SCCM ConfigMgr Software Updates Deployment Group Policy

SCCM ConfigMgr Software Updates Deployment Group Policy. I’ve blogged about Software Update enhancements in Configuration Manager Service Pack 1.

You can have multiple software update points (SUPs) per Primary Site in Configmgr 2012 SP1. This change allows for placing SUPs cross-forest and providing fault tolerance without requiring NLB.

SCCM ConfigMgr Software Updates Deployment Group Policy

SCCM ConfigMgr Software Updates Deployment Group Policy?

SCCM ConfigMgr Software Updates Deployment Group Policy
SCCM ConfigMgr Software Updates Deployment Group Policy

In this post, I would like to cover the Group Policy changes you need to plan along with SUP enhancements of SP1.

Patch My PC

If you have already assigned a WSUS server to the clients via group policy then you won’t be able to take advantage of the new SUP Failover design in SCCM 2012 SP1.

You need to rethink how you specify a WSUS server on clients using group policy. SCCM ConfigMgr Software Updates Deployment Group Policy.

How to take advantage of SUP failover without using NLB ?

What is the difference between GPO and GPP ?

Scenario :

When you use WSUS based method for the installation of client agents then it’s necessary to use Group Policy to set a WSUS server on the clients. The Group Policy is great for assigning a WSUS server to get the client deployed. However, if you think from the SUP failover perspective without using NLB, it’s not so great. It impacts a client’s ability to switch SUPs for failover. Now, this is one of the disadvantages of the WSUS (SUP) based client installation method.

Adaptiva

How to get rid of this issue : Solution for this :

Use GPP, Group Policy Preferences (GPP) provides a great way to conditionally set a WSUS server for your initial client installation. The advantage of GPP is that it still allows ConfigMgr local policy to set the SUP on failover conditions. If you set traditional GPOs for setting the WSUS server on the clients then the client will lose the ability to switch SUPs when needed for failover.

Implementing the conditional logic with the help of GPP for setting the WSUS server is a great option for both delivering the ConfigMgr client through WSUS, and taking the advantage of SUP failover after the ConfigMgr client is installed.

Here come the question : What is the difference between GPO and GPP ?

I’m not going to explain “what is the exact difference. However, you can get more details about this topic HERE

Resources

What’s New In SCCM Windows 10 Servicing Dashboard | ConfigMgr HTMD Blog (anoopcnair.com)

Author

Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…

5 thoughts on “SCCM ConfigMgr Software Updates Deployment Group Policy”

  1. I still have a confusion, Do we need to create GPO for SCCM clients to point to SUP? this will be taken care by MP, is it not?, then what is the need for creating GPO for pointing to SUP? Please help me to understand better.

    Reply
  2. But often I see many blogs talks about configuring the following GPO during the software update point setup (HKLM/Software/Policies/Microsoft/windows/Windows Update), Do you really think that this is necessary to enforce through GPO, by enforcing through GPO wont it create conflict?

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.