Jump to content


  • 0
anyweb

Updates are not being installed automatically

Question

This guide assumes you've installed a SUP within SCCM and configured it for software updates to your clients.

You may notice that the familiar windows update icon still appears even though SCCM is handling windows updates to your client.

win_update_icon.jpg

to resolve open up Group Policy Management and right click on the Default Domain Policy, choose Edit.

expand Computer Configuration\Policies\Administrative Templates\Windows Components and then select Windows Update from the list *scroll down*

windows_components.jpg

find the setting configure automatic updates

configure_automatic_updates.jpg

right click it, choose properties and then set it to Disabled

disabled.jpg

The Windows Update Icon will disappear however you will still receive updates from Configuration Manager as normal.

to speed up clients getting this GPO open a command prompt and do gpudpate /force

cheers
anyweb

Share this post


Link to post
Share on other sites

Recommended Posts

  • 0

I was wondering about this...

 

This would mean you'd also have to disable an in place WSUS policy?

 

So you don't need to configure a policy to check for updates on the WSUS, rather you shut down the updates all together and rely on the SCCM agent for regular checks?

Share this post


Link to post
Share on other sites

  • 0

Ok, this issue just affected me kind of majorly - a server whose updates were under SCCM's control applied updates and rebooted at 3am. Ouch. Am I right in thinking if this GPO is applied, SCCM's update behaviour is totally unaffected, but the annoying windows update icon with scary restart settings will cease to appear and have any effect?

 

Cheers,

MRaybone.

Share this post


Link to post
Share on other sites

  • 0

i dont get it, did you use a deployment template that allowed the system to reboot ? that is why you should have at least two deployment templates

 

one for servers (no reboot) and one for workstations (reboot ok)

 

the little group policy tip merely gets rid of the windows update ICON from appearing, it doesn't stop windows updates from being deployed via configmgr,

 

can you explain what happened in your situation please ?

Share this post


Link to post
Share on other sites

  • 0
can you explain what happened in your situation please ?

I received a report that a server had rebooted itself at 3am after installing updates - this happened during backup so the owners weren't too pleased...

Ater disabling Windows Update GP so that the SCCM client could take control of the Windows Update settings, the Windows Update icon started to appear in the Systray, prompting users to select a time (3:00am by default) for Automatic updates to occur. My guess is that on this particular server, someone actually just clicked OK on this prompt so the machine grabbed updates from the net and rebooted at 3am.

 

My question was that if we apply only the GP setting that you mentioned in your post, would updating via SCCM be unaffected? Simply because the other GP settings in use before prevented SCCM from taking control.

 

Things are looking ok after applying the GPO now anyway, so I think it should all be alright. :)

 

 

P.S. Sorry for the delayed replies but I think my email notifications are being blocked by our mail system somewhere.

Share this post


Link to post
Share on other sites

  • 0

Hello all,

 

I am having some trouble deploying patches in my test group. I have been poring over all of the SCCM guides and they are all excellent expecially for a visual learner like myself. The thing that makes my situation a little tricky is that we have both Microsoft System Center Essentials 2010 agents as well as SCCM 2007 R2 SP2 agents installed on all of our workstations. I attempted to deploy the latest Windows XP patches to one of my co-workers machines and the patches never showed up. I have the following in my log file:

 

<![LOG[its a WSUS Update Source type ({55895E29-8F7C-47F8-87EC-37D4787C2B13}), adding it.]LOG]!><time="16:24:44.125+420" date="05-11-2010" component="WUAHandler" context="" type="1" thread="5500" file="sourcemanager.cpp:1348">

<![LOG[Enabling WUA Managed server policy to use server: http://ourserver:8530]LOG]!><time="16:24:44.125+420" date="05-11-2010" component="WUAHandler" context="" type="1" thread="5500" file="sourcemanager.cpp:1054">

<![LOG[Waiting for 2 mins for Group Policy to notify of WUA policy change...]LOG]!><time="16:24:44.157+420" date="05-11-2010" component="WUAHandler" context="" type="1" thread="5500" file="sourcemanager.cpp:1060">

<![LOG[Group policy settings were overwritten by a higher authority (Domain Controller) to: Server https://ourserver:8531 and Policy ENABLED]LOG]!><time="16:24:45.625+420" date="05-11-2010" component="WUAHandler" context="" type="3" thread="5500" file="sourcemanager.cpp:1116">

 

When I pushed the patches out with SCE I set a deadline of 10:00 AM for the patches to be installed which was not a concern as the WSUS or SCE GPO has the option to not reboot any workstations that have users logged on. Well at 9:45 AM this morning, all of our workstation got the 15 minute reboot warning from the SCCM agent with no option to deplay the restart. So all of our workstations were rebooted at 10:00 AM causing me a lot of stress.

 

Any ideas on how to move forward?

 

Thanks,

Anthony

Share this post


Link to post
Share on other sites

  • 0

sounds a bit messy, are you intending to do software updates via SCCM or not ? if not just remove the software update client agent and see does that help ?

Share this post


Link to post
Share on other sites

  • 0

 

snip...

 

Any ideas on how to move forward?

 

Thanks,

Anthony

 

Remove either the SCCM or the SCE agent would be my advise and stick to 1 application for desktop management, or, as anyweb pointed out, decide which functionality you want from which application. SCE uses the same mechanisms and communication channels as SCCM so it's hard to troubleshoot. It might even be possible SCE agents are responding to SCCM policies. Not to mention SCE using group policies which could overwrite certain local policy settings used by SCCM.

 

What is the exact reasoning behind using SCE and SCCM in the same environemnt (if you don't mind my asking)?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.