In the image and GPO. This should help for OSD http://ccmexec.com/2011/06/system-center-updates-publisher-and-osd/
On 10 November 2015 at 15:44, Damien Solodow <[email protected]> wrote: > GPO is your best bet. > > > > DAMIEN SOLODOW > > Senior Systems Engineer > > 317.447.6033 (office) > > 317.447.6014 (fax) > > HARRISON COLLEGE > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *David McSpadden > *Sent:* Tuesday, November 10, 2015 10:41 AM > > *To:* [email protected] > *Subject:* RE: [mssms] RE: SCUP > > > > How does everyone distribute the code signing cert? > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Shane Alexander > *Sent:* Monday, November 9, 2015 6:19 PM > *To:* [email protected] > *Subject:* RE: [mssms] RE: SCUP > > > > ? > Computer Configuration –> Administrative Templates –> Windows Components > and select Windows Update. In the results pane, right-click Allow signed > content from intranet Microsoft update service location > > > > ------------------------------ > > Date: Mon, 9 Nov 2015 17:11:32 +0000 > Subject: Re: [mssms] RE: SCUP > From: [email protected] > To: [email protected] > > There is a GPO setting needed too. I can't remember the details but might > save some head scratching to know. > > On 3 Nov 2015 11:46 p.m., "Nash Pherson" <[email protected]> wrote: > > No. It’s a Code Signing certificate, not a client auth cert, used by > WSUS/SCUP to sign the update. > > > > But, you can create a template in your PKI for issuing that Code Signing > cert so that updates WSUS/SCUP signed with the cert will already be trusted > by your clients. If you use a self-signed cert, it must be distributed to > the trusted root and trusted publisher stores on all the devices. > > > > > http://myitforum.com/myitforumwp/2012/08/20/a-better-guide-to-setting-up-scup-with-a-microsoft-pki/ > > > > > > I hope that helps, > > > > Nash > > > > *Nash Pherson* > > *Microsoft MVP, Enterprise Client Management* > *Senior Systems Consultant* > > O: 651-796-1168 > > C: 507-304-0946 > > > > [image: Small Logo-PNG] <http://www.nowmicro.com/> > > 1645 Energy Park Drive Ste. 200 > > St. Paul, MN 55108 > > www.nowmicro.com > > > > > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Chian, Richard R > *Sent:* Tuesday, November 3, 2015 3:08 PM > *To:* [email protected] > *Subject:* [mssms] SCUP > > > > My current environment: Config Manager 2012 SP1 with internal PKI > infrastructure, we want to implement SCUP and would like to know if we can > use the current machine’s client authentication cert used by CM, instead of > having to create a new CERT for SCUP and having to deploy it all clients? > > Appreciate the responses. > > > > > > > > > > This e-mail and any files transmitted with it are property of Indiana > Members Credit Union, are confidential, and are intended solely for the use > of the individual or entity to whom this e-mail is addressed. If you are > not one of the named recipient(s) or otherwise have reason to believe that > you have received this message in error, please notify the sender and > delete this message immediately from your computer. Any other use, > retention, dissemination, forwarding, printing, or copying of this email is > strictly prohibited. > > > > Please consider the environment before printing this email. > > > >
