I am looking to get some clarification on SU deployments, specifically with SCEP definitions.
First, correct me if I am wrong but a Deployment of a SU group is the same as a SW Deployment. Meaning, if you set a deadline, when policy is refreshed on the client and it sees the scheduled time it kicks off the deployment. Correct? Now, we use an Automatic Deployment Rule for SCEP. Following some published guidance, I set the Deployment deadline to "as soon as possible". I am assuming then that when policy refreshes on the client it's going to run the definition updates. Where I am getting confused is how/where it determines if it ran it. Is there some identifier on the deployment that the client notes so that it doesn't repeat it? Is there a "success" tied to that specific deployment? Also, if my Automatic Rule runs daily (around 8PM), is it then creating a new deployment each time with a new identifier? As it stands, I have the rule run at 8PM which also then sets the deployment deadline to as soon as possible after the rule completes. To add to this confusion, the SCEP policies also have an entry to set a definition update schedule. And there really doesn't seem to be anyway to turn this off. Nor does there seem to be a way in the Automatic Rule to NOT create a deployment. So, in the SCEP policy, I set it to check for updates at 4AM when our machines power up. At this point I am left wondering who is in charge here. If it wasn't incurring much overhead I couldn't care less. But with the Windows Update Agent seemingly broken on Win7 and causing massive memory consumption (close to 1GB) when it runs, it's becoming a debilitating problem in our environment. Any input is appreciated, thanks! Mark Kent (MCP) Sr. Desktop Systems Engineer Computing & Technology Services - SUNY Buffalo State
