none
SCCM 2007 & Group Policy Configuration RRS feed

  • Question

  • I recently reconfigured our Security Updates to be managed by SCCM I have SCCM 2007 configured to download & manage my security updates, but noticed according to the logs my updates were being blocked/denied by to a Group Policy, which I disabled and successfully installed several security updates. I still want utilize the group policy so do I place the location of the SCCM Server (i.e. SCCMSERVER\Folder location) in the "Specify intranet MS update Service Locations"?

    Thursday, July 29, 2010 4:49 PM

Answers

  • Hi,

    After setting up SUP, a local policy will be configured on all of your client to set the Active SUP as the "intranet Microsoft update Service Locations". If you have other old wsus group policy, please disable it, otherwise it will override the setting.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, August 2, 2010 8:24 AM

All replies

  • I recently did a two part blog post on this topic:

    http://myitforum.com/cs2/blogs/jsandys/archive/2010/05/09/software-update-management-and-group-policy-for-configmgr-what-else.aspx

    http://myitforum.com/cs2/blogs/jsandys/archive/2010/05/29/software-updates-management-and-group-policy-for-configmgr-cont.aspx

     


    Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys
    Thursday, July 29, 2010 5:54 PM
    Moderator
  • You don't need to specify the Update server in the GPO. If you do so, you need to make sure that it's written exactly as the wsus server setting recieved from the management point. You can see the wsus server names being used by reading the wuahandler.log
    Kent Agerlund | http://scug.dk/members/Agerlund/default.aspx | The Danish community for System Center products
    Thursday, July 29, 2010 6:37 PM
    Moderator
  • You don't need to specify the Update server in the GPO. If you do so, you need to make sure that it's written exactly as the wsus server setting recieved from the management point. You can see the wsus server names being used by reading the wuahandler.log
    Kent Agerlund | http://scug.dk/members/Agerlund/default.aspx | The Danish community for System Center products

    I think even then, it's not recommended to input your WSUS servers in via GPO.  Your SCCM clients will get this information through it's own policy, which is written to the local policy on the system.  You will still see lots of errors in the WUAHandler log if you have anything configured via group policy for WSUS server. 
    Thursday, July 29, 2010 6:41 PM
  • Hi,

    After setting up SUP, a local policy will be configured on all of your client to set the Active SUP as the "intranet Microsoft update Service Locations". If you have other old wsus group policy, please disable it, otherwise it will override the setting.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, August 2, 2010 8:24 AM