Group policy problem

[anything I don't mind]

We have a group policy set up for wsus settings, it points the windows update to the wsus server and applies the windows update settings and prevents users from changing it. We are currently moving to windows 7 desktops and I am busy creating a new wsus server. So i wanted to disable the current group policy for the new windows 7 computers/user testing account. Currently the gpo was set up with authenticated users as the security filter. Which was applying to the windows 7 user. So i thought that i could change the authenticated users for domain users and put the windows 7 users in a new domain users group. But what we found was that the group policy stopped working completely on some machines in the network and users that logged in the next day had updates that were not from the wsus. It is almost like the group policy just decided to not work, even though the users in question are in the domain users group.

Did i miss a step?
Is this sort of group policy temperamental nature common?
Is it not advisable to use the authenticated users group for group policy?

What is the solution to my problem?

 

[anything I don't mind]

ok thanks will try that.

 

[anything I don't mind]

I Still find GP inconsistent and rubbish.

I have disabled this one GPO that was not in use any longer and did gpupdate /force on all three domains and logged off two of them.

Then i restarted a client and did a gpupdate /force

When i do a gpresult /R it still shows that the disabled GPO is being applied. No matter what I try. Is there something else that I need to do?

I looked in to using WMI but it looked like it would be more hassle than just creating groups.

 

[anything I don't mind]

I could use WMI. The group policy is quite a mess, there is a lot of in old non used gpos that are still active. I just created a group called computers old and put all the old pcs in it. Then I created a group called new computers and put the new ones in it. Then i removed authenticated users from the security filter and put the old computers group in it. Is that the incorrect way to do it? For user configuration do you have to use user groups or can you use computer groups?

I guess i am doing it wrong, because it does not work.

Ok i think i have figured out how to use it, nevermind.