Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2), all client computers run Windows XP Service Pack 3 (SP3), and you have installed Microsoft Windows Server Update Services (WSUS) 3.0 on a member server named Server1. You create a new Group Policy object (GPO1) that enables Automatic Updates and link it to the domain. You need to ensure that each client computer obtains software updates from Server1 instead of from Microsoft Update on the Internet. What should you configure?

Introduction / Context:
Windows Server Update Services (WSUS) allows administrators to centrally approve and deploy Microsoft updates within an organization. When WSUS is deployed, client computers must be configured to obtain updates from the WSUS server instead of from the public Microsoft Update servers. Group Policy is the preferred method for configuring this behavior in an Active Directory domain.

Given Data / Assumptions:

• There is a single Active Directory domain with Windows Server 2003 SP2 servers and Windows XP SP3 clients.
• WSUS 3.0 is installed and configured on a member server named Server1.
• A Group Policy object (GPO1) has already been created to enable automatic updating.
• GPO1 is linked to the domain so that all domain joined clients receive its settings.
• The missing piece is making sure clients know to point to Server1 for updates.

Concept / Approach:
WSUS clients are configured through specific Windows Update policy settings. The key setting is "Specify intranet Microsoft update service location," which defines the URLs of the WSUS server that clients should contact for detection and reporting. Simply enabling Automatic Updates is not enough; without specifying the intranet update service location, clients will continue to use the public Windows Update or Microsoft Update servers.

Step-by-Step Solution:
1. Recognize that GPO1 currently enables Automatic Updates but does not yet tell clients where to obtain updates. 2. Open the Group Policy Management Editor for GPO1 and navigate to the Windows Update settings under Computer Configuration. 3. Find and enable the "Specify intranet Microsoft update service location" policy setting. 4. Enter the correct URL for the WSUS server on Server1, typically something like http://server1 or http://server1:8530 for both the update detection and statistics server fields. 5. After applying the policy, clients that process GPO1 will contact Server1 instead of Microsoft Update when checking for updates.

Verification / Alternative check:
Once the policy is in effect, you can inspect a client's registry under HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate to confirm that the WUServer and WUStatusServer values point to Server1. You can also run wuauclt /detectnow on a client and verify in the WSUS console that the client reports to Server1. This confirms that configuring the intranet update service location was the critical step.

Why Other Options Are Wrong:
Option a (Gpupdate /force) merely forces clients to refresh Group Policy more quickly; it does not configure them to use WSUS. Option b (wuauclt /detectnow) forces an immediate detection, but if the client is still configured to use Microsoft Update, the detection will not be directed at Server1. Option c (Enable client side targeting) is useful for automatically placing clients into WSUS computer groups but does not itself redirect where updates are obtained; you must first specify the WSUS server location.

Common Pitfalls:
A frequent mistake is enabling Automatic Updates via Group Policy without specifying the intranet update service, leading administrators to wonder why clients still contact Microsoft Update. Another pitfall is misconfiguring the WSUS URL, such as omitting the correct port, which prevents clients from reaching the server even though the setting is enabled.

Final Answer:
You should configure the "Specify intranet Microsoft update service location" setting in GPO1 so that client computers use Server1 as their update source.