That's what we do. We have https as an added complexity, but a CA in each domain and those root certs in SCCM solves that pretty nicely. All the clients in the same console using the same MP/DP/SUP.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of John Marcum Sent: Monday, November 27, 2017 8:42 PM To: mssms@lists.myitforum.com Subject: [mssms] RE: SUP in an Untrusted Forrest Just and random thought here but..... what if you managed them as internet based workgroup clients? Sensitivity: Confidential between partners From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Vann, Gerry Sent: Monday, November 27, 2017 4:31 PM To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: [mssms] SUP in an Untrusted Forrest Hello, I'm looking for some ideas. We are currently managing Windows updates with SCCM on our corp network. We have a handful of separate forests that are currently using WSUS only for updates. Some of these forests have a one way trust other have no trust. I set up MP/DP's in each of the forests a while back and all works well like inventory and software delivery. Recently I've been tasked with getting the forests Windows updates managed by SCCM. Since I already have a presence in each of the domains I was thinking about creating a downstream WSUS server in the untrusted forests and installing the SUP role on each of the servers much like this post https://www.systemcenterdudes.com/installing-a-sccm-dpmpsup-in-an-untrusted-domain/ . One problem I may have is our existing WSUS server is 2012 R2 while the MP's out in the untrusted forests are Server 2016 WSUS 10. So, more specifically will I have an issue with the different versions of WSUS? I'm curious if there are more ways to accomplish that I have not thought of? SCCM Version 1706 Thank you, Gerry
