SCCM ConfigMgr Software Updates Deployment Group Policy. In this post, I will cover the Group Policy changes you need to plan and the SUP enhancements of SP1.
In ConfigMgr 2012 SP1, multiple software update points (SUPs) are available per Primary Site. This change allows for placing SUPs cross-forest and providing fault tolerance without requiring NLB.
If you have already assigned a WSUS server to the clients via group policy, then you won’t be able to take advantage of the new SUP Failover design in SCCM 2012 SP1.
Table of Contents
SCCM ConfigMgr Software Updates Deployment Group Policy
SCCM ConfigMgr Software Updates Deployment Group Policy?
You must rethink specifying a WSUS server on clients using group policy. SCCM ConfigMgr Software Updates Deployment Group Policy.
How can you take advantage of SUP failover without using NLB?
When you use a WSUS-based method to install client agents, you must use Group Policy to set up a WSUS server. Group Policy is great for assigning a WSUS server to deploy the client. However, it’s not so great if you think from the SUP failover perspective without using NLB. It impacts a client’s ability to switch SUPs for failover. This is one of the disadvantages of the WSUS (SUP) based client installation method.
How to get rid of this issue: Solution for this :
Use GPP. Group Policy Preferences (GPP) provides a great way to conditionally set a WSUS server for your initial client installation. The advantage of GPP is that it still allows ConfigMgr local policy to set the SUP on failover conditions. If you set traditional GPOs for setting the WSUS server on the clients, then the clients will lose the ability to switch SUPs when needed for failover.
Implementing the conditional logic with the help of GPP to set the WSUS server is a great option for both delivering the ConfigMgr client through WSUS and taking advantage of SUP failover after the ConfigMgr client is installed.
Resources
What’s New In SCCM Windows 10 Servicing Dashboard | ConfigMgr HTMD Blog (anoopcnair.com)
We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.
Author
Anoop C Nair has been Microsoft MVP from 2015 onwards for 10 consecutive years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is also a Blogger, Speaker, and leader of the Local User Group Community. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc..
I still have a confusion, Do we need to create GPO for SCCM clients to point to SUP? this will be taken care by MP, is it not?, then what is the need for creating GPO for pointing to SUP? Please help me to understand better.
You don’t need to create any GPO for SUP setup. The client will automatically setup local GPO on client machines.
But often I see many blogs talks about configuring the following GPO during the software update point setup (HKLM/Software/Policies/Microsoft/windows/Windows Update), Do you really think that this is necessary to enforce through GPO, by enforcing through GPO wont it create conflict?
Please take a look at this http://blog.configmgrftw.com/software-updates-management-and-group-policy-for-configmgr-cont/ to get more details about SCCM + SUP + GPO !!
regards
Anoop
But often I see many blogs talks about configuring the following GPO during the software update point setup (HKLM/Software/Policies/Microsoft/windows/Windows Update), Do you really think that this is necessary to enforce through GPO, by enforcing through GPO wont it create conflict?