Advertisement

What are the Changes Required in SCCM ConfigMgr SUP Group Policy

I’ve blogged about Software Update enhancements in Configuration Manager Service Pack 1. You can have multiple software update points (SUPs) per Primary Site in Configmgr 2012 SP1. This change allows for placing SUPs cross-forest, and providing fault tolerance without requiring NLB. More Details here.

image

In this post, I would like to cover the Group Policy changes you need to plan along with SUP enhancements of SP1. If you have already assigned a WSUS server on the clients via group policy then you won’t be able to take advantage of the new SUP Failover design in SCCM 2012 SP1. You need to rethink how you specify a WSUS server on clients using group policy.

How to take advantage of SUP failover without using NLB ?

What is the difference between GPO and GPP ?

Scenario :

When you use WSUS based method for installation of client agent then it’s necessary to use Group Policy to set a WSUS server on the clients. The Group Policy is great for assigning a WSUS server to get the client deployed. However if you think from SUP failover perspective without using NLB, it’s not so great. It impacts a client’s ability to switch SUPs for failover. Now, this is one of the disadvantages of WSUS (SUP) based client installation method.

How to get rid of this issue : Solution for this :

Use GPP, Group Policy Preferences (GPP) provides a great way to conditionally set a WSUS server for your initial client installation. The advantage of GPP is that it still allows ConfigMgr local policy to set the SUP on failover conditions. If you set a traditional GPOs for setting the WSUS server on the clients then the client will loose the ability to switch SUPs when needed for failover. Implementing the conditional logic with the help of GPP for setting the WSUS server is a great option for both delivering the ConfigMgr client through WSUS, and taking the advantage of SUP failover after the ConfigMgr client is installed.

Here come the question : What is the difference between GPO and GPP ?

I’m not going to explain “what is the exact difference. However, you can get more details about this topic HERE

More Details via TechNet documentation here and here.

About Author 

Anoop is Microsoft MVP and Veeam Vanguard ! He is a Solution Architect on enterprise client management with more than 13 years of experience (calculation done on the year 2014) in IT. He is Blogger, Speaker and Local User Group Community leader. His main focus is on Device Management technologies like SCCM 2012,Current Branch, Intune. He writes about the technologies like SCCM, SCOM, Windows 10, Azure AD, Microsoft Intune, RMS, Hyper-V etc...

    Find more about me on:
  • googleplus
  • twitter
  • facebook
  • linkedin
  • youtube
Posted in: ConfigMgr (SCCM)

5 Comments

  1. Sudarsan says:

    I still have a confusion, Do we need to create GPO for SCCM clients to point to SUP? this will be taken care by MP, is it not?, then what is the need for creating GPO for pointing to SUP? Please help me to understand better.

  2. Sudarsan says:

    But often I see many blogs talks about configuring the following GPO during the software update point setup (HKLM/Software/Policies/Microsoft/windows/Windows Update), Do you really think that this is necessary to enforce through GPO, by enforcing through GPO wont it create conflict?

Leave a Comment and Contact Anoop