Now the first point to make about WSUS groups is that they are separate and distinct from Windows security groups and from Windows distribution groups. They can be populated using 2 methods by administrators using the WSUS console, which is called server-side targeting, or automatically by preconfigured Group Policy objects, which is called client-side targeting.
The one thing about using group policy as the tool for putting computers into groups is that those machines will have to follow whatever structure you have in place for applying that group policy.
Most often group policy is assigned by organizational unit, so what generally happens is that your organizational unit structure ends up determining what your group structure will be here within WSUS.
But because we don’t have any clients that are currently talking to the server, none of the unapproved updates are actually classified as those that are needed by any of the clients. So the way in which we can see them all is to actually change the status from failed or needed to any.
To give us a look at the entire, in this case 275 available updates that exist.
For a very small environment, this makes things really easy, ’cause there’s no extra work that’s involved.