locked
Software updates via SCCM 2012 SP1 - questions about the client experience RRS feed

  • Question

  • Just now getting this running on a pilot group of machines.  I have some questions about this that I'm hoping someone can help me with:

    • On the client, Windows Updates claims that it is not set up for Automatic operation -  it seems to allow the end user to change their WU settings, which I don't want them to do.  However, I am not allowed to use Group Policy to make it so they can't change those settings, because SCCM doesn't like it and errors out when trying to apply updates.  What happens if the end user changes those settings?  Does the system change them back or just ignore them?  Is there some way within SCCM to specify the settings that I had previously set with Group Policy?
    • Apparently, Software Update Groups have a limit of 1000 updates?  I currently have it set to gather updates from 6 months ago to the present, and to add them to an existing Software Update Group.  Is this what most people do, or do you set it to create a new SUG every time it runs?  What happens when it goes over the 1000 update limit?  I used to be able to have all the available updates from the beginning of time (almost) when I was using just plain old WSUS.  Now this seems like it's more limited so if there's a client on the network that needs updates from a long time ago - more than 6 months - then it won't get them.  Also - the reporting isn't going to tell me the fact that this computer is way out of date on updates.   (I chose 6 months because if I go a lot more than that, it goes over the 1000 update limit)

    Thanks.


    KW

    Friday, May 10, 2013 2:43 PM

Answers

  • So, is the setting called "Configure Automatic Updates" the one I want to set to Disabled?  I tried this, and the client still allows me to make changes to the Windows Update settings - it does say that Automatic Updates are turned off...


    KW

    That should be the correct setting.


    John Marcum | http://myitforum.com/myitforumwp/author/johnmarcum/

    Friday, May 10, 2013 5:35 PM
  • Note that there is one downside to this; with this setting disabled, the WUA won't be able to auto-update itself and there is no other way to update the WUA on the clients so make sure that the WUA is updated on all of your clients before flipping the switch on this setting.

    Jason | http://blog.configmgrftw.com

    Sunday, May 12, 2013 3:43 PM

All replies

  • You should apply a GPO to disable automatic updates, otherwise you will get unexpected automatic reboots.

    I have packages created by product which keeps me under the limit of 1000 updates


    John Marcum | http://myitforum.com/myitforumwp/author/johnmarcum/

    Friday, May 10, 2013 3:06 PM
  • Having any sort of group policy applying to clients that are managed with SCCM 2012 SP1 software updates results in errors when trying to apply said updates - failure due to Group Policy conflict.  It looks like SCCM is using a local policy to set the WSUS server to my new server that I set up for that purpose.  If I turn off or disable automatic updates, won't it prevent that from working?


    KW

    Friday, May 10, 2013 3:38 PM
  • As I understand it, using the GPO turns off the 'automatic updating' features of Windows, but the local policy set by ConfigMgr sets where the update agent will check for updates.


    EDIT: To anyone who actually knows, please correct me if I'm wrong, I don't know the specifics off the top of my head. However, I can verify that using a GPO to disable automatic updates does not interfere with my clients getting properly updated.
    Friday, May 10, 2013 3:42 PM
  • that is correct, I can verify that as I have that setting in most of my sites.

    Kent Agerlund | My blogs: blog.coretech.dk/kea and SCUG.dk/ | Twitter: @Agerlund | Linkedin: Kent Agerlund | Mastering ConfigMgr 2012 The Fundamentals

    Friday, May 10, 2013 4:28 PM
  • So, is the setting called "Configure Automatic Updates" the one I want to set to Disabled?  I tried this, and the client still allows me to make changes to the Windows Update settings - it does say that Automatic Updates are turned off...


    KW

    Friday, May 10, 2013 4:44 PM
  • So, is the setting called "Configure Automatic Updates" the one I want to set to Disabled?  I tried this, and the client still allows me to make changes to the Windows Update settings - it does say that Automatic Updates are turned off...


    KW

    That should be the correct setting.


    John Marcum | http://myitforum.com/myitforumwp/author/johnmarcum/

    Friday, May 10, 2013 5:35 PM
  • Note that there is one downside to this; with this setting disabled, the WUA won't be able to auto-update itself and there is no other way to update the WUA on the clients so make sure that the WUA is updated on all of your clients before flipping the switch on this setting.

    Jason | http://blog.configmgrftw.com

    Sunday, May 12, 2013 3:43 PM