gallery.technet.microsoft.com€¦ · web viewif the server is on a remote host, export the...
TRANSCRIPT
![Page 1: gallery.technet.microsoft.com€¦ · Web viewIf the server is on a remote host, export the certificate and import it on the Configuration Manager server. Next export the certificate](https://reader034.vdocument.in/reader034/viewer/2022042309/5ed7114662136e72fb7bc654/html5/thumbnails/1.jpg)
SCUP Integration with SCCM
What is SCUP 2011
SCUP 2011 is a free updates publishing and authoring application. You can benefit from this application by downloading free catalogs from vendors Like Adobe, HP and Dell. Furthermore you can author you own updates and publish those to WSUS.
You can download SCUP 2011 from - http://www.microsoft.com/downloads/en/details.aspx?FamilyID=083f45ca-1ede-4f7a-be74-77854c3a9b01&displaylang=en
SCUP requirements Supported Operating Systems
- Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2
Windows Server Update Services (WSUS) 3.0 SP2 .NET Framework 4.0 Trusted Signing Certificate
System requirement for SCUP installation
Supported Operating Systems: Windows 7 Service Pack 1, Windows Server 2008 R2 SP1, Windows Server 2008 Service Pack 2, Windows Vista Service Pack 2
Windows Server Update Services 3.0 (WSUS) Service Pack 2 full or Administrator Console installed
Must install WSUS 3.0 SP2 hotfix Download and install the WSUS hotfix WSUS-KB2530678-x86 or WSUS-KB2530678-x64 from http://support.microsoft.com/?kbid=2530678
Download and install .Net Framework 4.0 from http://www.microsoft.com/downloads/en/details.aspx?FamilyID=9cfb2d51-5ff4-4491-b0e5-b386f32c0992&displaylang=en
(Note : If SCUP,WSUS & SCCM all are on 3 different boxes, then WSUS hotfix needs to be installed on all 3 systems)
Screenshots of installation of SCUP
![Page 2: gallery.technet.microsoft.com€¦ · Web viewIf the server is on a remote host, export the certificate and import it on the Configuration Manager server. Next export the certificate](https://reader034.vdocument.in/reader034/viewer/2022042309/5ed7114662136e72fb7bc654/html5/thumbnails/2.jpg)
Click Next
It will ask for the prerequisites to be installed first, it will also ask you to install .Net framework 4.0 to be installed before continuing the installation
![Page 3: gallery.technet.microsoft.com€¦ · Web viewIf the server is on a remote host, export the certificate and import it on the Configuration Manager server. Next export the certificate](https://reader034.vdocument.in/reader034/viewer/2022042309/5ed7114662136e72fb7bc654/html5/thumbnails/3.jpg)
Click Next
Select the installation path and click OK
![Page 4: gallery.technet.microsoft.com€¦ · Web viewIf the server is on a remote host, export the certificate and import it on the Configuration Manager server. Next export the certificate](https://reader034.vdocument.in/reader034/viewer/2022042309/5ed7114662136e72fb7bc654/html5/thumbnails/4.jpg)
Click Next to start the installation
Click Finish
![Page 5: gallery.technet.microsoft.com€¦ · Web viewIf the server is on a remote host, export the certificate and import it on the Configuration Manager server. Next export the certificate](https://reader034.vdocument.in/reader034/viewer/2022042309/5ed7114662136e72fb7bc654/html5/thumbnails/5.jpg)
Configuration of SCUPStart System Center Updates publisher from the start menu. From the Ribbon click Options.
For installations with a local WSUS: Select Connect to a local update server. For installations with a remote WSUS: Select Connect to a remote update server and type: Name: SCCM4 Port: 8530
![Page 6: gallery.technet.microsoft.com€¦ · Web viewIf the server is on a remote host, export the certificate and import it on the Configuration Manager server. Next export the certificate](https://reader034.vdocument.in/reader034/viewer/2022042309/5ed7114662136e72fb7bc654/html5/thumbnails/6.jpg)
Click Test Connection and click OK in the dialog.
In Signing Certificate click Create and OK. Only select this option if you do not have an existing WSUS signing certificate.
![Page 7: gallery.technet.microsoft.com€¦ · Web viewIf the server is on a remote host, export the certificate and import it on the Configuration Manager server. Next export the certificate](https://reader034.vdocument.in/reader034/viewer/2022042309/5ed7114662136e72fb7bc654/html5/thumbnails/7.jpg)
(Note: The moment you create the certificate, you will find a new self signed certificate created on WSUS server, you can verify that certificate while looking into WSUS certificate store with the name: WSUS Publishers Self-signed)
Click ConfigMgr Server
![Page 8: gallery.technet.microsoft.com€¦ · Web viewIf the server is on a remote host, export the certificate and import it on the Configuration Manager server. Next export the certificate](https://reader034.vdocument.in/reader034/viewer/2022042309/5ed7114662136e72fb7bc654/html5/thumbnails/8.jpg)
For installations on the site server: Select Connect to a remove Configuration Manager Server and type: Click Test Connection and OK in the dialog. For installations on a remote server or workstation: Type: SCCM4 Requested client count threshold: 1 Package source size threshold: 30 Click OK to close the configuration.
Placing the self signed certificate in appropriate location
Next you'll need to import the certificate into Trusted Publisher and Trusted Root Publishers.
Select Start, Run and type MMC
![Page 9: gallery.technet.microsoft.com€¦ · Web viewIf the server is on a remote host, export the certificate and import it on the Configuration Manager server. Next export the certificate](https://reader034.vdocument.in/reader034/viewer/2022042309/5ed7114662136e72fb7bc654/html5/thumbnails/9.jpg)
Click Ctrl+M and click Add to add a snap-in to the console. Select Certificates and click Add.
Select Computer account and click Next.
![Page 10: gallery.technet.microsoft.com€¦ · Web viewIf the server is on a remote host, export the certificate and import it on the Configuration Manager server. Next export the certificate](https://reader034.vdocument.in/reader034/viewer/2022042309/5ed7114662136e72fb7bc654/html5/thumbnails/10.jpg)
Click Finish Click Add and Close to return to the MMC with Certificate snap-in
Select Certificates, WSUS, Certificates
![Page 11: gallery.technet.microsoft.com€¦ · Web viewIf the server is on a remote host, export the certificate and import it on the Configuration Manager server. Next export the certificate](https://reader034.vdocument.in/reader034/viewer/2022042309/5ed7114662136e72fb7bc654/html5/thumbnails/11.jpg)
Right click the WSUS Publisher Self-signed certificate, select Copy.
Select Certificates, Trusted Root certification Authorities, Certificates. Right click and select Paste
Select Certificates, Trusted Root certification Authorities, Certificates. Right click and select Paste
![Page 12: gallery.technet.microsoft.com€¦ · Web viewIf the server is on a remote host, export the certificate and import it on the Configuration Manager server. Next export the certificate](https://reader034.vdocument.in/reader034/viewer/2022042309/5ed7114662136e72fb7bc654/html5/thumbnails/12.jpg)
Select Certificates, Trusted Publishers, Certificates. Right click and select Paste. Notice, the certificate must also be imported on the Configuration Manager server. If the server is on a remote host, export the certificate and import it on the Configuration Manager server.
Next export the certificate so it can be deployed using a ConfigMgr. Package. Right click the certificate, select All Tasks, Export.
![Page 13: gallery.technet.microsoft.com€¦ · Web viewIf the server is on a remote host, export the certificate and import it on the Configuration Manager server. Next export the certificate](https://reader034.vdocument.in/reader034/viewer/2022042309/5ed7114662136e72fb7bc654/html5/thumbnails/13.jpg)
Click Next.
Self signed certificate needs to be copied on each Trusted Root CA & Trusted publishers store for each and every client system in your environment. This can be accomplish through any 3 steps mentioned below:
Step 1. Perform the Manual Copy paste of the certificate on each and every system by accessing their Computer personal store(Practically not feasible)Step 2. Using Group Policy to add the certificate to clients appropriate certificate storeProcedure:
export the certificate
Click Next
![Page 14: gallery.technet.microsoft.com€¦ · Web viewIf the server is on a remote host, export the certificate and import it on the Configuration Manager server. Next export the certificate](https://reader034.vdocument.in/reader034/viewer/2022042309/5ed7114662136e72fb7bc654/html5/thumbnails/14.jpg)
Click Next.
![Page 15: gallery.technet.microsoft.com€¦ · Web viewIf the server is on a remote host, export the certificate and import it on the Configuration Manager server. Next export the certificate](https://reader034.vdocument.in/reader034/viewer/2022042309/5ed7114662136e72fb7bc654/html5/thumbnails/15.jpg)
Click Next.
![Page 16: gallery.technet.microsoft.com€¦ · Web viewIf the server is on a remote host, export the certificate and import it on the Configuration Manager server. Next export the certificate](https://reader034.vdocument.in/reader034/viewer/2022042309/5ed7114662136e72fb7bc654/html5/thumbnails/16.jpg)
![Page 17: gallery.technet.microsoft.com€¦ · Web viewIf the server is on a remote host, export the certificate and import it on the Configuration Manager server. Next export the certificate](https://reader034.vdocument.in/reader034/viewer/2022042309/5ed7114662136e72fb7bc654/html5/thumbnails/17.jpg)
Export the certificate by giving any name
Click Finish.
![Page 18: gallery.technet.microsoft.com€¦ · Web viewIf the server is on a remote host, export the certificate and import it on the Configuration Manager server. Next export the certificate](https://reader034.vdocument.in/reader034/viewer/2022042309/5ed7114662136e72fb7bc654/html5/thumbnails/18.jpg)
Step 3. Perform the Manual Copy paste of the certificate on each and every system by accessing their Computer personal store(Practically not feasible)
Deploy certificate by SCCM Package
To import signing certificate to “Trusted Publishers” and “Trusted Root Certification Authorities”Go to Console Root-> Certificates (Local Computer)-> (Trusted Publishers [and] Trusted Root Certification Authorities ) node-> Right Click-> All Tasks-> Import…-> enter path to exported certificate-> follow rest of defaults and complete wizard.
I know this can be a pretty manual task, but there are ways to automate it. One way that I know works is to use "CertUtil.exe" to deploy the certificates. In ConfigMgr 2007 you can create a program that contains CertUtil.exe (found in Windows Server 2003 Administration
![Page 19: gallery.technet.microsoft.com€¦ · Web viewIf the server is on a remote host, export the certificate and import it on the Configuration Manager server. Next export the certificate](https://reader034.vdocument.in/reader034/viewer/2022042309/5ed7114662136e72fb7bc654/html5/thumbnails/19.jpg)
Tools Pack) and your exported certificate. You want to call run both commands on each machine by advertising each program.
To place in "Trusted Root Certification Authorities" store call "certutil.exe -addstore ROOT <certname>.cer"To place in "Trusted Publishers" store call "certutil.exe -addstore TrustedPublisher <certname>.cer"
Now that you have the signing certificate stored in all the right places the last setup step is to tell Windows Update agent to accept updates signed by entities other than Microsoft.