MagnumVP

I installed CU1 for R2 which includes an updated client of 5.00.7958.1203. However, it still shows that the older R2 client in only installed. Do I have manually install the Client for the server to see it and push it out?

It seems as if the Severity for the patch distributed by MS is set to None only within SCCM. This causes an issues since I'm only searching for "CRitcal", "Moderate" and "Important" However, when you perform Windows Update via online, it's set to "Important". I could change the criteria to include "None" but that would pull down A LOT of data.

But why are they not already downloaded? It's 4 months old and are a "required" install according to my current setup.

I have setup Software Updates to occur following Patch Tuesday and along the lines of what this site has recommended. I noticed that when a workstation gets updates from the SCCM12 machine it shows there is "No New Updates". However, when I check for updates online (against MS Servers) there is a gambit of updates that are not being deployed. I looked at the logs and everything seemed to be deployed to the workstations as expected. However when I did a comparison of what needed to be installed vs what was deployed within SCCM I noticed that ALL of the software that wasn't being pushed out is "Not Deployable". Is there a reason for this? If so, then how can I deploy the update if it's not deployable?

I have a separate rule for Workstation Application updates. See below.

They should be automatically approved and deployed. I have setup (as per these numerous and very well done tutorials) that anything that is Critical or Important for Windows XP, 7 2008 R2 be approved and deployed. However, not everything is and i'm trying to find out why. Below (attached) is the ADR for my Workstations. I have the same for my server of 2008 R2 but the deployment occurs at the end of the month.

I wanted to say thank you for these step-by-steps. I have used them exclusively to deploy SCCM12 throughout my environment, so thank you. However I get a monthly report that runs on the Sunday following Patch Tuesday (See Captures Below). I have the workstations apply these updates between Wednesday and Friday of the same week and then the report runs that Sunday. Why does it tell me that I have Critical and Security Patches that are needed on my workstations but not being deployed?

When I run the report of "Updates required but not deployed" it shows me what isn't being deployed? Is there a way I can figure out why? All Critical Patches are configured to deploy to all systems. Workstations from Wed - Fri on after the 2nd Tuesday and for Servers the Last Saturday of the month.

Now that Microsoft is deploying IE 10 for Windows 7 and Server 2008, how can I block it from being installed through SCCM's WSUS Patch Management?

Now that IE 10 for Windows 7/2008 is being deployed through Windows Update... how do I block it?

Thank you. From the log I found what I was looking for.

How can I verify that the clients are connecting to the DP in that boundary and not crossing the WAN?

Since your link requires a DropBox login, it would be best just to post your screen shots here. When you reply, click the "More Reply Options" located near the bottom right. It should take you to another screen. From there you can attach the image files;

Where can I verify on the client that it connects to the correct Distribution Point when getting Software and Endpoint Definition updates? I opened the LocationServices.log from the client and saw the following; It did find the local DB, but how can I verify that it pulled from there?

Well perhaps that is normal. I double clicked on a workstation that had "Not Yet Reported" and then navigated to page 91 of 91 and it showed that the "Report Data Collected:" was today. When I went to that computer and checked the logs everything looked like it ran successfully. When I opened the WUAHandler.log file for that client is is shows that the GPO setting for the WSUS was conflicting with the Client specified agent. (See Attached Capture2) I removed the GPO setting and rebooted the computer and no more error (See attached Capture1). Now my questions is, how can I verify that "Update Source {48888AAF-45AA-....:8530}" is the local Distribution Point and not the actual SCCM server?

Updates are now managed through SCCM 2012. That screen shot is from the WSUS install on the SCCM 2012 server. I don't approve any updates through the WSUS interface I use your guide to auto approve based on Patch Tuesday. I used to use a WSUS 3.0 SP2 server that is still up and running. I would configure the clients through a GPO that would point to http://WSUSServer and I changed the GPO to http://SCCM2012:8530. I have configured the Software Update through SCCM - See Image. These settings have been deployed to a Collection Group that I call "All Workstations with Client Installed".

For some reason when I move the computers in my domain from our WSUS server to the SCCM 2012:8530, they report to the server but don't report their status. Most of these computer have been connected to the SCCM 2012 server for a few weeks now.

Would a "Best Practice" be to; Date release or revised Last 1 Month This would allow the updates to catch any "out of cycle" patches that MS might push out? Since the update ADR is only running once a month. As alternative you could run this ADR daily and still keep it at Last 1 Day. Do you have to keep the Disabled ADR's or can I just delete them?

What's the point in Disabling the ARD once you created it? Don't you still want it to run every month?

I want to deploy Endpoint Protection onto my Servers (Exchange, SQL, DC, Sharepoint, etc...) and was looking at what it takes to add the exclusions manually into the software. http://technet.micro...y/bb332342.aspx Does SCCM 2012 have any templates that I can implement for a servers type?

Instead of creating an Automatic Deployment for Endpoint Protection for each collection, could you just specify "All Desktop and Server Clients" (See Image)?

Even though this article is for 2007, does it apply to 2012?

"Protect" the DP?

So if I have 50 workstations in a remote site with a DP and I approve 15 updates company wide (with a cumulative size of 100MB) will the updates get pushed to the DP and the workstations pull from there? Or will all 50 workstations independently pull 100MB each (totaling 5GB) across the WAN connection?

Sorry I wasn't more clear. It was my understanding that clients in the remote locations don't look to the DP for it's Software Updates but communicate directly with the Primary to verify update Approval/Denied.