Gpo primarily, and because I'm me, a config item verifies and remediates if the gpo didn't hit.
On November 11, 2015 6:55:12 AM CST, Rickym61 <[email protected]> wrote: >In the image and GPO. >This should help for OSD >http://ccmexec.com/2011/06/system-center-updates-publisher-and-osd/ > >On 10 November 2015 at 15:44, Damien Solodow ><[email protected]> >wrote: > >> GPO is your best bet. >> >> >> >> DAMIEN SOLODOW >> >> Senior Systems Engineer >> >> 317.447.6033 (office) >> >> 317.447.6014 (fax) >> >> HARRISON COLLEGE >> >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *David McSpadden >> *Sent:* Tuesday, November 10, 2015 10:41 AM >> >> *To:* [email protected] >> *Subject:* RE: [mssms] RE: SCUP >> >> >> >> How does everyone distribute the code signing cert? >> >> >> >> *From:* [email protected] [ >> mailto:[email protected] ><[email protected]>] *On >> Behalf Of *Shane Alexander >> *Sent:* Monday, November 9, 2015 6:19 PM >> *To:* [email protected] >> *Subject:* RE: [mssms] RE: SCUP >> >> >> >> ? >> Computer Configuration –> Administrative Templates –> Windows >Components >> and select Windows Update. In the results pane, right-click Allow >signed >> content from intranet Microsoft update service location >> >> >> >> ------------------------------ >> >> Date: Mon, 9 Nov 2015 17:11:32 +0000 >> Subject: Re: [mssms] RE: SCUP >> From: [email protected] >> To: [email protected] >> >> There is a GPO setting needed too. I can't remember the details but >might >> save some head scratching to know. >> >> On 3 Nov 2015 11:46 p.m., "Nash Pherson" <[email protected]> wrote: >> >> No. It’s a Code Signing certificate, not a client auth cert, used by >> WSUS/SCUP to sign the update. >> >> >> >> But, you can create a template in your PKI for issuing that Code >Signing >> cert so that updates WSUS/SCUP signed with the cert will already be >trusted >> by your clients. If you use a self-signed cert, it must be >distributed to >> the trusted root and trusted publisher stores on all the devices. >> >> >> >> >> >http://myitforum.com/myitforumwp/2012/08/20/a-better-guide-to-setting-up-scup-with-a-microsoft-pki/ >> >> >> >> >> >> I hope that helps, >> >> >> >> Nash >> >> >> >> *Nash Pherson* >> >> *Microsoft MVP, Enterprise Client Management* >> *Senior Systems Consultant* >> >> O: 651-796-1168 >> >> C: 507-304-0946 >> >> >> >> [image: Small Logo-PNG] <http://www.nowmicro.com/> >> >> 1645 Energy Park Drive Ste. 200 >> >> St. Paul, MN 55108 >> >> www.nowmicro.com >> >> >> >> >> >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Chian, Richard R >> *Sent:* Tuesday, November 3, 2015 3:08 PM >> *To:* [email protected] >> *Subject:* [mssms] SCUP >> >> >> >> My current environment: Config Manager 2012 SP1 with internal PKI >> infrastructure, we want to implement SCUP and would like to know if >we can >> use the current machine’s client authentication cert used by CM, >instead of >> having to create a new CERT for SCUP and having to deploy it all >clients? >> >> Appreciate the responses. >> >> >> >> >> >> >> >> >> >> This e-mail and any files transmitted with it are property of Indiana >> Members Credit Union, are confidential, and are intended solely for >the use >> of the individual or entity to whom this e-mail is addressed. If you >are >> not one of the named recipient(s) or otherwise have reason to believe >that >> you have received this message in error, please notify the sender and >> delete this message immediately from your computer. Any other use, >> retention, dissemination, forwarding, printing, or copying of this >email is >> strictly prohibited. >> >> >> >> Please consider the environment before printing this email. >> >> >> >>
