I deployed our Patch Manager this week and have been trying to get to know it. One of the things I found when playing with the 'Windows Update Local Policy Settings' within PM was it is possible to select computers to deploy the GPO to using rules (although the attempts have failed so far - but that's another issue). Is there a way for PM to automatically push the GPO out to computers based on group membership? I don't want to use AD because at this point, not all machines will be managed using the PM server and there's no good way that I know of to apply GPOs to specific computers in AD due to the organizational structure I have set up .
What I would like is to have a 'master' group 'Patch Manager Members' that pushes a GPO with the bulk of the settings (WU settings, SUS server location, etc), then have other policies that handle client side targeting. So all machines that I want managed with PM will be members of 'Patch Manager Members' and get the main settings, then Terminal Servers, for example, will also be members of a 'Terminal Servers' group and get a GPO that has the client side targeting pointed at the 'Terminal Servers' group in SUS.
Is there any way to set this up so that when a computer is added to the appropriate groups, they automatically get the GPOs and set set up within PM?
Im curious to see any input as I dont think many if any people use this function. Sorry im not contributing to this