Share via

SCCM Clients over VPN and Windows Update options

SC_OC 61 Reputation points
2020-09-17T20:51:46.917+00:00

Hello,

Having troubles trying to set the correct settings to accomplish this. We have some machines that connect over VPN. When connected they should be getting Windows Updates from the Distribution Point (WSUS) but if the Distribution Point is not available or they are not connected to the VPN, i would like for them to get updates from Windows Update using there home internet connection.

Currently the client setting for Software Updates, we have the option "Enable software updates on clients" set to yes. Seems that in what research i have done that this should be set to no. Is this correct? Is there any other settings that we would want to set so that if the clients cannot update from the DP that they fallback to Windows Update?

Would also like to add that for the Automatic Deployment Rule, there is an option "If software updates are not available on distribution point in current, neighbor or site boundary groups, download from Microsoft Updates". Not sure if that setting would also play a part.

Thank you,

Steve

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,635 questions
0 comments
Accepted answer
  1. Jason Sandys 31,196 Reputation points Microsoft Employee
    2020-09-17T22:03:58.683+00:00

    There is no direct path to achieve this.

    Currently the client setting for Software Updates, we have the option "Enable software updates on clients" set to yes. Seems that in what research i have done that this should be set to no. Is this correct?

    Why would you set this to no? That does exactly what it says: disables software updates completely.

    The setting you reference still requires the client to communicate with an MP and SUP so will not achieve your goal.

    Have you reviewed using a Cloud Management Gateway (CMG) or Windows Update for Business (WUfB)?

    2 people found this answer helpful.
    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. SC_OC 61 Reputation points
    2020-09-17T22:52:07.58+00:00

    Hello,

    We have the option to set to yes. I am just looking for feedback to see how it is possible for the client machine to get updates from SCCM (WSUS) and if that is not available then from Windows Update. Is it not possible to do this without introducing the other options you mentioned?

    I am not familiar with the Cloud Management Gateway or Windows Update for Business so that is something i will read up on.

    Thank you!

    Steve

    0 comments
  2. Adam J. Marshall 9,121 Reputation points MVP
    2020-09-18T12:18:32.79+00:00

    If you just had WSUS, I would suggest
    https://www.ajtek.ca/wsus/externally-facing-wsus-servers/

    It probably has the same setup as SCCM's unless you're using a CMG/WUfB (https://www.ajtek.ca/wsus/windows-update-for-business-why-should-i-choose-it/)