port other than port 80.
4) Under Set the intranet statistics server, enter the same URL.
5) Click OK.
How to create computer groups in WSUS
Create computer groups for WSUS
- Run the WSUS console.
- Go to Computer > All Computers, you will see one default computer group called Unassigned Computers. This group is where all computer objects will end up unless you specify otherwise.
4. You will have two options to specify which computer group a particular machine will be part of known as server side targeting or client side targeting.
- Server Side Targeting: The WSUS console is used to create the computer groups as well as assign the computers that should be a member of the group. This may be a good option if you only have a small number of machines to manage that are not domain joined using WSUS as it’s all done manually.
- Client Side Targeting: This is the option you’ll likely want to use in a larger environment. Group policy is used in an Active Directory based environment to automatically place specific machines into defined computer groups. The group policy option can be found under Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update > Enable client-side targeting. Simply set it to enabled, and enter the group name that you created in the WSUS console. Once the policy has been applied when the client computer goes to perform an update, WSUS will automatically place it into the correct computer group.
in our case, we select Use Group Policy or registry settings on computers.
5. Click Apply to complete the configuration.
How to Disable WSUS on Server
- Log into the server.
- Go to Services.msc.
- Right click on “Update Services”
- Select “Stop”.
- After stopping it select “Disable”
- Click OK.
How to remove a computer from WSUS
If for some reasons, you want to remove a computer from the WSUS, you may have these options.
Remove WSUS Settings via PowerShell
1.Click Start and open PowerShell as Administrator (Right Click > Run as Administrator).
2.Stop the Windows Update Service by entering the command Stop-Service -Name wuauserv.
3.Remove the Windows Update registry key by entering the command Remove-Item HKLM: \Software\Policies\Microsoft\Windows\WindowsUpdate -Recurse.
4.Finally, Start the Windows Update Service again by entering the command Start-Service -name wuauserv.
Remove WSUS Settings Manually
1.Click Start and type regedit into the start search box, then Right Click and Run as Administrator.
2.Navigate to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\
3.Right Click and Delete the registry key WindowsUpdate, then close the registry editor.
4.Open the Services Console by entering services.msc in the start search box.5.Locate and Restart the Windows Update Service
Manage User’s Azure Security Verification
Situation: Normally, a user can manage his/her Azure Security Verification by login Office portal. However, in a case, the user change or losses his/her phone and can’t login Office, IT manage may help the user to change the Azure Security Verification contact info.
Here is how.
- Login Azure portal with admin account.
2. Go to Azure Active Directory>Users>All Users.
3. Find the user you want to manage, and click Edit. You will have these options: Identify, Contact info, Authentication contact info.
4. If Contact info is grayed out, you may change this info from your local AD.
5. If the Authentication contact info is grayed out, click Access Panel Profile.
6. in the Profile, click Additional security verification.
Can we setup office phone with extension for security verification
Q: The we are running domain controller in they office and we use Office 365 for email. Can we setup office phone with extension for security verification?
A: Yes, in this case, you can enter the office phone number and extension format like this +1 8001234567×244.
In Office 365 Verification, you should have option to call the office phone extension.
How to manage SharePoint files or folders
- Login Office 365.
- Click on SharePoint.
- On the left side, click the site.
- Click Documents in the left side.
- Right click on files or folder. you should have these options: Share, Copy link, Download, Delete, Rename, Pin to top, More.