Question: My 2008 R2 core has cm12 on it, my problem is after we deploy predetermined patches it wont look for anything we may have missed from MS update. It just keeps looking at cm12 for more and it never picks up stragglers so we end up manually installing patches that are missed on our core boxes. Now the GUI boxes can bypass cm12 and go out to Microsoft and pick up anything that is missed through MS update, why cant my core box do the same thing. I have tried scripts to see if I can get around it but it just seems like everything I do it just keeps pointing back at that cm12 server for updates.  

I just need to know is their anything i can do or is this just how core operates and manually installing the missing patches after patch Tuesday is just how it is.

• Edited by talldude13 15 hours 44 minutes ago

This might be better in the windows section. 

When you use SCCM to deploy windows update it right the information of the SUP server into the regkey (the same use normally to specified windows update).

From what i understand of windows core if you want to get the windows update from the net since no GUI you need to configure the auto update function. So you would need to configure the option to be 1 or 4 (1 disable) (4 auto update)

But running the auto update i have a feeling you will still go back to the SCCM (if he look at the regkey)

So to enable and run the delta

Net stop wsuaserv
cscript scregedit.wst /AU 4
net start wsuaserv

wuauclt /detectnow

To disable automatic updates, run the following commands:
Net stop wsuaserv
cscript scregedit.wsf /AU 1
net start wsuaserv

The best thing you could and probably should is make sure your software update group containsall the patch you want for your server.

• Edited by Frederick Dicaire 15 hours 14 minutes ago

Thanks ill give that a try. Also this is the first time posting a thread so i was not quite sure where to post it but thanks for the heads up.

So that option does not seem like it would be good to do every Second Tuesday on the month before patching. Just seems like to much could go wrong if someone changed the wrong regkey. Also that did not work. It just seems like removal of cm12 from the machine is the only way to get all the patches during that day without hand loading them after cm12 is done.

Why not set up an Automated Deployment Rule in SCCM that targets these servers? Then you can manage the whole process through SCCM and not worry about Windows Update online at all? It's also more efficient because you're only downloading them from Microsoft once, and performance should be better on each machine to complete the process faster.

Well You could make a a new client settings that doesnt support windows update and assign it to your server core. That way they will always be able to get ou to windows update to get the update.

But frankly i don't understand why you don't just fix the windows update in SCCM to make sure that SCCM provide ALL THE PATCH you want. This would be the best thing to do in that scenario and also the more efficient in the long term.

I never thought about going into SCCM and maybe creating a separate group of just the core servers and hand picking the Patches and deploying them that way instead. I will give that a try and get back.