dustin033

Relatively new to security scopes in SCCM. I've seen a few posts with a similar question as me, but no detailed answers. We have multiple remote IT sites with local techs that manage their computers, and then a corporate IT group that manages everything else in SCCM. Here's what I'd like to do: Group A - AdminsManage everything in SCCM Group B - Remote IT Site (multiple)Only see that site's computers Add that site's computers to corporate software distribution collections (shared with all sites) Group C - Corporate Service DeskSee all computers Add all computers to corporate software distribution collections Group D - Remote IT Site (more rights than Group B )Only see that site's computers Add that site's computers to corporate software distribution collections Create their own collections Create new apps/packages Deploy corporate apps to their own collections (not modify) Can someone help me understand how to accomplish this?

The collection that is targeted by the ADR does not include the machines that I'm testing with. Why is it still affecting these machines? Thanks for the info - I'm aware of the ccmcache maintenance process. Here's a little more background....we have some servers with relatively low disk space. This isn't a problem until the ccmcache has a bunch of SCEP updates in it every few days. I could set the cache size very low, but then I run the risk of not being able to install anything somewhat large. That's why I'm just trying to get it to work with WSUS and not place updates here.

My tests show that using Microsoft Update as a source does not place the updates in the ccmcache folder, but WSUS does. How do I verify where the updates are actually coming from?

We already have a SUP and WSUS set up, and I believe we used WSUS in 2007. Just trying to stick with what worked for us. We may end up just using Microsoft Update for definition updates.

We haven't been on SCCM 2012 very long, so I can't say if the cache is purged. We would rather not use a UNC path. My test consisted of removing ConfigMgr as a source from the Antimalware policy, but we do still have an ADR running and deployment set for definition updates to all endpoint managed systems. Sounds like you're saying I need to make sure the test machine isn't targeted by this in order for this test to be valid.

Is there a way to prevent SCEP updates (AM_delta_patch_xxxxx) from being downloaded into the C:\Windows\ccmcache folder? I thought this would only be the case when using Configuration Manager to distribute SCEP updates, but it seems to be happening with only WSUS and Windows Update selected.

Can I do this with Status Filter Rules?

We have a primary site and multiple child sites, and I'm wondering how I can see more up-to-date advertisement statuses for the secondary sites. We have the addresses limited to medium priority traffic during the day, so I thought I could change the Advertisement Status Summarizer to high priority. That doesn't seem to have done it. Is there something else that needs to be changed?