I'm converting us from WSUS to LDMS Patch Management. I've read all about best practices and we've been patching for a few months now but I want to get more aggressive with the move to PM. How have you handled 'turning off' WSUS?
Concerns:
- We can't just shut off the WSUS server, we do still use it for XP patching.
- I don't want users to be able to update there own machines through Windows Updates.
Here's what we've done so far. Two different GPOs
- GPO that sets WSUS location for computers currently points to local WSUS and "Turns off access to all Windows Updates features"
- GPO that 'turns off' WSUS. "Turns off access to all Windows Update features", "Configure Automatic Updates" is disabled, and on the user side "Remove access to use all Windows Update features"
Any cautions or advice?