In System Center 2012 Configuration Manager Service Pack 1, we’ve added the ability to set multiple software update points per primary site. This change allows for placing software update points cross-forest, and providing fault tolerance without requiring an NLB. You can read more about those changes.

If you set a WSUS server on your clients through Group Policy for any reason, and you want to take advantage of the new software update point failover design in Configuration Manager SP1, you need to rethink how you specify a WSUS server on clients by using Group Policy. The most common scenario where group policy is used to set the WSUS server on computers is when you publish the Configuration Manager client through WSUS, and need to point your computers to the WSUS server to get the client. Client publishing assumes that the Configuration Manager client does not yet exist on the clients (or has been removed), and needs to be delivered through WSUS. The problem is that the WSUS server for client publishing has to be set through Group Policy.

To install new clients, you must configure a Group Policy Object (GPO) in Active Directory Domain Services with the client's active software update point and port. If the Active Directory schema is not extended for Configuration Manager, you must use Group Policy settings to provision computers with client installation properties. Sol Pro Bold Font Free Download. Download Solid Professor.

This is a great for assigning a WSUS server to get the client deployed, but not-so great for the new software update point failover design as it impacts a client’s ability to switch software update points for failover. Since the domain policy is the authority, and it’s binding the client to the WSUS server set for client publishing, Configuration Manager local policy used to change the software update point for failover reasons is blocked by domain policy. However, there is a fairly easy way to solve this problem, and it’s outlined here. Scenario Overview I use client publishing through WSUS and set the WSUS server through Group Policy. However, after the client is installed, I also want to take advantage of the new software update point failover design, which will allow my clients to failover to another software update point as needed. How do I accomplish this without using NLB since I’m only able to set a single, logical WSUS server reference with Group Policy?

That single WSUS server set through group policy will not allow Configuration Manager local policy to set an alternative software update point for failover. Solution There is a fairly easy way to apply a WSUS server for Configuration Manager client-publishing using group policy, and to still take advantage of software update point failover after the client is installed, and without an NLB dependency. 3cad Evolution. To achieve this, you need to use Group Policy Preferences to set the WSUS server only when the Configuration Manager client doesn’t exist, or isn’t running.

Group Policy Preferences allow you to easily set conditional logic to configure specific settings. As an example, you can use preferences to ONLY set a specific WSUS server if the Configuration Manager client is NOT installed. If the Configuration Manager client exists, Group Policy will NOT set the WSUS server, freeing up Configuration Manager local policy to set the appropriate software update point as needed.

This avoids the domain and local policy conflict, and allows software update point failover to work as designed. In general, using Group Policy Preferences is a best practice in any Configuration Manager scenario where local and group policy might conflict, and you want local group policy to trump domain policy on a particular condition. As another example, you should use Group Policy Preferences when migrating software update operations from a standalone WSUS environment to Configuration Manager. First, let me provide a little background on Group Policy Preferences. Group Policy Preferences is available from the Group Policy Management console running on Windows Server 2008 or later, and Windows Vista SP1 or later.