Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
SCUP 2011 - possible to publish an update to only one WSUS computer group?

Beantwortet SCUP 2011 - possible to publish an update to only one WSUS computer group?

  • Thursday, February 14, 2013 1:58 PM
     
     
    Sign In to Vote
    0

    Hello,

    I´d like to use SCUP 2011 to deploy Adobe Flash Player Updates to our clients. We are using WSUS 3.0 to Publish windows Updates (not SCCM).

    In WSUS we have several computer groups in which the computers get sorted in by GPO.

    When i now try to publish an Update, there´s no opportunity to say "publish the Update to group "computers"" (for example)

    Is there a way to do so or is an SCUP Update always published to every computer which gets it´s updates from this wsus Server?

    I also have another Question - how do i "unpublish" an update? Is there only the way to mark the Update as expired?

    Thanks!!

     

All Replies

  • Monday, February 18, 2013 1:59 PM
    Moderator
     
     Answered
    Sign In to Vote
    0

    I´d like to use SCUP 2011 to deploy Adobe Flash Player Updates to our clients. We are using WSUS 3.0 to Publish windows Updates (not SCCM).

    The use of SCUP in a WSUS-only environment is not a licensed use of SCUP. Even if it were, you still will have no way to manage those updates because locally published updates will not be displayed in the WSUS console.

    When i now try to publish an Update, there´s no opportunity to say "publish the Update to group "computers""

    Updates are not published to a group, they are published to the server. Then they are approved like any other updates, notwithstanding the noted inability to see locallly published updates in the WSUS console.

    I also have another Question - how do i "unpublish" an update?

    Typically you would Decline the update. You can also Expire the update via the API (or republish the update as an expired update), and being expired it can then be deleted by the Server Cleanup Wizard. Also, you can Delete the update via the API.

    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Distribution (2005-2013)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

     
  • Tuesday, February 19, 2013 1:35 PM
     
     
    Sign In to Vote
    0

    Thank you very much for your reply!

    We also have a SCCM Server but don´t deploy windows updates with it because it´s much easier to use wsus for that. So it´s no licensing problem by using SCUP,isnt it?

    I just have one more questions about the signing certificate. We are also using a PKI (microsoft CA) so I´ll have to make a codesigning certificate that i can use with SCUP for signing the updates. But in every guide for implementing SCUP i´ve read that i have to enroll this certificate (without private key) to all clients that should install the updates? Why do i have to do this? When the update is signed with a certificate from my root CA everything should be in a trust, right?

    Thanks again!

     
  • Wednesday, February 20, 2013 2:20 PM
     
     Answered
    Sign In to Vote
    0

    SCUP is ultimately part of SCE/SCCM so you will likely get better responses in the forums for those products.

    There are multiple certificate stores on each client and for locally published packages the cert must be not only in the Root CA store but also the Trusted Publishers store.