I have an odd issue in migrating from CM07/MDT2010 to CM12/MDT2012SP1. An OSD task sequence executes the ZTIWindowsUpdate.wsf script from MDT. In the CM07 environment, it works without issue. In CM12, it fails due to not being able to verify digital signatures for third-party publishers. The environment uses WSUS with a third-party product. The certs and proper registry setting are deployed via GPO.
It is my understanding that the TS will update group policy after it exits, so the system will not get the certs and registry entries that are applied via GPO prior to the ZTIWindowsUpdte script running. How do I get the script to work in an environment with third-party updates being deployed via WSUS? I've thought about adding a package to the TS that installs the certs and registry settings. Is there a better way? Any insight is greatly appreciated. If my description is unclear let me know as well. Thanks! Jeff
