Rajiv Posted January 6, 2010 Report post Posted January 6, 2010 Before we installed SCCM we were using WSUS for updating all machines here. I had set it up so that many types of updates [like critical updates, security updates, etc] were automatically approved and deployed by WSUS. I miss that now. When SCCM was deployed, I included our WSUS server as the software update point. Deploying updates via SCCM is such a chore. I miss WSUS! Is it possible to keep that functionality of WSUS along with SCCM in an environment? Quote Share this post Link to post Share on other sites More sharing options...
jamitupya Posted January 6, 2010 Report post Posted January 6, 2010 you can continue to use just WSUS in your environment sure, just don't intergrate it and it will continue to work, if you just maintain the wsus server and setup the individual clients to collect wsus updates should all still work. One of our environments: SCCM: OSD, Software Distribution, reporting, Asset Intelligence WSUS for Updates Quote Share this post Link to post Share on other sites More sharing options...
Rajiv Posted January 7, 2010 Report post Posted January 7, 2010 I have been doing some research on this. I heard some people are having two WSUS in their environment....one for just software updates [Automatic approvals ] the other gets integrated with SCCM for pushing out software updates via SCCM. But I am still trying to understand how can we have two WSUS OR SCCM + SSUS in the same environment. How do you set the GPO in AD? Do you point your clients to WSUS server or set that to nothing for SCCM? you can continue to use just WSUS in your environment sure, just don't intergrate it and it will continue to work, if you just maintain the wsus server and setup the individual clients to collect wsus updates should all still work. One of our environments: SCCM: OSD, Software Distribution, reporting, Asset Intelligence WSUS for Updates Quote Share this post Link to post Share on other sites More sharing options...
Peter van der Woude Posted January 7, 2010 Report post Posted January 7, 2010 When using WSUS integrated with SCCM, you shouldn't set any GPO for that all. SCCM will set a local policy for that. Quote Share this post Link to post Share on other sites More sharing options...
Rajiv Posted January 7, 2010 Report post Posted January 7, 2010 I know that. But that is not the question here. When using WSUS integrated with SCCM, you shouldn't set any GPO for that all. SCCM will set a local policy for that. Quote Share this post Link to post Share on other sites More sharing options...
Peter van der Woude Posted January 7, 2010 Report post Posted January 7, 2010 I know that. But that is not the question here. Then what is your question? Because before you said this: How do you set the GPO in AD? Do you point your clients to WSUS server or set that to nothing for SCCM? The answer will still be, that if you want WSUS integrated with SCCM to function properly you should NOT configure a GPO... I think this can help, there is a Technet article about deploying Forefront Updates with a shared WSUS environment here: http://technet.microsoft.com/en-us/library/dd185652.aspx And I have to say that it works, because I use it myself. And NO there is not a seperate GPO needed. Quote Share this post Link to post Share on other sites More sharing options...
Rajiv Posted January 7, 2010 Report post Posted January 7, 2010 The question was in my second post in this thread...and it was directed to the poster "jamitupya" who mentioned he has SCCM AND WSUS working simultaneously in the same environment. Hence, I wanted to know what his particular settings are...........not what the recommended settings are [from microsoft] Then what is your question? Because before you said this: The answer will still be, that if you want WSUS integrated with SCCM to function properly you should NOT configure a GPO... I think this can help, there is a Technet article about deploying Forefront Updates with a shared WSUS environment here: http://technet.microsoft.com/en-us/library/dd185652.aspx And I have to say that it works, because I use it myself. And NO there is not a seperate GPO needed. Thanks for your tip. I will look into that URL. As for getting WSUS integrated with SCCM ...I know how to do that........but I do not want to do it! I just don't like how SCCM totally takes control from WSUS. It should have been configurable. I wish there was a way to automatically approve the gazillion updates M$ releases. It is simply overwhelming for my one man IT shop :-) In short: Since [apparantly] M$ takes away the "WSUS style Automatic approvals" the moment we integrate WSUS with SCCM........ I want to find out how to keep WSUS working as usual and have SCCM in the same environment. I hope I am making myself clearer. Quote Share this post Link to post Share on other sites More sharing options...
Peter van der Woude Posted January 7, 2010 Report post Posted January 7, 2010 In short: Since [apparantly] M$ takes away the "WSUS style Automatic approvals" the moment we integrate WSUS with SCCM........ I want to find out how to keep WSUS working as usual and have SCCM in the same environment. I hope I am making myself clearer. So you want to keep using WSUS for the updates and not use a Software Update Point from SCCM. Well... just not integrate WSUS with SCCM, so don't configure a Software Update Point in SCCM. This way you can just manage your updates through WSUS. Quote Share this post Link to post Share on other sites More sharing options...
Rajiv Posted January 7, 2010 Report post Posted January 7, 2010 ummm...kinda'!! Actually, I'd like to use SCCM's Software Update functionality along with WSUS. Why? Well, for example: The IT manager does not want IE8 deployed onto all desktops. he wants to exclude a few workstations. Due to this, until now, we have not been able to install IE8 automatically using WSUS. With SCCM here, we have now this capability. I wanted to use Software Update Point from SCCM to do this. The problem: This means I will have to integrate WSUS with SCCM. And poof ! there goes my Automatic approvals of critical updates! Is it too much to ask for this: 1. Use WSUS for installing "general updates" via WSUS' Automatic approvals 2. Use SCCM for installing specific updates to specific computers. So you want to keep using WSUS for the updates and not use a Software Update Point from SCCM. Well... just not integrate WSUS with SCCM, so don't configure a Software Update Point in SCCM. This way you can just manage your updates through WSUS. Quote Share this post Link to post Share on other sites More sharing options...
Peter van der Woude Posted January 7, 2010 Report post Posted January 7, 2010 Then you have to create something like with the Forefront Updates (see link I provided before). Just keep in mind that it is not recommended and personally I would never create a automatic Approval for Security Updates. Quote Share this post Link to post Share on other sites More sharing options...
jamitupya Posted January 8, 2010 Report post Posted January 8, 2010 Rajiv, Peter has it covered, however if you just are interested in a FEW workstations not getting the IE8 patch look into the IE80Blocker.bat file from ms http://www.microsoft.com/downloads/details.aspx?FamilyID=21687628-5806-4ba6-9e4e-8e224ec6dd8c use this, linky here apply this blocker and done.... Quote Share this post Link to post Share on other sites More sharing options...