SCCM SUP and WSUS automatic approval RRS feed

  • Question

  • Hi guys,

    I would like a help to clarify some doubts I having in a SCCM 2007 implementation.
    I implemented a new SCCM 2007 server, for HW/SW inventory, SW Distribution and Updates Deployment. The DP, MP, SLP and SUP roles were installed with no problem. During the WSUS instalation (prereq for SUP) I've followed the Technet documentation ( ), so I canceled the WSUS configuration Wizard after the instalation.
    The SCCM clients were installed via Push Installation, some computers didn't installed the client but we installed it manually later. I created a update package containing some updates and targeted it to a custom collection. As was there a WSUS previously in the environment, I disabled the WSUS GPO.
    In the following day I noticed that some updates that weren't included in the package were installed on the workstations (like IE8). Searching the cause of the problem I noticed that in the clients register there was a "WSUS" configured, pointing to the SCCM, so I opened the WSUS console and saw a lot of approved updates. In WSUS options the Automatic Approval rules were enabled.
    As a workaround I declined all the approved updates in WSUS and enabled the GPO again. The doubt is, is this behaviour (Automatic Approval rules enable) default? Isn't SCCM suposed to manage WSUS "under the scenes"?

    Thanks for your help.
    • Moved by TorstenMMVP, Moderator Tuesday, June 15, 2010 6:33 AM moved to SUM subforum (From:Configuration Manager Setup/Deployment)
    Monday, June 14, 2010 4:51 PM


  • Hi,

    Yes, you are correct. WSUS will be controlled by ConfigMgr. but automatic approval rules in WSUS will still work. Make sure that ConfigMgr. has succesfully configured the WSUS server (check wcm.log on the site server). Also make sure that haven't configured any automatic approval rules (by default none are enabled).

    On the client make sure that it is configured to use ConfigMgr. by checking the wuahandler.log file. It could be that a GPO is still being applied and updates are still being managed by wsus and not Configmgr.

    Kent Agerlund | | The Danish community for System Center products
    Monday, June 14, 2010 5:33 PM