? Computer Configuration –> Administrative Templates –> Windows Components and select Windows Update. In the results pane, right-click Allow signed content from intranet Microsoft update service location
Date: Mon, 9 Nov 2015 17:11:32 +0000 Subject: Re: [mssms] RE: SCUP From: [email protected] To: [email protected] There is a GPO setting needed too. I can't remember the details but might save some head scratching to know. On 3 Nov 2015 11:46 p.m., "Nash Pherson" <[email protected]> wrote: No. It’s a Code Signing certificate, not a client auth cert, used by WSUS/SCUP to sign the update. But, you can create a template in your PKI for issuing that Code Signing cert so that updates WSUS/SCUP signed with the cert will already be trusted by your clients. If you use a self-signed cert, it must be distributed to the trusted root and trusted publisher stores on all the devices. http://myitforum.com/myitforumwp/2012/08/20/a-better-guide-to-setting-up-scup-with-a-microsoft-pki/ I hope that helps, Nash Nash Pherson Microsoft MVP, Enterprise Client Management Senior Systems Consultant O: 651-796-1168 C: 507-304-0946 1645 Energy Park Drive Ste. 200 St. Paul, MN 55108 www.nowmicro.com From: [email protected] [mailto:[email protected]] On Behalf Of Chian, Richard R Sent: Tuesday, November 3, 2015 3:08 PM To: [email protected] Subject: [mssms] SCUP My current environment: Config Manager 2012 SP1 with internal PKI infrastructure, we want to implement SCUP and would like to know if we can use the current machine’s client authentication cert used by CM, instead of having to create a new CERT for SCUP and having to deploy it all clients? Appreciate the responses.
