Slightly odd and very annoying problem.
Breif background.
For all sorts of policy reasons, we have a WSUS setup that allows us to "TRIAL" updates before going live, so we approve updates for a set of specially picked machines that give us a good cross section and check for issues, although we have only ever once found an issue with a patch. Once this is done and we are happy we approve for our entire estate.
For this reason we cannot allow any machines to go direct to Windows Update, and therefore we have things in place to allow access to our WSUS server for Laptops that are off WAN.
The problem?
Some retard office manager half the planet away has decided that a few people who have left the company in that office can take their laptops with them when they left. We did not discover this until way too late and there is nothing we can do to stop it. While the local Office manager did ensure data and licensable software was removed before they left, that's all he did.
I now have a bunch of rogue XP and Vista machines out there on the internet reporting in to my WSUS servers that are not my concern any more. I need a method, using nothing but WSUS itself, to get them off and stop them reporting in.
Help, anyone know of a way I can perhaps write a tiny custom patch I can approve just for these machines that will just reset the WU client back to defaults? I obviously cant rename or change DNS entries for my WSUS setup as it will be a reasonably big job.
Thanks All