Sign in
 
Home2012Previous VersionsLibraryForumsGallery
System Center TechCenter >
SCE 2010 - Windows Updates - need help to understand how to approve updates for workstations

Unanswered SCE 2010 - Windows Updates - need help to understand how to approve updates for workstations

  • Tuesday, October 09, 2012 9:53 PM
     
     
    Sign In to Vote
    0

    I've been trying to reporduce the process I had in place for WSUS with my SCE installation. With WSUS, I had 3 group policies to handle Servers, Client Testing, and all other Clients (OUs in AD). The policies were configured to Download and Manually install updates for Servers and Client Testing groups and all other Cleints were configured to Download and Automatically install approved updates. When the updates had been tested by Cleint Testing workstations, I would go into WSUS and set the tested updates status to "approved" and the Group Policy for all other Clients would then DL and Install at 3:00 am and the business user wouldn't be afftected.

    With SCE, I've been able to create similar Group Policy for Servers and Testing Clients and by creating Server and Testing groups in SCE, then adding SCE rules to apply updates to these sce groups which are linked to the respective Group Policy.  All the updates in the SCE database seem to have a status of "approved for installation" as they are added. Since the Servers and Testing Clients wait for a manual install based on the Group Policy, the status of "approved for installation" works.

    I have not been able to do that for all other Clients in SCE because of this status for updates. I'd like to apply the updates for all other Clients after a testing period but, I can't seem to find the right configuration to do that.

    If I have a Group Policy for all other Clients to automatically install and have a rule in SCE to apply updates to a SCE group of all other clients, the updates are all pushed from SCE as they are added to the database because of the "approved for intallation" status.

    We found this out the hard way when we installed SCE for the first time and all our machines were updated with IE9 overnight. Needless to say, the differences from IE8 to IE9 threw a bunch of wrenches into the business users day and spiked the helpdesk calls for awhile.

    Has anyone else tried to configure SCE this way with success?

     

All Replies

  • Thursday, October 11, 2012 8:27 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hello,

    I would suggest you the following article:

    You want different update deployment settings for servers and clients?
    http://blogs.technet.com/b/systemcenteressentials/archive/2010/02/17/you-want-different-update-deployment-settings-for-servers-and-clients.aspx

    You can create different Active Directory Group Policy objects(GPO) and link the GPOs to the organization units (OU)) containing the computers to which you want to apply the customized Windows Update Agent settings.

    Thanks,

    Yog Li

    TechNet Community Support

     
  • Wednesday, October 24, 2012 10:09 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hello s3s,

    Is there any new information? Did the article help or not?

    We’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems.

    Thanks,

    Yog Li

    TechNet Community Support

     
  • Thursday, November 08, 2012 3:23 PM
     
     
    Sign In to Vote
    0
    Thanks for the response but I should have been more clear in my posting that I used this exact article to setup my environment. I would love to disucss with someone who has done this same setup and has it working.