locked
FCS and SCCM RRS feed

  • Question

  • Hi Team,

    I wanted to know how FCS ..WSUS and SCCM work together?
    Any document is there for reference?
    1. Do we need to download definitions files  locally on WSUS for FCS .
    2. Since both SCCM and FCS works using winodws update client...how should i define that FCS definition should come through WSUS and other windows updates should come through SCCM?
    3. I don't think we can have 2 WSUS Servers since both SCCM and FCS requires 'internal update service' to have the WSUS\SUP address. I cannot have 2 values for my internal server




    Any suggestions will be highly appreciated.



    Regards,
    Rohit
    Thursday, February 18, 2010 8:22 AM

Answers

  • Hi,

    See these links :

    Deploying FCS definition updates with a shared System Center Configuration Manager WSUS infrastructure : http://technet.microsoft.com/en-us/library/dd185652.aspx

    About Forefront Client Security Integration with Configuration Manager 2007 R2 : http://technet.microsoft.com/en-us/library/cc161958.aspx

    You cannot use SCCM (Software Update Point) and other second WSUS Server for same machines because SCCM Client use local GPO to update machines and with WSUS you must configure domain GPO on same machine. so, Domain GPO will crush local GPO ...

    It's recommanded tu use SCCM to Deploy FCS definiftions for best monitoring, report, management, ...


    Thank's.

    Bechir Gharbi. MCP, MCSA, MCSE M+S, MCITP Server/Enterprise Administrator, MCT, MCTS Configuration Manager/Forefront
    • Marked as answer by Rohit Goel Thursday, February 18, 2010 3:32 PM
    Thursday, February 18, 2010 8:51 AM
  • Hi,

    Yes, you don't need to create GPO for WSUS. When using ConfigMgr SUP and when installing ConfigMgr client on computer, it will create Local GPO for Windows Update.

    Thank's and good luck.
    Bechir Gharbi. MCP, MCSA, MCSE M+S, MCITP Server/Enterprise Administrator, MCT, MCTS Configuration Manager/Forefront
    • Marked as answer by Rohit Goel Friday, February 19, 2010 7:28 AM
    Friday, February 19, 2010 7:24 AM

All replies

  • Hi,

    See these links :

    Deploying FCS definition updates with a shared System Center Configuration Manager WSUS infrastructure : http://technet.microsoft.com/en-us/library/dd185652.aspx

    About Forefront Client Security Integration with Configuration Manager 2007 R2 : http://technet.microsoft.com/en-us/library/cc161958.aspx

    You cannot use SCCM (Software Update Point) and other second WSUS Server for same machines because SCCM Client use local GPO to update machines and with WSUS you must configure domain GPO on same machine. so, Domain GPO will crush local GPO ...

    It's recommanded tu use SCCM to Deploy FCS definiftions for best monitoring, report, management, ...


    Thank's.

    Bechir Gharbi. MCP, MCSA, MCSE M+S, MCITP Server/Enterprise Administrator, MCT, MCTS Configuration Manager/Forefront
    • Marked as answer by Rohit Goel Thursday, February 18, 2010 3:32 PM
    Thursday, February 18, 2010 8:51 AM
  • Hi,

    So what is understand is i need to avoid domain group policy (for Windows update clients setting the automatic updates & WSUS internal update sever address) since these settings will be controlled by SCCM client and avoid installing FCS distribution server role on WSUS since wsus is also controlled by SCCM SUP\SCCM.



    Regards,
    Rohit
    Friday, February 19, 2010 7:08 AM
  • Hi,

    Yes, you don't need to create GPO for WSUS. When using ConfigMgr SUP and when installing ConfigMgr client on computer, it will create Local GPO for Windows Update.

    Thank's and good luck.
    Bechir Gharbi. MCP, MCSA, MCSE M+S, MCITP Server/Enterprise Administrator, MCT, MCTS Configuration Manager/Forefront
    • Marked as answer by Rohit Goel Friday, February 19, 2010 7:28 AM
    Friday, February 19, 2010 7:24 AM