Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

Azamat Berkimbayev

My feedback

  1. 3 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Ideas » Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
      Azamat Berkimbayev shared this idea  · 
    • 3,736 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        84 comments  ·  Ideas » Software Updates  ·  Flag idea as inappropriate…  ·  Admin →

        Phase one of these changes are in 1803 tp, as well as 1802 production. We will continue to add more integration in the future with a huge chunk coming for 1806 production.

        Updating to note the improvements went in to 1802:

        Automatically importing WSUS signing certificate (which is used to sign third party updates) into the SCCM database, and then that certificate is pushed down to clients Trusted Publisher certificate store. (If admin enables this on the SUP top level site components configuration).

        Enabling “Allow signed updates from an intranet Microsoft updates service location” group policy on clients, which tells Windows to allow them to install 3rd party signed updates during normal Software Updates sync/install (if admin enables this in Software Updates client agent settings).

        Azamat Berkimbayev supported this idea  · 
      • 1,590 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          54 comments  ·  Ideas » Operating System Deployment  ·  Flag idea as inappropriate…  ·  Admin →

          I’m updating the status. For 1606 we’ve made some changes, listed below.
          As more are added we’ll update what Tech Preview/Release they appear in.

          Timeout scan is now configurable
          We added a new task sequence variable to allow a configurable timeout for scan. Variable name is SMSTSSoftwareUpdateScanTimeout, default is 30 minutes. Value is set in seconds so an hour is 60×60=3600

          Logging changes
          In the SMSTS.log we list the log files to check for updates download and evaluation.
          These are UpdateDeployment.log, UpdatesHandler.log, WUAHandler.log and WindowsUpdate.log

          New Option for full scan
          There’s a new checkbox added to the Install Updates step – ‘Evaluate software updates from cached scan results’
          If the checkbox is on we use cached results, if the checkbox is off we do a full scan
          Task Sequences that are upgraded will have this option checked on – this is parity with the existing behavior

          Power management changes…

          Azamat Berkimbayev supported this idea  · 

        Feedback and Knowledge Base