When creating the System Update policy for enabling SUS, how do you set the ability to use the Microsoft Windows Update server in the event that new updates become available and the workstation in question is not attached to the domain (i.e. traveling laptop)?
Traveling laptops must connect sometime. And, when they do, they'll get updates. There is no easy "magical way" for them to get SUS updates. So, my philosophy is to use SUS for when you've got desktops, but let your laptop users use the standard automatic Microsoft update service. That way, they'll get a constant stream of updates -- even if they're not connected to your network. My view might be unpopular, though, because in theory, all patches you roll out should be tested. However, when you cut laptop users free, you're essentially saying, "Well, I hope that new patch they download doesn't crash Windows." To that end, you might be better served with a third-party patch management system that accounts for laptops.
Dig Deeper on Enterprise infrastructure management
Expert Jeremy Moskowitz shows a reader how to use loopback policy processing to restrict rights for a group of users on a specific OU of computers.
Expert Jeremy Moskowitz explains how to use Group Policy for a Windows 2000 Server to apply proxy settings automatically on all the workstations in a...
Expert Jeremy Moskowitz shows a reader one of the best ways to set permissions for a new user in Group Policy.