Yes, the gpupdate does work while the configmgr client is in Prov mode. The problem is it will not complete the computer policy refresh because of a timeout issue. You have to use the /wait switch.
I just added this and tested it a week or two ago. It works fine in our environment and does successfully update policy. Our specific issue was a local admin group that wasn't being added in a timely manner. Daniel Ratliff From: [email protected] [mailto:[email protected]] On Behalf Of Jeff Poling Sent: Wednesday, September 11, 2013 10:32 AM To: [email protected] Subject: Re: [mssms] ZTIWindowsUpdate.wsf and WSUS I tried running gpupdate /force during the TS (get CMD by pressing F8). It never completed. . .just sat there and hung. To solve the issue, I am trying the following: * Create a batch file that imports the Cert and the AcceptTrustedPublishersCerts registry entry * Create a package/program for the batch file * Add a step in the TS to run the program prior to the ZTIWindowsUpdate script I am hoping that will correct the issue and not cause other problems once WIndows is up and running. Thanks, Jeff On Wed, Sep 11, 2013 at 9:08 AM, Dzikowski, Michael <[email protected]<mailto:[email protected]>> wrote: Does that work, while in provisioning mode with OSD? From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Daniel Ratliff Sent: Tuesday, September 10, 2013 10:38 PM To: '[email protected]<mailto:[email protected]>' Subject: RE: [mssms] ZTIWindowsUpdate.wsf and WSUS Although not recommended by MS you can run a gpupdate from the ts. Cmd /c gpupdate /force /wait:0 -Daniel Ratliff -----Original Message----- From: Jeff Poling [[email protected]<mailto:[email protected]>] Sent: Tuesday, September 10, 2013 06:11 PM Eastern Standard Time To: [email protected]<mailto:[email protected]> Subject: [mssms] ZTIWindowsUpdate.wsf and WSUS I have an odd issue in migrating from CM07/MDT2010 to CM12/MDT2012SP1. An OSD task sequence executes the ZTIWindowsUpdate.wsf script from MDT. In the CM07 environment, it works without issue. In CM12, it fails due to not being able to verify digital signatures for third-party publishers. The environment uses WSUS with a third-party product. The certs and proper registry setting are deployed via GPO. It is my understanding that the TS will update group policy after it exits, so the system will not get the certs and registry entries that are applied via GPO prior to the ZTIWindowsUpdte script running. How do I get the script to work in an environment with third-party updates being deployed via WSUS? I've thought about adding a package to the TS that installs the certs and registry settings. Is there a better way? Any insight is greatly appreciated. If my description is unclear let me know as well. Thanks! Jeff The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information. The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information.
