SCCM 2012: windows updates groups, based upon criteria required?

Similar Messages

• SCCM 2012: Windows update group gives invalid update

  Hi,
  I have deployed an update group to some pc's (about 60 updates). Now it seems one of the updates got stuck on the client: the client tries to download it to install but it's not on the server.
  The server shows the update as invalid.
  Tried to download it again, it does do it but it does NOT show as downloaded. The update 
  kb2687413 is perfectly valid.
  Removed it from the update group but the client still tries to fetch this update (even after reboot).
  My questions:
  *how can I find out what's wrong with this update: why it was invalid (I do know the meaning of the icons: https://technet.microsoft.com/en-us/library/hh848254.aspx?f=255&MSPPError=-2147217396), why I can't download it or the status doesn't change whereas
  it downloaded succesfully.
  *how do I make sure the clients continue to install the remaning updates and don't try to fetch the (removed) update
  Thanks for your input.
  J.
  Jan Hoedt

  Hi,
  Have you checked the log file PatchDownloader.log? Maybe it can give us some clues.
  https://technet.microsoft.com/en-us/library/hh427342.aspx#BKMK_SU_NAPLog
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• SCCM 2012 Software Update Group Statistcs showing wrong Asset Count

  Under Software Update Groups in the summary tab the statics section shows total asset count: 5.   I only have this group deployed to only one collection with 1 machine.
  I have a second Software Update Group in the summary tab the statics section shows total asset count: 5.   I only have this group deployed to only one collection with 3 machines.
  The two collection have only one machine in common.
  I tried to run a summarization but these numbers are not updating. 
  where does the asset count come from and how do I get it to display correctly?
  Thanks,

  The asset counts shown in the console for software groups are not specific to any collection or deployment. If you want numbers specific to a collection, you need to use reporting or a console query.
  Jason | http://blog.configmgrftw.com

• Sccm 2012 window update deployment

  Hi
  I am trying to deploy the software updates in servers, but the issue i am facing is that when i create the package of 170 patches and deploy on servers 2008, then the advertisement coming at client side is in different batches. Example:- In first instance
  50 updates advertisement comes at client end and once i Install them and restart the servers then in second instance remaining server advertisement will come.
  As I have taken the downtime, so I want that all the advertisement comes in one Instance, can somebody suggest me how to do this ?????
  Thanks and Regards Deepak

  Hi Deepak,
  For 170 Patches yeah its more than enough but if you take office sp3 patch its around 680 MB ,if all the patches are Security/cumulative patches then i would its more than enough based on the deployments which i have done.
  If your system's RAM is 4 GB or more than that i would say it will get installed in a go also sometime like jason said there may be multiple reboot required for patching on few machines.
  How you planned the deployment is it mandatory with reboot or mandatory and suppressed reboot?
  Kamala kannan.c| Please remember to click “Mark as Answer” or Vote as Helpful if its helpful for you. |Disclaimer: This posting is provided with no warranties and confers no rights

• SCCM 2012: Active Directory Group Discovery, Delta Discovery?

  Hi,
  Our scenario:
  *Software is requested via a seperate system which puts AD computer objects in groups
  *Software within SCCM 2012 is deployed to computer collections
  *Computer collections query AD groups, in those AD groups the pc's reside
  *Collections memberships run via AD query (every 20 minutes)
  *We deploy an OS (Windows 7) via SCCM
  *Machine policy is updates every 20 minutes
  What is important: AD Group discovery is set to full discovery every 7 days, delta discovery set to 15 minutes
  So what happens:
  *Pc is staged correctly with Windows 7 but software isn't coming through in time (sometimes it's there within the hour, sometimes it takes 6 hours)
  *If we run a full AD Group discovery mostly software is installing immediately
  *Sometimes a SCCM 2012 client machine reset policy or reinstall client solves the problem
  My questions:
  *Would it be better to run full discoveries every x minutes since this always solves our problem
  *Would it be better to disable the delta discovery if we do the change above to minimize AD queries
  => tried that now (full discovery every 30 minutes and disabled delta discovery) but I don't want to put to much pressure on our domain controller
  *Our software collections are limited to all systems, we could limit them to a Windows 7 collection. Probably we should do that but any suggestion how to do this safely in Powershell?
  Please advise.
  J.
  Jan Hoedt
  Note: what I don't get is why a full ad discovery system discovery sovles the problem since SCCM 2012 collections do a AD query, what 's the link there?

  So, let me see if I get this correct for our situation:
  Our own developed system puts pc’s in AD groups
  SCCM 2012 polls these groups, by default 1/week full discovery then every 30 minutes a delta discovery
  We deploy software to computer collections, these collections check the SCCM 2012 database every 30 minutes (collection update) Note: the query our collection do, is based upon requirement of Windows 6.1 + membership of an AD group.
  The SCCM 2012 client/computer does a computer policy update every 30 minutes to see what collections it is member of and see then the software to be deployed
   2 questions:
  *Our my assumptions correct? Specifically point 3.: is the query fully coming from an ad sync (or also from sccm client, f.e. Windows 6.1%)?
  *Don’t we have a step to much then, wouldn’t it be better to add a direct membership of the AD group within SCCM? This direct membership would mean no query and so save us about 20 minutes (run of query)?
  Jan Hoedt

• ADF BC: Creating updatable VO based upon DB View with "instead of" trigger

  Hello all,
  I have got an interesting issue. I have an Oracle DB view that is used to hide some complexity in the underlying DB design (it does some unions). This view is updatable because we have created an "instead of" update trigger to update the correct table when a row is updated. This is working fine in SQL.
  Next, we have created an ADF Entity object based upon the view, specifying an appropriate PK for the DB View. Then, we have created an updatable VO based upon the EO. All well and good so far. The issue we have is in trying to commit changes to the DB - because the ADF BC framework is trying to lock the row to update (using SELECT ... FOR UPDATE), it's not working because of ORA-02014 - cannot select FOR UPDATE from view with DISTINCT, GROUP BY, etc.
  This leads me to thinking about overridding doSelect() on the EO as hinted here http://radio.weblogs.com/0118231/stories/2005/07/28/differenceBetweenViewObjectSelectAndEntityDoselectMethod.html
  As a temporary test, we have over-ridden the EO's doSelect to call super.doSelect(false) and it does work, although we will have lost update issues as detailed in Steve's article.
  My questions:
  1). Is overriding doSelect() the correct thing here? Perhaps there is a better way of handling this problem? I do have a base EO class from which all of the EO's extend, so adding this behavior should be straightforward.
  2). Does anyone have example doSelect implementation? I am thinking of overriding doSelect for my EO and calling super.doSelect (lock=false), but then I need to deal with some possible exceptions, no?
  Kind regards,
  John

  Hi John,
  I have exactly the same issue as you experienced back in January. I have a complex data modelling requirement which requires the need to pivot rows into columns using ROW_NUMBER() and PARTITION clauses. To hide the complexity from the middle tier, I have created a database view and appropriate INSTEAD OF triggers and mapped my EO to the view. I have overriden the lock() method on the EO implementation class (to avoid ORA-02014) and would like to try the same solution you used with the pl/sql call to lock the record.
  My question is, how did you manage the release of the lock if the transaction was not rolled back or committed by your application i.e. if the user closed the browser for instance.
  In my naivity, I would like to think that the BC4J framework would release any locks for the database session when it found the servlet session to be terminated however my concern is that the lock would persist and cause complications.
  Any assistance greatly appreciated (if you would be willing to supply your lock() method and pl/sql procedure logic I would be even more grateful!).
  Many thanks,
  Dave
  London

• SCCM 2012 software update point not sync with Microsoft Updat,

  Hi 
  Recently my SCCM 2012 software update is not syncing with microsoft update, am getting below error.  can any one suggest/help me how to resolve this issue.
  WebException: The remote server returned an error: (500) Internal Server Error.
  at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
     at System.Net.HttpWebRequest.GetRequestStream()
     at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
     at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()
     at Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
     at Microsoft.UpdateServices.ServerSync.ServerSyncLib.Authenticate(AuthorizationManager authorizationManager, Boolean checkExpiration, ServerSyncProxy proxy, Cookie cookie, WebServiceCommunicationHelper webServiceHelper)
     at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.SyncConfigUpdatesFromUSS()
     at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRedirect)

  am just trying to tracert catalog.update.microsoft.com
  from my wsus server but it is failed, would that be the reason/
  Regards,
  Madhan

• SCCM 2012 SP1 update to R2

  Hi!
  SCCM 2012 SP1 update to R2.
  I use SQL 2008R2 SP2 (10.50.4000.0), this version is Ok for SCCm 2012 R2 update?
  cenubit

  Yes it is.
  See supported configurations
  http://technet.microsoft.com/en-us/library/gg682077.aspx#BKMK_SupConfigSQLDBconfig
  Also, see procedure to upgrade from SP1 to R2
  http://www.gerryhampsoncm.blogspot.ie/2013/10/in-place-upgrade-sccm-2012-sp1-to-r2.html
  Also, note that CU1 for R2 has also been released. You should apply this afterwards.
  http://support.microsoft.com/kb/2938441/en-us
  Gerry Hampson | Blog:
  www.gerryhampsoncm.blogspot.ie | LinkedIn:
  Gerry Hampson | Twitter:
  @gerryhampson

• SCCM 2012 Software Updates not installing (bothh Windows patches & 3rd party updates)

  Using SCCM 2012 R2, I am having a problem getting Windows updates to install.  Applications published to people work, and basic software installations published to machines for a straight install work.  However, both Windows patches and Adobe patches
  fail to install on clients. I have imported the Adobe catalog into SCUP, and publish through WSUS. I can see the Adobe patches and Windows patches in SCCM, and can publish them. However, in deployment status out of 4 machines in my test group the Windows patches
  installed on 1 and the other 3 are still in Unknown status with category of "Client check passed/Active". However, none of them are installing the patch - they don't even seem to try.  All of those are Windows 7 PCs, incidentally. On Adobe patches,
  one PC fails and the other 3 machines still sit in Unknown status.  Certificates are distributed,
  Any ideas what might cause the deployment to not push some targets, even when it's past the deadline?
  Thanks,
  Andy Maslin

  An unknown status means that the clients are not reporting back to ConfigMgr correctly. This is often due to the WUA not pointing at the correct WSUS instance. You can verify this by examining the WUAHandler.log on one of those clients and it will clearly
  indicate an issue with this which in turn is often due to a group policy overriding the ConfigMgr behavior.
  Jason | http://blog.configmgrftw.com

• SCCM 2012 Software Update Management for Windows Servers and how to automatic set SCOM maintenance mode?

  Hi,
  We planning to go one level higher to automat and have more dynamic Software Update Management for Windows Servers. We have SCCM 2012 R2, SCOM 2012 R2 and SCO 2012 R2.
  Our plan is to pur server in an AD-Group to get Update Schedule, from the servers will be importet to an Collection for Automatic Update and reboot. If I understand Everything right SCOM can't read AD-Group and put then in an Schedule maintenance mode. SCOM
  can read reg value as exempel.
  IS there any smar way to make the SCOM Maintenance Mode Schedule dynamic?
  I found this
  http://www.scom2k7.com/scom-2012-maintenance-mode-scheduler/?
  /SaiTech

  You could use Orchestrator to put the servers from a specific collection, or AD group, in maintenance mode in SCOM. For an example see:
  http://www.systemcentercentral.com/orchestrator-how-to-scom-maintenance-mode-for-windows-computers-in-an-sccm-collection/
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• SCCM 2012: Assigned updates to update group don't get there deployment

  Hello,
  Problem:
  When I assign available updates to the update group the updates are not getting there deployment. Deployed: NO
  (Previous months no problem)
  Situation:
  SCCM 2012 SP1
  We made different Update groups. Example:
  Windows 2008 R2
  This group is deployed to different collections and has several deployments.
  Steps taken:
  Downloaded the new updates to Windows 2008 R2 Deployment Package (no errors)
  Edit Membership and added updates to the Windows 2008 R2 update group (no errors)
  When I check the update group I see the assigned updates in the group. The Downloaded Status is YES but the Deployed status is NO. When I check the update deploymensts it has no deployments.
  Any idea where to find a solution for the problem? Which logs files to check? 
  Greetings

  You could try and run this sql query to check the database directly and see if IsDeployed = 1 here. If that is the case there is just the console that is not updated. You'll need to change the Config Item ID (in red) to match the ID of your group, you'll
  find this in the console. (Right click columns and add it)
  select  all upd.CI_ID,upd.LocaleID,upd.ApplicabilityCondition,upd.ArticleID,upd.BulletinID,upd.CI_ID,upd.CI_UniqueID,upd.CIType_ID,upd.CIVersion,upd.CreatedBy,upd.CustomSeverity,upd.CustomSeverityName,upd.DateCreated,upd.DateLastModified,upd.DatePosted,upd.DateRevised,upd.EffectiveDate,upd.EULAAccepted,upd.EULAExists,upd.EULASignoffDate,upd.EULASignoffUser,upd.IsUserCI,upd.InUse,upd.IsBroken,upd.IsBundle,upd.IsChild,upd.IsContentProvisioned,upd.IsDeployable,upd.IsDeployed,upd.IsEnabled,upd.IsExpired,upd.IsHidden,upd.IsLatest,upd.IsMetadataOnlyUpdate,upd.IsOfflineServiceable,upd.IsQuarantined,upd.IsSuperseded,upd.IsUserDefined,upd.LastModifiedBy,upd.LastStatusTime,upd.Description,upd.DisplayName,upd.CIInformativeURL,upd.LocaleID,upd.MaxExecutionTime,upd.ModelID,upd.ModelName,upd.NumMissing,upd.NumNotApplicable,upd.NumPresent,upd.NumTotal,upd.NumUnknown,upd.PercentCompliant,upd.PermittedUses,upd.PlatformType,upd.RequiresExclusiveHandling,upd.RevisionNumber,upd.SDMPackageVersion,upd.SedoObjectVersion,upd.Severity,upd.SeverityName,upd.SourceSite
  from fn_ListUpdateCIs(1033) as upd,vSMS_CIRelation as cr  where ((cr.FromCIID =
  16822104
  AND cr.RelationType = 1) AND upd.CI_ID = cr.ToCIID)

• Deploy SCCM 2012 Monthly updates (not with ADR), updates get expired

  Hi,
  I’m looking howto use monthly updates in SCCM 2012 R2. This post is showing howto with automatic deployment rules (ADR), but I’d need to do this without ADR.
  http://www.windows-noob.com/forums/index.php?/topic/6799-using-system-center-2012-configuration-manager-part-9-deploying-monthly-updates/
  What I do:
  1.filter on updates I need
  2.add them to an update group
  3.distribute these updates as mandatory to our default windows 7 collection
  Now everything works fine until some updates in the update group get expired. Then no updates are distributed anymore. Please advise.
  J.
  Jan Hoedt

  Leave the expired updates and group the remaining updates (create software group fo these) and deploy to your clients.
  Search the updates in sccm console: Add criteria: Expired NO
  Have a look in this post (Software updates deployment without ADR)
  http://www.windows-noob.com/forums/index.php?/topic/4467-using-sccm-2012-rc-in-a-lab-part-6-deploying-software-updates/
  Thanks, Prabha G

• SCCM 2012 Software updates

  Hi All,
  We have SCCM 2012 R2 Server, We have been using more than a years ,
  Now im facing crazy issues .
  1.every month we using sccm server for deploying windows patches  .
  2.before patching we set maintenance schedules for device group.
  3.patch deployment is working fine without any issues and we get the success 100 % compliants report in all the server .
  Note:- but after one or two months later  in Monitoring-->deployment tab-->its showing only few machines success results or deploying again old package''
  this process is keep on rotating in all the deployment .
  how to resolve this issues.
  Regards,
  Velu M

  Hi,
  You could try to initiate Software Updates Deployment Evaluation Cycle action from a problematic client, then check CIAgent.log, StateMessage.log to see if there are any helpful information.
  Reference:
  SCCM state messaging–in depth:http://blogs.msdn.com/b/steverac/archive/2011/01/07/sccm-state-messaging-in-depth.aspx
  You could also follow the steps in the blog below to check state messages in WMI.
  Software Update Compliance Reports – Detection State Unknown
  http://blogs.technet.com/b/configmgrdogs/archive/2013/11/07/software-update-status-reports-detection-state-unknown.aspx
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• SCCM 2012 R2 - Updates not installing

  Hi all,
  I have a SCCM 2012 R2 setup at a customer which has problems with distributing updates to the Windows 7 computers in the environment. The update group (with updates that are 100% sure required) is deployed to some test computers but the updates don't get
  installed. It is also configured to be able to install the updates without looking at any maintenance windows.  I see in the reporting that the updates are required, so in my opinion they should get installed.
  I've checked the registry and the Windows Updates registry keys are pointing towards the right server (my SCCM primary site server). I've created a new software update group with fewer updates, same problem. 
  What I find in the UpdatesDeployment.log on one of the test machines is rather strange:
  Assignment {8209BD9C-A86C-460B-99B3-CD6364F8BD1B} has total CI = 2
  UpdatesDeploymentAgent 29/09/2014 15:21:05
  1244 (0x04DC)
  Assignment ({8209BD9C-A86C-460B-99B3-CD6364F8BD1B}) reconnected to the existing job ({779CA9E2-ABB8-43E1-B8AE-F4A94BA8C761}) successfully.
  UpdatesDeploymentAgent 29/09/2014 15:21:05
  1244 (0x04DC)
  Assignment {c076f100-c2f7-43f9-a3f9-51fd33872b94} has total CI = 216
  UpdatesDeploymentAgent 29/09/2014 15:21:05
  1244 (0x04DC)
  Assignment ({c076f100-c2f7-43f9-a3f9-51fd33872b94}) reconnected to the existing job ({A9758363-1871-4BD9-86D9-1BE0D82531AE}) successfully.
  UpdatesDeploymentAgent 29/09/2014 15:21:05
  1244 (0x04DC)
  OnPolicyModify for assignment ({8209BD9C-A86C-460B-99B3-CD6364F8BD1B})...
  UpdatesDeploymentAgent 29/09/2014 15:23:18
  2740 (0x0AB4)
  Work in progress for assignment {8209BD9C-A86C-460B-99B3-CD6364F8BD1B}, forced trigger (TriggerEnforce) will be attempted when done
  UpdatesDeploymentAgent 29/09/2014 15:23:18
  2740 (0x0AB4)
  EnumerateUpdates for action (UpdateActionInstall) - Total actionable updates = 0
  UpdatesDeploymentAgent 29/09/2014 15:30:32
  4532 (0x11B4)
  EnumerateUpdates for action (UpdateActionInstall) - Total actionable updates = 0
  UpdatesDeploymentAgent 29/09/2014 15:30:32
  4000 (0x0FA0)
  Message received: '<?xml version='1.0' ?><SoftwareUpdatesMessage MessageType='EvaluateAssignments'><UseCachedResults>False</UseCachedResults></SoftwareUpdatesMessage>'
  UpdatesDeploymentAgent 29/09/2014 15:46:47
  4836 (0x12E4)
  Removing scan history to force non cached results
  UpdatesDeploymentAgent 29/09/2014 15:46:47
  4836 (0x12E4)
  Assignment({8209BD9C-A86C-460B-99B3-CD6364F8BD1B}) already in progress state (AssignmentStateDetecting). No need to evaluate
  UpdatesDeploymentAgent 29/09/2014 15:46:47
  4836 (0x12E4)
  Assignment({c076f100-c2f7-43f9-a3f9-51fd33872b94}) already in progress state (AssignmentStateDetecting). No need to evaluate
  UpdatesDeploymentAgent 29/09/2014 15:46:47
  4836 (0x12E4)
  Evaluation initiated for (0) assignments. UpdatesDeploymentAgent
  29/09/2014 15:46:47 4836 (0x12E4)
  Message received: '<?xml version='1.0' ?><SoftwareUpdatesMessage MessageType='EvaluateAssignments'><UseCachedResults>True</UseCachedResults></SoftwareUpdatesMessage>'
  UpdatesDeploymentAgent 29/09/2014 17:06:31
  6032 (0x1790)
  Assignment({8209BD9C-A86C-460B-99B3-CD6364F8BD1B}) already in progress state (AssignmentStateDetecting). No need to evaluate
  UpdatesDeploymentAgent 29/09/2014 17:06:31
  6032 (0x1790)
  Assignment({c076f100-c2f7-43f9-a3f9-51fd33872b94}) already in progress state (AssignmentStateDetecting). No need to evaluate
  UpdatesDeploymentAgent 29/09/2014 17:06:31
  6032 (0x1790)
  Evaluation initiated for (0) assignments. UpdatesDeploymentAgent
  29/09/2014 17:06:31 6032 (0x1790)
  CUpdateAssignmentsManager received a SERVICEWINDOWEVENT START Event
  UpdatesDeploymentAgent 29/09/2014 22:00:00
  3240 (0x0CA8)
  Suspend activity in presentation mode is selected
  UpdatesDeploymentAgent 29/09/2014 22:00:00
  3240 (0x0CA8)
  At least one user has elected to suspend non-business hours activity when in presentation mode. Checking for presentation mode.
  UpdatesDeploymentAgent 29/09/2014 22:00:00
  3240 (0x0CA8)
  Proceeding to non-business hours activites as presentation mode is off.
  UpdatesDeploymentAgent 29/09/2014 22:00:00
  3240 (0x0CA8)
  Auto install during non-business hours is disabled or never set, selecting only scheduled updates.
  UpdatesDeploymentAgent 29/09/2014 22:00:00
  3240 (0x0CA8)
  A user-defined service window(non-business hours) is available. We will attempt to install any scheduled updates.
  UpdatesDeploymentAgent 29/09/2014 22:00:00
  3240 (0x0CA8)
  Attempting to install 0 updates UpdatesDeploymentAgent
  29/09/2014 22:00:00 3240 (0x0CA8)
  No actionable updates for install task. No attempt required.
  UpdatesDeploymentAgent 29/09/2014 22:00:00
  3240 (0x0CA8)
  Updates could not be installed at this time. Waiting for the next maintenance window.
  UpdatesDeploymentAgent 29/09/2014 22:00:00
  3240 (0x0CA8)
  CUpdateAssignmentsManager received a SERVICEWINDOWEVENT END Event
  UpdatesDeploymentAgent 30/09/2014 5:00:00
  3132 (0x0C3C)
  No current service window available to run updates assignment with time required = 1
  UpdatesDeploymentAgent 30/09/2014 5:00:00
  3132 (0x0C3C)
  Attempting to cancel any job started at non-business hours.
  UpdatesDeploymentAgent 30/09/2014 5:00:00
  3132 (0x0C3C)
  There are several updates found in the assignment (2 in the first, 216 in the second). Some of them are required but still the log says: No actionable updates. 
  The SERVICEWINDOWEVENT events originate from the business hours set in the client settings I suppose?
  But I don't get why the log sais "No current service window available to run updates assignment with time required = 1"
  Any advice?
  Kind regards,
  Bert

  Hi,
  What's the status in Software Center on clients?
  Please check ScanAgent.log, WUAHandler.log, UpdatesHandler.log and Windowsupdate.log on the client to see if there is any helpful information.
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• SCCM and Windows Update Client Configuration

  Hello,
  I am in the process of migrating SCCM 2007 client over to a new SCCM 2012 R2 site.
  I deleted the AD site from 2007 and added it to 2012 and the client is pushed via Client Push. The client upgrades fine and things go well but
  I run into a little problem after the client is installed.
  Basically it seems to be an issue with how SCCM interacts with and controls Windows Update settings on the SCCM client.  I ran into a somewhat of a major issue that caused
  all (or many) of the newly upgraded clients to go the internet to download updates from Microsoft shortly after the move from the 2007 site and client upgrade to 2012. This was because the client (or at least the ones I checked) had their WU settings to “Always
  download and install” (or something similar). Obviously, expected  behavior with this setting, but the question is how did it get this way?
  Does SCCM control any of these settings?  I know it take over the WSUS settings, etc, but I didn’t think it does anything with the WU client itself.
  From my understanding the WU client settings are done via GPO (local or domain) or WU setting and SCCM does not control these settings.
  I’m not looking for you to solve the problem, because it’s quite tedious, I’m just hoping that someone can lead me in the right direction to find out what if any WU settings
  are controlled or changed by SCCM 2007 or 2012.
  Thanks
  Angelo
  Angelo

  Thanks for the extra info, Idan.  I should probably admit that I am an AD admin and SCCM is handled by someone else in my department.  My main issue with the LocalGPO is the Event 1096 corruption that causes all admin template settings to revert
  to defaults - currently happening on over 100 workstations in our environment.  100% of these problems are caused by LocalGPO corruption and nothing else.  And we will pursue resolution of this issue with Microsoft because we agree that resolving
  this problem is the primary goal.
  But for the sake of understanding:  We don't have any non-domain members that need to be managed by SCCM.  If we had a policy stating "no SCCM client configurations resulting in a LocalGPO file are to be implemented in production - all are
  to be done via Domain Group Policy," is it possible to eliminate the LocalGPO entirely?  Or will there always be a LocalGPO file regardless of whether or not there are settings visible from it in a gpresult report?  We would not need to match
  SCCM configurations in Domain Group Policy because we would not make any changes to the SCCM client resulting in a LocalGPO file at all.  The slow link detection is not of concern to us because none of these settings that would not apply in this case
  are SCCM-managed via LocalGPO (as far as I know): 
  http://blogs.technet.com/b/musings_of_a_technical_tam/archive/2012/02/27/gpos-and-slow-link-detection.aspx
  Another reason why I would prefer to do these settings in Domain Group Policy is that we have Advanced Group Policy Management installed in our environment, which is subject to our Change/Release process.  We can track the changes being made to clients
  much more easily when they are done via AGPM.  Any changes that we want to make via SCCM client could be tested first to see how LocalGPO is effected, and then those changes could be made via Domain Group Policy instead in production.
  Given this info, I'm still struggling to understand why it is recommended to implement anything via SCCM client configurations resulting in a LocalGPO file.  So far, the only compelling reason is that management of non-domain members is not possible
  via Domain Group Policy, but that doesn't apply to our environment.  Is it recommended mostly for ease of administration, so that an SCCM admin doesn't need to work with another tool (Domain Group Policy)?  Any extra reasoning for this recommendation
  that anyone can provide is much appreciated!