So it is possible in 2012, but perhaps not in 2007. I am not on 2007 quite yet, but soon. In 2007 the settings apply to all clients, (right?)
One response a little lower says that GPO takes precedence over SCCM settings, which I think is true. Is there a GPO setting that I can set to make the client revert back to Microsoft windows updates? There is a GPO setting "Specify intranet Microsoft update service location" I think SCCM slips into this policy locally, normally. Can I put some values in there to point back out to Microsoft's servers? -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Todd Hemsell Sent: Wednesday, April 02, 2014 11:49 AM To: [email protected] Subject: Re: [mssms] Exclude a group of machines from having updates managed by SCCM or just make a client policy that does not enable software updates and apply it to a collection.... On Wed, Apr 2, 2014 at 11:46 AM, <[email protected]> wrote: > if you set the wsus gpo, it will override sccm. > > you will get errors in the update log in the client, but the machine > will patch through wsus. > > Just use a wmi filter on the gpo. > > Sent from Windows Mail > > From: Miller, Todd > Sent: Wednesday, April 2, 2014 12:39 PM > To: [email protected] > > I have an OU of machines that have the SCCM agent, however for these > machines I want them to apply updates from Microsoft Windows Updates > rather than having their updates managed by SCCM. > > > > Is there a way to have a small number of clients ignore any Windows > Updates settings and just go out to Microsoft for their updates as if > they had never heard of SCCM and WSUS? > > > > My scenario is this. We have allowed 10 or so Windows 7 x86 machines > onto the domain for various reasons, while the other 20,000 systems > are all Win7 64bit. Rather than check in 32 bit updates every month > and all the overhead that entails for a fraction of a percent of > machines, I would just like to force those 10 machines to go out to > Microsoft for patches. I still want the SCCM agent to collect HW/SW > inventory for those machines though. > > > > I have a GPO set to force the machines to apply updates once a week, > but their definition of what updates to apply seems to be coming from > the MP/WSUS server still. They don't find any updates because I have > never checked in/approved any 32 bit patches. > > > > Can I "opt-out" a set of machines from the SCCM patching system and > allow them to go back out to MS Windows Update while keeping the SCCM > agent installed? Can a GPO override the settings from SCCM? It seems > like it's an all or nothing thing. > > > > Currently on SCCM 2007, but am interested if 2012 changes the answer > as that is only a month or two away. > > > > ________________________________ > Notice: This UI Health Care e-mail (including attachments) is covered > by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is > confidential and may be legally privileged. If you are not the > intended recipient, you are hereby notified that any retention, > dissemination, distribution, or copying of this communication is > strictly prohibited. Please reply to the sender that you have > received the message in error, then delete it. Thank you. > ________________________________ > > ________________________________ Notice: This UI Health Care e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank you. ________________________________
