![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 97%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERO%3C/text%3E%3C/svg%3E)
Microsoft Security | Intune | Configuration Manager | Updates
Managing and deploying updates via Configuration Manager
Hello @Robert Ostler
I would start checking the requisites are still met, and nothing changed n the workgroup, for example:
During client installation, the logged-on user must possess local administrator rights on the workgroup system. The only account that Configuration Manager can use to perform activities that require local administrator privileges is the account of the user that is logged on to the computer.
The Configuration Manager client must be installed from a local source on each client machine. This requirement ensures that a local source for repair and client update application will be available for the client.
Workgroup clients must be able to locate a server locator point for site assignment because they cannot query Active Directory Domain Services. The server locator point can be manually published in Windows Internet Name Service (WINS), or it can be specified in the CCMSetup.exe installation command-line parameters.
Workgroup clients must use the Network Access Account to access package source files on distribution points. If a Network Access Account is not configured, clients cannot access content on the distribution point. For more information, see http://technet.microsoft.com/en-us/library/bb932160.aspx
Although workgroup computers can be Configuration Manager clients, there are inherent limitations in supporting workgroup computers, including the following:
Workgroup clients cannot locate their default management point from Active Directory Domain Services, and instead must use DNS, WINS, or a server locator point. DNS is recommended for workgroup clients. For more information, see http://technet.microsoft.com/en-us/library/bb632435.aspx
Active Directory system, user, or user group discovery is not possible.
User-targeted advertisements are not possible.
The client push installation method is not supported for workgroup client installation. For more information about installing the Configuration Manager client on workgroup computers, see http://technet.microsoft.com/en-us/library/bb680962.aspx
Global roaming is not possible. For more information about client roaming capabilities and behavior, see http://technet.microsoft.com/en-us/library/bb632476.aspx
Using a workgroup client as a branch distribution point is not supported. Configuration Manager requires that all site systems, including branch distribution point computers, are members of an Active Directory domain.
The out of band management feature is not supported for workgroup computers. For more information about out of band management, see http://technet.microsoft.com/en-us/library/cc161989.aspx
Hope this helps with your query,
-----
--If the reply is helpful, please Upvote and Accept as answer--