Jump to content


Replacing WSUS Server with new 2012 box

Recommended Posts



We are currently running through a WIndows 7 deployment and we want all the new Windows 7 clients to use a new 2012 WSUS server.


Currently all our existing clients are pointing to the old WSUS server, the new WSUS server has been setup and partnered with SCCM. SCCM sees this WSUS server and is happily pulling down updates from MS.


As i move people to Windows 7 i want them to use the new WSUS server so as far as i can remember from the SCCM 2012 Course, there are 3 fundamental requirements for this to work.


1, SCCM Client set to enable software Updates.

2. Software Update-Based Client Installation enabled for the site.

3. A GP is in place pointing to the new WSUS server


None of these settings are currently enabled so they are all updating from the current GP setting of the old WSUS server.

If i wish to approach this is a phased approach and only allow the new Windows 7 boxes to see the new WSUS server I would need to apply a new updated GP to the new Machines, enable the customised SCCM client profile setting to accept software updates and link it to the correct collection.


If i enable Software Update-Based Client Installation enabled for the site, this is going to enable this on all clients and an update will be installed on all clients to enable this funtion. When i do this is this going to mess up our current patching solution which is only through WSUS (NO SCCM)? Am i right in thinking as long as the old GP setting is still there they will continue to get patched via WSUS and not SCCM. With the Windows 7 machines, a new GP would be targeted at them, as well as a customised SCCM Client profile to enable updates so they should then start getting patched via SCCM.


Has anyone gone through a similar problem?


Many tahnsk for your time



Share this post

Link to post
Share on other sites



Based on your scenario, I would state the following.


Even though all your systems may have the SCCM Client installed, does not mean that they will now look to/receive update from SCCM. Enabling the Software Update feature within SCCM does not automatically push updates to those clients; it just enables the feature.


You need to do as you said. Have a separate AD OU to store your Windows 7 systems. Then you need to create a new GPO targetted to this OU to remove the WSUS pointer (from pointing to the old WSUS). You do NOT need to point your WIn7 systems to the SCCM WSUS, as the SCCM Agent itself will take care of all of this. You will then also need to create a SCCM Collection specific for the Win7 systems. Finally, you will have to create Software Update Groups, download the patches, and create deployment packages. You then need to target these deployments to the Win7 Collection.


All of your other non-Windows 7 systems, even if they have the SCCM Agent installed, will NOT look to the SCCM WSUS for patching, since they still have the GPO/Registry entry pointing them to your old WSUS system.


Hope this helps.

  • Like 1

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...