This is fine if you only have few computers but once you star managing many hundreds or thousands of computers this quickly becomes impractical.One of the options you can set using Group Policy is called “Specify intranet Microsoft update service location” which allows you to specify the WSUS Server name.Here I will tell you to go visit my Best Practice: Active Directory Structure Guidelines – Part 1 post where I talk about the number of ways you can build your OS structure.Now we will use the example “Two Level Hybrid (Resource / Location)” (see image below) from the AD Structure Guideline for out WSUS target groups.
An added side benefit doing this is you also get an accurate picture as to home real computer’s are actually on your network.
Back in the day of WSUS v2 you could allocate computers to target groups however these target groups could not be nested and it meant that every target group had to be unique.
Even though WSUS v3 now has the ability to have nested target groups it still has the same restriction that all target groups must be made unique.
The Workstation prefix is required as you might also want to patch Servers in the same site and therefore due to the unique target group requirement you will need to have a “Workstations Sydney” and “Servers Sydney” group.
Now also take a look at the “Keep the GPO’s name consistent with the OU names” section in my Best Practice: Group Policy Design Guidelines – Part 2 post you can see how the WSUS Target Groups are also very consistent (but not the same) as the OU’s that the computer are located.
The target group on the client is controlled using the “Enable client-side target” group policy setting (more on this later).