SCCM Softwar Updates versus WSUS (Network Steve Forum)

SCCM Softwar Updates versus WSUS

Hello together,

I have a question concerning the SCCM settings for Software Updates. We did it before with WSUS and Group Policy. Then we wanted to change to SCCM and set the Domain WSUS GPO to "Not Configured". The result was that the clients went to default settings and picked up every software update offered from the MS website, including Drivers and other updates. To avoid that we set the GPO "Configure Automatic Updates" to "Disable". Is the choice "Disable" okay or will that prevent SCCM to install its components and offer updates from the Automatic Deployment Rule?

Thanks in advance for the answers.

Best Regards,

Udo

Edited by aladin4711 Wednesday, May 13, 2015 8:42 AM

May 13th, 2015 8:39am

Yes it's good practice to disable automatic updates, it will not affect updates via ConfigMgr.

Proposed as answer by Gerry Hampson Wednesday, May 13, 2015 9:10 AM

Free Windows Admin Tool Kit Click here and download it now

May 13th, 2015 9:00am

Hey together,

have anyone further ideas how to fix that problem. Still struggeling with.

May 18th, 2015 3:57am

I have this exact same issue :(

Free Windows Admin Tool Kit Click here and download it now

May 18th, 2015 6:17am

Hi Udo,

You can configure the GPO Setting you mentioned to Point to the SCCM Server...This will overwrite the previous Settings and the Clients should start pulling the updates.

Hope this helps. Regards,

May 18th, 2015 7:05am

Hey Stoyan,

I seems that your proposal fixed my problem. I added the following GPO again:

Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update -> Specify intranet Microsoft update service location -> http://fqdn_server:8530

Afterwards I used the right click tools to initiate a "Software Update Scan Cycle"

My WUAHandler.log then showed the following:

Its a WSUS Update Source type ({45D8B7C7-2E84-40AE-8775-BBBF1A1B9466}), adding it.
Enabling WUA Managed server policy to use server: http://fqdn_server:8530
Waiting for 2 mins for Group Policy to notify of WUA policy change...
Timed out waiting for Group Policy notification.
Waiting for 30 secs for policy to take effect on WU Agent.
Added Update Source ({45D8B7C7-2E84-40AE-8775-BBBF1A1B9466}) of content type: 2
Scan results will include superseded updates only when they are superseded by service packs and definition updates.
Search Criteria is (DeploymentAction=* AND Type='Software') OR (DeploymentAction=* AND Type='Driver')
Async searching of updates using WUAgent started.
Async searching completed.
Successfully completed scan.

And all clients were updated and showed in the report as compliant.

Thanks a lot Stoyan.

Best Regards,

Udo

Free Windows Admin Tool Kit Click here and download it now

May 18th, 2015 7:17am

This topic is archived. No further replies will be accepted.