Tuesday, October 09, 2012 9:53 PM
I've been trying to reporduce the process I had in place for WSUS with my SCE installation. With WSUS, I had 3 group policies to handle Servers, Client Testing, and all other Clients (OUs in AD). The policies were configured to Download and Manually install updates for Servers and Client Testing groups and all other Cleints were configured to Download and Automatically install approved updates. When the updates had been tested by Cleint Testing workstations, I would go into WSUS and set the tested updates status to "approved" and the Group Policy for all other Clients would then DL and Install at 3:00 am and the business user wouldn't be afftected.
With SCE, I've been able to create similar Group Policy for Servers and Testing Clients and by creating Server and Testing groups in SCE, then adding SCE rules to apply updates to these sce groups which are linked to the respective Group Policy. All the updates in the SCE database seem to have a status of "approved for installation" as they are added. Since the Servers and Testing Clients wait for a manual install based on the Group Policy, the status of "approved for installation" works.
I have not been able to do that for all other Clients in SCE because of this status for updates. I'd like to apply the updates for all other Clients after a testing period but, I can't seem to find the right configuration to do that.
If I have a Group Policy for all other Clients to automatically install and have a rule in SCE to apply updates to a SCE group of all other clients, the updates are all pushed from SCE as they are added to the database because of the "approved for intallation" status.
We found this out the hard way when we installed SCE for the first time and all our machines were updated with IE9 overnight. Needless to say, the differences from IE8 to IE9 threw a bunch of wrenches into the business users day and spiked the helpdesk calls for awhile.
Has anyone else tried to configure SCE this way with success?
Thursday, October 11, 2012 8:27 AMModerator
Hello,You can create different Active Directory Group Policy objects(GPO) and link the GPOs to the organization units (OU)) containing the computers to which you want to apply the customized Windows Update Agent settings.
I would suggest you the following article:
You want different update deployment settings for servers and clients?
TechNet Community Support
- Marked As Answer by Yog LiMicrosoft Contingent Staff, Moderator Wednesday, October 17, 2012 8:40 AM
- Unmarked As Answer by s3s Wednesday, October 17, 2012 1:58 PM
- Marked As Answer by Yog LiMicrosoft Contingent Staff, Moderator Thursday, November 08, 2012 10:57 AM
- Unmarked As Answer by s3s Thursday, November 08, 2012 3:20 PM
Wednesday, October 24, 2012 10:09 AMModerator
Thursday, November 08, 2012 3:23 PMThanks for the response but I should have been more clear in my posting that I used this exact article to setup my environment. I would love to disucss with someone who has done this same setup and has it working.