locked
Want to manage and control client software updates centrally... RRS feed

  • Question

  • I want to manage and control my environment of Servers & Workstations and thus only allow configured and deployed software updates to my clients, and stop them from automatically updating using my SCCM2012 WSUS.

    By setting my client settings for "Software Updates - Enable Software Updates on Clients" to NO.. will this disable the Windows Update on the SCCM clients allowing me to manage and deploy them centrally?

    thanks Guys

    Monday, October 14, 2013 9:30 AM

Answers

  • You need to limit what those systems can do using group policy then by disabling the Windows Update Agent (http://blog.configmgrftw.com/?p=89) and preventing access to the Windows Update site.

    Jason | http://blog.configmgrftw.com

    • Marked as answer by wizz1969 Tuesday, October 15, 2013 2:52 PM
    Monday, October 14, 2013 2:39 PM

All replies

  • You should set that to "yes" if you want to manage updates using ConfigMgr.

    Torsten Meringer | http://www.mssccmfaq.de

    Monday, October 14, 2013 9:41 AM
  • OK, thank-you Torsten.

    the reason i did this is that my clients are set to YES, but seem to have little control over the content delivered. i though i was managing it via Automatic deployments, but a client today decided it wanted to reboot intraday outside of the maintenance schedule.

    i need to manage the rollouts, especially the What to where and to when i decide. Does setting the enable updates to YES also allow the clients to pick up the updates whenever?

    Monday, October 14, 2013 1:58 PM
  • You need to limit what those systems can do using group policy then by disabling the Windows Update Agent (http://blog.configmgrftw.com/?p=89) and preventing access to the Windows Update site.

    Jason | http://blog.configmgrftw.com

    • Marked as answer by wizz1969 Tuesday, October 15, 2013 2:52 PM
    Monday, October 14, 2013 2:39 PM
  • OK, so i disable Windows Update Agent via GPO, then manage the software updates via Deployment... OK. thx Jason
    Tuesday, October 15, 2013 12:09 PM
  • Correct. Also, as stated, based on what you said you don't want to happen in your environment, you probably want to completely block access to Windows Update also: there are group policies for this as well.

    Jason | http://blog.configmgrftw.com

    Tuesday, October 15, 2013 2:00 PM