Hi, We have two trusted active directory forests, throug a firewall. Computers on the first forest don't have access to internet, in the second one we have an internet connection through a proxy. Can we manage patches with SCCM 2007 with this configuration? And can you indicate me please how to do that? Thank you for your help.

Multiple forests: http://technet.microsoft.com/en-us/library/bb694003.aspx Software updates: yes, because the clients do not have to access the internet: http://technet.microsoft.com/en-us/library/bb680701.aspx

If clients don't have internet connection. How they will get patches in this case? From where?

The clients don't need an internet connection. They receive the updates from ConfigMgr like a regular package. The ConfigMgr server will sync online with Microsoft Updates. Based on which updates you approve these will be downloaded and added in a update package. You deploy the update package to your clients.\ Also take a look at the Software Update superflow: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=a8d785f6-3bf7-4d98-8b4e-2c7c77dd0c04 Follow me through my blog and Twitter!

Make sure the Central site has an Internet Connection. It's the only server that needs an Internet connection in the entire hierarchy. All metadata and updates will be downloaded from this host and automatically replicated to other servers and clients in the infrastructure. If you don't have a Internet connection at all; then you can use wsusutil.exe to import the metadata from another server (with Internet connection).Kent Agerlund | http://scug.dk/members/Agerlund/default.aspx | The Danish community for System Center products

An internet connection isn't necessary anywhere, it is more practical to have one on the site server as Kent mentioned. Clients in another forest largely behave as workgroup clients with the exception that you can push the client out provided you specify a client push installation account with the necessary permissions in the other forest. http://technet.microsoft.com/en-us/library/bb680962.aspx http://blogs.technet.com/aaronczechowski/archive/2008/11/11/configmgr-software-updates-on-an-isolated-network.aspx Jeff Gilbert also has a few posts on the topic: http://myitforum.com/cs2/blogs/jgilbert/archive/2008/10/19/synchronizing-non-internet-connected-software-update-points.aspx http://myitforum.com/cs2/blogs/jgilbert/archive/2008/10/28/getting-required-updates-on-non-internet-connected-sups-part-1.aspx http://myitforum.com/cs2/blogs/jgilbert/archive/2008/10/29/getting-required-updates-on-non-internet-connected-sups-part-2.aspx "Everyone is an expert at something" Kim Oppalfens Configmgr expert for lack of any other expertise. http://www.scug.be/blogs/sccm