none
Updates managed by SCCM 2012 R2

    Question

  • Hi,

    If I manage and distribute my updates via SCCM 2012 R2, is it a best practice to disable Windows Automatic Updates on clients? In the following article I found that in case of SCCM 2007 it caused some problems regarding to the reboots.

    http://support.microsoft.com/en-us/kb/2476479

    Thank you,

    Dvijne

    Monday, March 30, 2015 2:22 PM

Answers

All replies

  • yes,it is always best practice to disable the automatic updates via GPO .SCCM will configure the local GPO to point clients (WUA) to connect to WSUS Server for patching.Read the rest via http://blog.configmgrftw.com/software-updates-management-and-group-policy-for-configmgr-cont/


    Eswar Koneti | Configmgr blog: www.eskonr.com | Linkedin: Eswar Koneti | Twitter: Eskonr

    • Proposed as answer by Jason SandysMVP Monday, March 30, 2015 2:54 PM
    • Marked as answer by Dvijne Monday, March 30, 2015 7:24 PM
    Monday, March 30, 2015 2:36 PM
  • I generally take a different approach here by removing the Windows Update GPO's and just let SCCM handle it.  If you configure policy settings, the machine will potentially flip the settings back and forth as GPO's refresh, then SCCM Client policy refreshes.

    The Exception would be if you plan on doing Software Updates Client installation, in which you would want to set the Windows Updates GPO settings to point to your SCCM WSUS server.

    Monday, March 30, 2015 2:57 PM
  • Unfortunately, ConfigMgr only configures a couple of things including enabling the use of intranet location for updates and the location of that intranet source. It does not disable automatic updates leaving the door open for the WUA to do things on its own outside the control of ConfigMgr including installing any updates approved directly in WSUS (including new versions of the agent itself which are automatically approved) and rebooting systems which have a pending reboot. Neither of these is desirable in a ConfigMgr managed environment and thus the recommendation for disabling automatic updates. As for the rest of the Windows Update GPO settings, they are meaningless in the context of ConfigMgr so it doesn't really matter what you set those to if you disable automatic updates.

    Jason | http://blog.configmgrftw.com | @jasonsandys

    Monday, March 30, 2015 3:21 PM
  • Hmm, I definitely get what you are saying but cant say I have ever seen the WU Agent reboot a computer once ConfigMgr has been set to manage updates?  That's between numerous different infrastructures of SCCM.

    Jason have you actually witnessed this behavior?

    Monday, March 30, 2015 6:37 PM
  • I've seen that happening ...

    Torsten Meringer | http://www.mssccmfaq.de

    Monday, March 30, 2015 6:58 PM
    Moderator
  • Yep. There are many, many forum threads with "unexplained" reboots at 3AM that are the result of this behavior also. The 3AM is the telltale sign since this is the default time set for the WUA to perform its activity.

    I demonstrated this in my session at MMS 2013.

    If you allow ConfigMgr to reboot your systems right away when deploying updates, you'll probably never see this behavior. For those glutens for punishment who either don't force the reboot or allow lots of time for the reboot countdown, this is something that does happen.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Monday, March 30, 2015 7:04 PM
  • Thank you all for the replies.
    Monday, March 30, 2015 7:24 PM
  • Good tip Jason, I guess I have always just forced reboots after the deadline.  Thanks for the feedback!
    Tuesday, March 31, 2015 5:04 PM