I would like to know the best way to set up my WSUS environment so that the WSUS servers themselves are clients and get updated.
Here is the setup:
Main dedicated WSUS server
11 downstream Replica Servers
Separate GPO in place for each site that points the computers to it, etc
5 of the replica servers are basic boxes that are in the site's "Computers" OU and get the WSUS GPO like all the workstations. The problem I have run into is that the other 6 replica servers are also domain controllers (its the only server I have at the remote site). I do not want to apply any GPOs to my Domain Controllers OU for obvious reasons. How would you get those WSUS servers to appear in the console and run updates on themselves without the GPO? Change the local policy individually on each server?
In a perfect world, maybe there is a setting in WSUS that makes the replica server populate itself as an "unassigned computer" in its own WSUS console? I haven't seen that if it exists.
Thanks!