Jump to content


  • 0
anyweb

Configuring Software Update Point within SCCM

Question

This guide assumes you have SCCM 2007 setup as described here. This guide was based upon a document entitled Patch Management directions for SCCM by Christopher Stauffer which you can find here.

 

Please note that this guide is designed to help you get a working SUP in SCCM in a LAB Environment as quickly as possible. This guide is provided as is, if you find any errors please report them in the forums.

 

In a production environment please consult Technet for best practise, see below links:

 

Superflow:

 

Software Update Deployment SuperFlow

 

 

About Software Update Point:

 

About Software Update Point

 

Planning:

 

Planning for Software Updates Client Settings

 

Configuration:

 

Configuring Software Updates

How to Configure the Software Updates Client Agent

How to Create and Configure an Active Internet-Based Software Update Point

 

Best Practices:

 

Configuring Configuration Manager Sites for Best Performance

Checklist for Security Best Practices

Best Practices for Central and Primary Site Hardware and Software Configuration

Best Practices for Operating System Deployment

 

Software Update Point process Flowcharts:

 

Software Updates Synchronization Process Flowchart

Software Update Deployment Process Flowchart

Deployment Package Process Flowchart

 

Related:

 

How to obtain the latest version of the Windows Update Agent

 

 

1. Install WSUS

 

Install WSUS but do not configure it. Once done, make sure the Software Update Point Role is installed on the SCCM Server.

 

sup_role.jpg

 

Once you've added the Software Update Point role, verify that it is installed by checking the SUPSetup.log, it should have a line which reads Installation was successful

 

2. Create some Search Folders

 

In the Software Updates section, right click on Search Folders and choose New Folder,

 

enterprise_searches.jpg

 

give the new folder a name like Enterprise Searches (we willl store our yearly searches here)

 

ent_searches.jpg

 

Right click on our new folder and choose New Search Folder,

 

new_search_folder.jpg

 

select the following options from step 1 (in the screenshot),

 

BulletinID, Expired and Superseded

 

choices.jpg

 

in step 2, Set the BulleinID to MS plus the last two digits of the year eg: MS08

Set Expired to No

Set Superseded to No

 

Make sure that Search All folders under this feature is selected and give the search a name, eg: 2008 patches

 

search_folder_criteria.jpg

 

Now that you know how to make a Search Folder, let's make one for Monthly searches, so right click on Enterprise Patches and choose New Search Folder

 

Fill it in as follows

 

monthly_search.jpg

 

and now make one for Windows Server 2008, we do this by adding Product as a search criteria and typing in the search phrase to look for, naturally you can customise it to suit your needs.

 

server_2008_patches.jpg

Share this post


Link to post
Share on other sites

Recommended Posts

  • 0

Hello,

i was wondering, if i neet to configuring a GPO for WSUS clients ?

I mean the GPO for connect to the WSUS :

 

to point the client computers to the WSUS server (in Administrative template)

 

1. In the Windows Update details pane, double-click Specify intranet Microsoft update service location.

2. Click Enabled, and type the HTTP URL of the same WSUS server in the Set the intranet update service for detecting updates box and in the Set the intranet statistics server box. For example, type http://servername in both boxes, and then click OK.

 

Or maybe the Configuration manager clients will do it without GPO ? but if my clients have internet access and automatic update enable, i don't want that they download automatically updatefrom windows update...

 

do i need to specify WSUS server in a gpo ?

 

Regards ,

Share this post


Link to post
Share on other sites

  • 0

Assuming settings are part of configuring SUP, I'll post this question here.

 

I have been reading these guides with great interest, and so far they are working great.

 

My Question is that if you configure the gpo settings for WSUS to point to your SCCM server for installation of the client (Software Update Point Client Installation), and have configurered nothing else on the WSUS settings how does that interfere with the SCCM software updates? ie: would I still see the green updates icon etc etc.

 

Thanks in advance.

 

Gary

Share this post


Link to post
Share on other sites

  • 0

In theory that would work, however, there's no point really.

 

If you let the SCCM agent manage this setting you wouldn't have to use a GPO, which in turn would save the computer on boot up time since it wouldn't have to process an extra (unnecessary) GPO at boot.

Share this post


Link to post
Share on other sites

  • 0

Forgive my ignorance KuifJe, but the reason for using a Software Update Point Client Installation is so that I can deploy the client to the machine via WSUS?

 

So if it wasnt there, then my workstations would not even get the client to configure anything.

 

Sorry, missed the bit for Client Installation. However, I would still refrain from using a GPO to configure the WSUS/SUP location.

 

Instead, define the proper discovery methods (AD System Discovery) and make sure you're discovering all systems you want to manage with SCCM and then configure the Client Push Installation method (http://technet.microsoft.com/en-us/library/bb632380.aspx).

 

This prevents any conflicts between local policies set by teh SCCM agent and the GPO that wsa used to direct the systems in the first place. Also, with the client push installation you can control additional settings for the SCCM agent (SMSSITECODE, SMSCACHESIZE, CCMINSTALLDIR etc.). More info: http://technet.microsoft.com/en-us/library/bb680980.aspx

Share this post


Link to post
Share on other sites

  • 0

This is about updates but a different question.

If I have a GPO that disables automatic updates for the domain or OU SCCM will not be able to run its updates, but at the same time, I do not want clients to be able to go into windows update on their own and run it. Is there a way to disable the ability for them to be able to run windows update like as if the GPO were turned on and autoupdates were disabled?

I want it greyed out like the GPO without actually disabling the service.

Share this post


Link to post
Share on other sites

  • 0

You can use a GPO to configure the 'Specify intranet Microsoft update service location' to point to the SCCM update point. This would prevent users from changing the setting.

 

This would however override the SCCM client setting, so when changing the SCCM update point you will need to manually adjust the GPO to point to the new update point.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.