GPO change, and clients went to MS for updates?

I'm trying to prepare for a switch to SCCM 2012 SUP. Our existing WSUS infrastructure has been solid for years (native WSUS no SUP).
I made a change to the GPO that is configuring where the WSUS servers are (the "specify intranet Microsoft update service location") by setting this to "not configured" but in the same policy adding a preference to look for the SCCM 2012
client install, if it's NOT installed then manually write the two reg keys ("WUServer" and "WUStatusServer") with the correct server information.
The idea is that once the clients get the SCCM 2012 policy they will stop looking at our old WSUS infrastructure and the SCCM (SUP) will take over the update management on the client.
What I found was that even though this logic worked, meaning the reg keys would contain the proper WSUS server locations, after a gpupdate the machine would freak out and immediately go to Microsoft for updates! They ignored all the other settings, for example
time to check in. A gpupdate immediately triggered the wuauclt to go to work getting updates from Microsoft - no /detectnow needed, it's going right now! Looking at the windowsupdate.log shows that the WSUS server was set to <NULL> even though the policy
reg keys existed and are correct.
To better test this I created a duplicate WSUS policy of the one that we've been using over 2 years and applied it to a machine that previously had the same policy settings I just created, and it had the same effect. The content of the policy deosn't seem
to matter. If I removed policy "WSUS policy" and replaced it with "Copy of WSUS policy" (even if they have IDENTICAL settings, as in one is literally a gpedit make copy of the other) the machine would freak out and go to MS for updates
until I did a GPupdate another 2 times... after which it would "settle down" and work the way the policy says to. Not only that, but these two policies now seem to be "known" by the client and changes made to them are OK, and do not force
the MS updates.
Is this by design? It feels like MS doesn't want to "risk" not knowing the wsus policy settings are and will default to get all it's updates right from MS if it "thinks" there is any problems (to protect from malware, virus, etc)?

Thanks Jason, I actually just finished working with MS support on this late last week. There are a couple of things here:
1. I learned that the GPO setting "Specify intranet Microsoft update service location"
adds not only the two intranet wsus server reg entries but the additional reg key "UseWUServer" set to 1 under the AU reg path. This is required to use the reg keys that plug the server information. So I was troubleshooting my reg key logic
to plug the servers, which worked, but was ignored. It appears that the WUA is looking to this key and triggering the checks for all things update exclusively on this key. If you don't
specify
this key when adding "manual" reg keys it will ignore all the GPO policy settings (time to check, how to install, etc), not just the server location settings.
2. I also learned that this method is should not be implemented when migrating to SCCM 2012 from a native WSUS infrastructure. The MS recommended solution is to use a WMI filter on the entire WSUS policy checking for the existence of the SCCM 2012 client
and NOT apply any policies if the 2012 client is installed. The way to check is to look for the file existence of c:\windows\ccm\ccmexec.exe (not version of this file).
3. In my troubleshooting on this issue I also learned that the SCCM 2012 client (and possibly the 2007, but we don't use it) are actually using local machine policies to manage updates so it would make sense to NOT apply any domain level policies setting
anything having to do with updates and instead let the 2012 client just handle the settings else you have domain policies "defeating" the local polices.

Similar Messages

  • HT5622 I made a new Apple ID and everything has been changed and then I am trying to update candy crush and it is asking me for an old apple  ID and  this hasn't happened before

    I made a new Apple ID and everything has been changed and then I am trying to update candy crush and it is asking me for an old apple  ID and  this hasn't happened before

    Games and media are forever tied to the AppleID used to download them.
    Either log in under the old ID to update Candy Crush or delete the game and
    then download it under the new ID. All in-app purchases and progress will be lost.
    Why did you make a new AppleID, if I may ask?

  • HT3576 Ok so i have this iPod touch (3rd gen) and i'm trying to update it through iTunes and when i click  check for update it keeps saying this version of iPod software (2.2.1) is your current version. what do i do? how do i update it?

    Ok so i have this iPod touch (3rd gen) and i'm trying to update it through iTunes and when i click  check for update it keeps saying this version of iPod software (2.2.1) is your current version. what do i do? how do i update it?

    You have a 1st generation iPod Touch. It can not be upgraded beyond iOS 3.1.3, it is available at the link below.
    http://support.apple.com/kb/HT2052

  • The App Store indicates that 5 items need to be updated. When I go to the Update page, only a blank page appears and no application logo appears for updating. Would appreciate receiving a solution for this.

    The App Store indicates that 5 items need to be updated. When I go to the Update page, only a blank page appears and no application logo appears for updating. Would appreciate receiving a solution for this.
    Sridhar

    Okay - let's cut to the chase...
    If the Menu Bar (File, Edit... Help) shown in my screenshot below is not visible, use CTRL+B to display it. Then click on Help/Check for Updates. If one is available, you will be able to select it at this time.
    Note the item at the bottom of the list; About iTunes. Selecting that will show you which version of iTunes you are using.
    An alternative method to display the Menu Bar is click on the box in the top left of your iTunes window...

  • How to change the Client n user details for a model in Production

    Hello Friends,
                         I have an application which is calling RFC function module from SAP R/3.
    In development system while creating Model I have entered the Back end details like Client, User Name and Password.
    If I transport the application into Production, The Client and user name will be different. In this case How would I change the client n user name details.
    Do I have import again in Production. But does sounds a good idea.
    ThanQ for Ur time.
    Cheers.. Sam

    When you create Model first time, to import Interface of RFC you would need to logon into R/3. But once you are done with the Interface, your connection to R/3 will be determined by the client and UID details in JCo connection.
    Now when you transport your code from DEV to QA system, the JCo connection with the same name should be there. or else, you would need to create the same in the new server. I dont see a need to reimport the model. If that is the case, then developers would have to spend huge amount of time doing this job alone.
    Hope this solves ur problem.
    Regards
    Murali.

  • Icloud is asking for my pw for backup - both Apple Id and pw and have changed and they are not asking for my new?

    Received an email from Apple concerning my AOL email not being valid
    after March 31 and instructions how to convert to another active email
    address - new apple id and pw updated yesterday.  Now when I go
    on my iphone, icloud asks me for pw to old aol email ID - which I have
    forgotten - but that is not now the current Apple Id for my ITunes account.
    Not sure how to change it on my phone - when I try to sign out of icloud
    so I can go back in and re-enter info, it asks for pw to shut off find my
    iphone and I have forgotten the pw. Thanks for any help!

    Hello there RmCrCo,
    it sounds like you need to reset the password for the account you have signed in on your phone you should be able to get that reset wiht this article:
    iCloud: Change your iCloud password
    Thank you for using Apple Support Communities.
    Take care,
    Sterling

  • Why is there a limit on the number of times a "DVD player region" can be changed, and can it be adjusted for more region changes, or an indefinite number of region changes?

    Why is there a limit on the number of times a "DVD player region" can be changed, and can this numbert be adjusted for more region changes, or an indefinite number of region changes?

    Region encoding is the mechanism that enables motion picture studios to control the worldwide release of their movies. It is required by the DVD Forum (http://www.dvdforum.org/forum.shtml) in all commercial hardware DVD players. Every DVD-Video disc contains one byte of data representing a region code, which limits where the disc can be played.
    http://support.apple.com/kb/HT2397
    Once you have set the region in DVD Player five times it cannot be changed.
    Instead, use VLC to view videos from different regions:
    http://www.videolan.org/vlc/download-macosx.html

  • My iTunes won't update on my computer. I have windows vista. I can open iTunes and when I click "check for updates" it asks if I want to update to iTunes 11.1.5 and I click "Download iTunes" but then nothing happens. What's wrong?

    My iTunes won't update on my computer. I have windows vista. I can open up itunes and when I click on "check for updates" it asks if I want to download iTunes version 11.1.5 and I click "Download iTunes" but then nothing happens. Sometimes uptop the loading bar will appear but for only a split second. I have tried restarting, shutting down, I cannot figure out why it won't download. What's happening and how do I fix it?

    Try updating using an iTunesSetup.exe (or iTunes64Setup.exe) installer file downloaded from the Apple website:
    http://www.apple.com/itunes/download/

  • How to use the mirrored and log shipped secondary database for update or insert operations

    Hi,
    I am doing a DR Test where I need to test the mirrored and log shipped secondary database but without stopping the mirroring or log shipping procedures. Is there a way to get the data out of mirrored and log shipped database to another database for update
    or insert operations?
    Database snapshot can be used only for mirrored database but updates cannot be done. Also the secondary database of log shipping cannot used for database snapshot. Any ideas of how this can be implemented?
    Thanks,
    Preetha

    Hmm in this case I think you need Merge Replication otherwise it breaks down the purpose of DR...again in that case.. 
    Best Regards,Uri Dimant SQL Server MVP,
    http://sqlblog.com/blogs/uri_dimant/
    MS SQL optimization: MS SQL Development and Optimization
    MS SQL Consulting:
    Large scale of database and data cleansing
    Remote DBA Services:
    Improves MS SQL Database Performance
    SQL Server Integration Services:
    Business Intelligence

  • My IOS 6 upgrade appear to crash alot pages don't load completely and ITunes  can not connect for updates takes multi able tries and sometimes a re boot to get it to completed. I have a Ipad2

    I'm having issues with this update will not alway allow me to connect to ITunes for update, does not always excess app stor or do searches. Safari locks up and pages load slow or freeze

    Yea I would connect it to iTunes on computer and under summary tab select restore. If that can't be done save a backup on icloud from settings,icloud,storage and backup. Then go to settings, general, reset, all content and data.
    Sometimes when you upgrade you can catch a bug. When I upgraded all my album artwork disappeared and even a sync didn't help. I saved a backup and restored the device(this time not wireless) and installed ios6 again. No problems since.

  • How do I delete my iCloud account if my Apple ID has changed and I forgot the password for my previous Apple ID?

    The email address used for my previous Apple ID was no longer valid, so I successfully changed my Apple ID via apple.com using my Mac. However, I'm still signed into iCloud on my iPhone with my previous Apple ID, and I've forgotten that password.

    If you have a current iCloud ID that is a newer version of the old ID (and not an entirely new ID), go to https://appleid.apple.com, click Manage my Apple ID and sign in with your current iCloud ID.  Click edit next to the primary email account, change it back to your old email address and save the change.  Then edit the name of the account to change it back to your old email address.  You can now use your current password to turn off Find My iPhone and delete the old account.  Then go back to https://appleid.apple.com and change your primary email address and iCloud ID name back to the way it was.
    If the old ID is not an older version of your current iCloud ID, you'll have to contact Apple for assistance resetting the password, either by going to https://expresslane.apple.com, then click More Products and Services>Apple ID>Other Apple ID Topics>Lost or forgotten Apple ID password, or by contacting the Apple account security team: http://support.apple.com/kb/HT5699.

  • Audit/Log GPO changes and Logging of new addition of Domain Controllers in the Event Log

    Hi all, 
    We am trying to log the following items in the event log for Windows 2012. This applies to a domain controller. 
    1) Audit any changes made to the Group Policy
    2) Log the addition of new domain controllers added to the system.
    We need the windows event log to record the above events for security purposes. Can anyone advise if this is doable? If yes what are the steps. 
    Thank you

    Hi,
    >>1) Audit any changes made to the Group Policy
    We can enable audit for directory service object access and configure specific SACL for group policy files to do this.
    Regarding how to step-to-step guide for auditing changes of group policy, the following two blogs can be referred to for more information.
    Monitoring Group Policy Changes with Windows Auditing
    http://blogs.msdn.com/b/ericfitz/archive/2005/08/04/447951.aspx
    Auditing Group Policy changes
    http://blogs.msdn.com/b/canberrapfe/archive/2012/05/02/auditing-group-policy-changes.aspx
    >>2) Log the addition of new domain controllers added to the system.
    Based on my knowledge, when a server is successfully promoted to be domain controller, event ID 29223 will be logged in the System log.
    Regarding this point, the following thread can be referred to for more information.
    Is an Event ID for a completed Domain Controller promotion logged on the PDC?
    https://social.technet.microsoft.com/Forums/windowsserver/en-US/11b18816-7db0-49e2-9a65-3de0e7a9645e/is-an-event-id-for-a-completed-domain-controller-promotion-logged-on-the-pdc?forum=winserverDS
    Best regards,
    Frank Shen

  • My toolbar recently "changed" and tools went away without my knowledge.

    I have not quite the latest version of FF.
    I have "Video Downloadhelper" installed - latest version.
    I also have "netusage" installed.
    Today I went youtube-ing and noticed that initially the "netusage" tool was gone. Then later during the youtube stuff, the video downloadhelper was also gone.
    I went and edited the toolbar view and put them back, and now they work, but HOW/WHY would they have gone?
    Adobe (adopey as I call them) sent through a couple of changes recently.
    I have anti-virus software and haven't had any known attacks.
    So I am mentioning it in case someone else has this and is concerned.
    I don't know if I should be or not.
    Anyone?

    Please try a firefox reset and also try contacting the developers of the addons to see if they know about the issue as well.
    The Reset Firefox feature can fix many issues by restoring Firefox to its factory default state while saving your essential information.
    Note: ''This will cause you to lose any Extensions, Open websites, and some Preferences.''
    To Reset Firefox do the following:
    #Go to Firefox > Help > Troubleshooting Information.
    #Click the "Reset Firefox" button.
    #Firefox will close and reset. After Firefox is done, it will show a window with the information that is imported. Click Finish.
    #Firefox will open with all factory defaults applied.
    Further information can be found in the [[Reset Firefox – easily fix most problems]] article.
    Did this fix your problems? Please report back to us!

  • Page height not changing and yes, I've checked for hidden objects

    Hi
    has anyone got any advice? I'm tearing my hair out!
    I cant seem to change all my websites page heights despite checking that there are no hidden items
    best wishes Helen

    Hello,
    Please go in the page in design mode. Select "Show all on Page" and "Unlock all on Page" from Object Menu.
    You may find some unwanted elements near the footer of the page. Deleting them will fix the problem. If it do help then please share the muse file with us so that we can take a look at it.
    Regards
    Vivek

  • Where can one fine TCP socet server and client example VI's for Labview 6.0

    We've inherited an older system containing two PXI systems and one PC.  The Labview -6.0 programs running on the three systems need to be rewritten from ground zero.
    In hopes of saving a great amount of time, I am looking for a couple of TCP socket VI's that can be used to set up communications between the applications.  There doesn't appear to be a backwards compatibility from examples found in newer versions of Labview.
    Thanks,
    KGTang

    kgtang wrote:
    We've inherited an older system containing two PXI systems and one PC.  The Labview -6.0 programs running on the three systems need to be rewritten from ground zero.
    In hopes of saving a great amount of time, I am looking for a couple of TCP socket VI's that can be used to set up communications between the applications.  There doesn't appear to be a backwards compatibility from examples found in newer versions of Labview. 
    Why backwards compatibility?
    Look in examples/comm/tcpex.llb. Those examples are still mostly unchanged in the newer LabVIEW versions too.
    Rolf Kalbermatter
    Rolf Kalbermatter
    CIT Engineering Netherlands
    a division of Test & Measurement Solutions

Maybe you are looking for

  • PP CS4 - No MPEG export?

    I have Windows XP SP3, 2 gigs of RAM, 3.5Ghz processor, NVIDIA 8800GTS video. I don't have any issues regarding error messages, etc. First, I downloaded Adobe Premiere Pro CS4 trial. I did a full install with every option selected (installed Bridge,

  • Need nitty-gritty help uninstalling

    My computer crashed during an iTunes upgrade... so then, I've got a/some critical file(s) missing. ITunes can't run w/o the file(s), can't uninstall (using the Windows uninstaller) without the file(s), and can't re-install because it detects a previo

  • Dreamweaver CS6 Crashing On Startup

    Been trying to solve this problem for a while now. I just purchased Dw CS6 via the Design and Web Premium package and it continually crashes on startup w/ 32-Bit Windows 7 Enterprise. The Application Logs read: Faulting application name: Dreamweaver.

  • How to check whether MRP run has been executed for a sales order or not

    Dear Experts, In Strategy:20, Make to Order scenario, I have run MRP for sales order in T Code:MD50, then how can I check whether MRP run has been executed for a sales order or not.  Is there any report where I can find some indication? Thanks and re

  • ITunes resets my PC when it begins updating podcasts

    I have used iTunes with zero issues for a long time on my computer. No hardware changes have been made. No software changes have been made that I know of but things get updated more automatically these days, and perhaps there has been some minor chan