GPO is your best bet. DAMIEN SOLODOW Senior Systems Engineer 317.447.6033 (office) 317.447.6014 (fax) HARRISON COLLEGE
From: [email protected] [mailto:[email protected]] On Behalf Of David McSpadden Sent: Tuesday, November 10, 2015 10:41 AM To: [email protected] Subject: RE: [mssms] RE: SCUP How does everyone distribute the code signing cert? From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Shane Alexander Sent: Monday, November 9, 2015 6:19 PM To: [email protected]<mailto:[email protected]> Subject: RE: [mssms] RE: SCUP ? Computer Configuration -> Administrative Templates -> Windows Components and select Windows Update. In the results pane, right-click Allow signed content from intranet Microsoft update service location ________________________________ Date: Mon, 9 Nov 2015 17:11:32 +0000 Subject: Re: [mssms] RE: SCUP From: [email protected]<mailto:[email protected]> To: [email protected]<mailto:[email protected]> There is a GPO setting needed too. I can't remember the details but might save some head scratching to know. On 3 Nov 2015 11:46 p.m., "Nash Pherson" <[email protected]<mailto:[email protected]>> wrote: No. It's a Code Signing certificate, not a client auth cert, used by WSUS/SCUP to sign the update. But, you can create a template in your PKI for issuing that Code Signing cert so that updates WSUS/SCUP signed with the cert will already be trusted by your clients. If you use a self-signed cert, it must be distributed to the trusted root and trusted publisher stores on all the devices. http://myitforum.com/myitforumwp/2012/08/20/a-better-guide-to-setting-up-scup-with-a-microsoft-pki/ I hope that helps, Nash Nash Pherson Microsoft MVP, Enterprise Client Management Senior Systems Consultant O: 651-796-1168 C: 507-304-0946 [Small Logo-PNG]<http://www.nowmicro.com/> 1645 Energy Park Drive Ste. 200 St. Paul, MN 55108 www.nowmicro.com<http://www.nowmicro.com/> From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Chian, Richard R Sent: Tuesday, November 3, 2015 3:08 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] SCUP My current environment: Config Manager 2012 SP1 with internal PKI infrastructure, we want to implement SCUP and would like to know if we can use the current machine's client authentication cert used by CM, instead of having to create a new CERT for SCUP and having to deploy it all clients? Appreciate the responses. This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email.
