Ocelaris Posted August 12, 2013 Report post Posted August 12, 2013 So we're about 80% complete with our migration of clients from 2007 to 2012. We discovered about 40 machines out of 2300 that have managed to be rebooted in the middle of the client update. The problem is that our WSUS point was the 2007 environment, once you uninstall the 2007 client they are free agents, and can go do updates to update.microsoft.com and download Internet Explorer 10 etc... and we have strict rules about which updates get pushed, particularly for the browser. We confirmed on a hanful of these machines that they dropped the old WSUS SCUP point, and got interrupted, and the CM 2012 server didn't pick them up until a few hours later and completed the client upgrade. We've pushed a ADM "don't install IE 10" GPO, and are in the midst of doing a DNS blackhole for update.microsoft.com so clients at least on our network can't reach out to the web for updates. Eventually we'll roll back the DNS Blackhole, but just a warning to people out there if they manage their updates very carefully that you can get some rogue clients if you're doing client push. Quote Share this post Link to post Share on other sites More sharing options...
