Jump to content


  • 0
Rajiv

WSUS style Automatic approvals possible?

Asked by Rajiv

Question

Rajiv Newbie

Rajiv

Posted
Posted

Before we installed SCCM we were using WSUS for updating all machines here.

I had set it up so that many types of updates [like critical updates, security updates, etc] were automatically approved and deployed by WSUS. I miss that now.

 

When SCCM was deployed, I included our WSUS server as the software update point.

Deploying updates via SCCM is such a chore. I miss WSUS!

 

Is it possible to keep that functionality of WSUS along with SCCM in an environment?

Share this post

Link to post
Share on other sites

10 answers to this question

Recommended Posts

  • 0
jamitupya Newbie

jamitupya

Posted
Posted

you can continue to use just WSUS in your environment sure, just don't intergrate it and it will continue to work, if you just maintain the wsus server and setup the individual clients to collect wsus updates should all still work.

 

 

One of our environments:

SCCM: OSD, Software Distribution, reporting, Asset Intelligence

WSUS for Updates

Share this post

Link to post
Share on other sites
  • 0
Rajiv Newbie

Rajiv

Posted
Posted

I have been doing some research on this.

 

I heard some people are having two WSUS in their environment....one for just software updates [Automatic approvals ] the other gets integrated with SCCM for pushing out software updates via SCCM.

 

But I am still trying to understand how can we have two WSUS OR SCCM + SSUS in the same environment.

 

How do you set the GPO in AD?

 

Do you point your clients to WSUS server or set that to nothing for SCCM?

 

you can continue to use just WSUS in your environment sure, just don't intergrate it and it will continue to work, if you just maintain the wsus server and setup the individual clients to collect wsus updates should all still work.

 

 

One of our environments:

SCCM: OSD, Software Distribution, reporting, Asset Intelligence

WSUS for Updates

Share this post

Link to post
Share on other sites
  • 0
Peter van der Woude Newbie

Peter van der Woude

Posted
Posted

I know that.

But that is not the question here.

 

Then what is your question? Because before you said this:

 

How do you set the GPO in AD?

Do you point your clients to WSUS server or set that to nothing for SCCM?

 

The answer will still be, that if you want WSUS integrated with SCCM to function properly you should NOT configure a GPO...

 

I think this can help, there is a Technet article about deploying Forefront Updates with a shared WSUS environment here: http://technet.microsoft.com/en-us/library/dd185652.aspx

And I have to say that it works, because I use it myself. And NO there is not a seperate GPO needed.

Share this post

Link to post
Share on other sites
  • 0
Rajiv Newbie

Rajiv

Posted
Posted

The question was in my second post in this thread...and it was directed to the poster "jamitupya" who mentioned he has SCCM AND WSUS working simultaneously in the same environment. Hence, I wanted to know what his particular settings are...........not what the recommended settings are [from microsoft]

 

Then what is your question? Because before you said this:

 

 

 

The answer will still be, that if you want WSUS integrated with SCCM to function properly you should NOT configure a GPO...

 

I think this can help, there is a Technet article about deploying Forefront Updates with a shared WSUS environment here: http://technet.microsoft.com/en-us/library/dd185652.aspx

And I have to say that it works, because I use it myself. And NO there is not a seperate GPO needed.

 

Thanks for your tip. I will look into that URL.

 

 

As for getting WSUS integrated with SCCM ...I know how to do that........but I do not want to do it!

I just don't like how SCCM totally takes control from WSUS. It should have been configurable. I wish there was a way to automatically approve the gazillion updates M$ releases. It is simply overwhelming for my one man IT shop :-)

 

In short:

 

Since [apparantly] M$ takes away the "WSUS style Automatic approvals" the moment we integrate WSUS with SCCM........

I want to find out how to keep WSUS working as usual and have SCCM in the same environment.

 

I hope I am making myself clearer.

Share this post

Link to post
Share on other sites
  • 0
Peter van der Woude Newbie

Peter van der Woude

Posted
Posted

In short:

 

Since [apparantly] M$ takes away the "WSUS style Automatic approvals" the moment we integrate WSUS with SCCM........

I want to find out how to keep WSUS working as usual and have SCCM in the same environment.

 

I hope I am making myself clearer.

 

So you want to keep using WSUS for the updates and not use a Software Update Point from SCCM. Well... just not integrate WSUS with SCCM, so don't configure a Software Update Point in SCCM. This way you can just manage your updates through WSUS.

Share this post

Link to post
Share on other sites
  • 0
Rajiv Newbie

Rajiv

Posted
Posted

ummm...kinda'!! B)

 

Actually, I'd like to use SCCM's Software Update functionality along with WSUS.

 

Why?

 

Well, for example:

The IT manager does not want IE8 deployed onto all desktops. he wants to exclude a few workstations. Due to this, until now, we have not been able to install IE8 automatically using WSUS.

 

With SCCM here, we have now this capability. I wanted to use Software Update Point from SCCM to do this.

 

The problem:

This means I will have to integrate WSUS with SCCM. And poof ! there goes my Automatic approvals of critical updates!

 

Is it too much to ask for this:

1. Use WSUS for installing "general updates" via WSUS' Automatic approvals

2. Use SCCM for installing specific updates to specific computers.

 

So you want to keep using WSUS for the updates and not use a Software Update Point from SCCM. Well... just not integrate WSUS with SCCM, so don't configure a Software Update Point in SCCM. This way you can just manage your updates through WSUS.

Share this post

Link to post
Share on other sites
  • 0
jamitupya Newbie

jamitupya

Posted
Posted

Rajiv,

Peter has it covered, however if you just are interested in a FEW workstations not getting the IE8 patch look into the IE80Blocker.bat file from ms http://www.microsoft.com/downloads/details.aspx?FamilyID=21687628-5806-4ba6-9e4e-8e224ec6dd8c

 

 

use this, linky here apply this blocker and done....

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Go to question listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.