I am trying to set a WSUS grouping for all workstations in my organisation except those that I have placed in a group I call "Guinea Pigs".
So I set up two group policies;
The first to Enable Client Side Targeting and assign to WSUS Group of "Workstations". I link this policy to the folder where all of my workstation objects are and it works great.
The second policy I created does the Enable Client Side Targeting and this one assigns the computer to the WSUS Group "Guinea Pigs". I link this policy to the same folder as the first but this time I filter on an AD group called "WSUS Guinea Pigs". I set the order so that this policy comes after the first policy (has a larger number next to it).
I place a couple of computer objects into the "WSUS Guinea Pigs" group and start testing.
I reboot the workstations, I run GPUpdate, reboot again, run 'wuauclt /detectnow' etc. etc. however the workstations stuborly remain assigned to the "Workstations" group.
I then move the copmuter objects to a new container and apply only the "Guinea Pigs" policy to that container, do a few reboots and wuauclt commands and presto! the computers are in the right groupings. I move them back and they fall back to being assigned to "Workstations".
So my question is; How do I set policy order to ensure the second policy setting will over-ride the first? I don't want my computer objects in a special container just for Guinea Pigs.
BTW: this is all being done with Windows 7 workstations and 2008R2 Domain controllers. For some reason I can't see the computer results when I use GPResult to show the processing - I'm working on why this is the case as well.