Did some research regarding whether or not it's best practice to disable the Automatic Updates via GPO. I'm not coming up with a clear concensus. 1. According to the SCCM 2007 book published by SAMs it explicitly says "Do not diasble the automatic updates vis GPO this will interfer with config manager software updates" 2. Per previous forum, , Automatic Updates must be enabled to allow the client to check for new updates and install the Configuration Manager client. You can find information about the Software Update Point client installation method at http://technet.microsoft.com/en-us/library/bb633194.aspx. http://social.technet.microsoft.com/forums/en-US/configmgrsum/thread/709c420a-d49b-49d4-9165-860edcf49f28/ 3. However, KB2476479 System Center Configuration Manager 2007 clients running Windows 7 or Windows Server 2008 reboot even though deployment management settings are configured to suppress reboots. To resolve this issue disable the Automatic Updates policy on the Configuration Manager client computers. To do this, apply a Group Policy to disable Automatic Updates. So basically this means If I push out patches and supress the reboot, windows AU will still reboot it at 3am this sucks. Also if I don't disable AU, I get the yellow baloon showing up which is just cosmetic but still. From my understanding if you disable automatic updates, the windows update client will not update itself (I don't really care) nor will you get FEP definitions (not using FEP) nor can you push the sccm client automatically to new systems (I care about this) James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Hmm I'm not too sure about step 3. By default all systems will reboot at 3am, I made this mistake when I transitioned from wsus to sccm and machines that didnt get the sccm client rebooted at 3am. I was supposed to disable as per best practice during the transition so you don't run into this scenario. Right now, I have Automatic updates set to not configured. However all my systems still show the yellow baloon with the 3am reboot time. From my understanding from the KB, if I release another patch via SCCM and supress the reboot for a week, AU will still reboot it at 3am. SCCM Update - user waits to reboot but system auto restarts at 3am? http://social.technet.microsoft.com/Forums/ar/configmgrsum/thread/b854c5a7-b044-41b3-b4a0-fbf6b24aad6c System Center Configuration Manager 2007 clients running Windows 7 or Windows Server 2008 reboot even though deployment management settings are configured to suppress reboots http://support.microsoft.com/default.aspx?scid=kb;EN-US;2476479James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

That was a great article, I'm a newbie to SCCM and wasn't getting a clear concensus on whether to disable vs. enable the automatic updates. You have some MS people saying enable or disable as well as MVPs saying to disable or enable. At the end I guess it's up to each's own but I like how you covered the ramifications of both in detail.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com