How to / Nasıl yaparım:


·         Download SCUP 2011 from this link -

·         Locate SystemCenterUpdatesPublisher.msi and double click on it to start the installation of SCUP 2011. 

·         Click "Install Microsoft Windows Server Update Services 3.0 Sp2 hotfix" if it is not installed already and click Next to continue



·         Accept the License Agreement and click Next until you reach Finish option.

Importing updates to SCUP 2011

·         Once SCUP 2011 is installed successfully then connect to SCUP 2011 console


·         Choose "Specify the path to the catalog to import" (choose the CAB file path you imported in earlier section from SCUP 4.5)

·         Choose Next until you see the successful message of imported updates

 Configuring SCUP 2011

·         Connect to SCUP 2011 console and choose "Options"

·         Check "Enable publishing to an update server" option under "Update Server" tab

·         If Update server is local then choose "Connect to a local update server" else choose "Connect to a remote update server" and specify the name and port number


·         Click on "Test Connection" and make sure it is able to connect successfully

·         Under "ConfigMgr Server" tab, check "Enable Configuration Manager integration" option and choose local or remote ConfigMgr server accordingly. Again, click on "Test Connection" to make sure it is able to connect successfully.

·         Set Proxy Settings and other options under Advanced tab according to your environment.

Setting up GPO to deploy Certificate

Creating GPO for the domain



If you already had deployed Certificate during SCUP 4.5 and if it is not expired then you don't have to re-deploy and do not need to go through this process. This only applies if you never deployed SCUP 4.5 and are installing SCUP 2011 for the first time.

·         Connect to Group Policy Management through MMC

·         Browse through the Domain and right click and choose "Create a GPO in this domain, and Link it here…" option


·         Fill out the Name and Source Starter GPO information

·         Right click on that GPO you just created and click "Edit"

·         Go to Computer Configuration à Policies à Administrative Templates à Windows Components à Windows Update à "Allow signed updates from an intranet Microsoft update service location" àEnabled


·         Once you create above GPO then refresh group policy on any client which is part of the domain and check the following registry key to make sure this GPO has been applied properly:

HKLM à Software à Policies à Microsoft à Windows à Windows Update à AcceptTrustedPublisherCerts and the value for this REG_DWORD is set to 1 as shown below:



Creating Package/Program for distribution of Certificate to client systems



You need to deploy certificate to all of the systems that are ConfigMgr clients in your environment.



·         Create Package with the following files as a source:

1.       Certutil.exe (This file is part of Windows 2003 server and located under %windir%\system32, by default.)

2.       Certadm.dll (This file is part of Windows 2003 server and located under %windir%\system32, by default.)

3.       SCUPCert.cer (This file is the one you exported from WSUS server)

4.       Create a program (to store certificate to TrustedPublisher) using the following options and command line:

·         Command Line: certutil.exe -addstore TrustedPublisher SCUPCert.cer

·         Run: Hidden

5.       Create a second program (to store certificate to the Root) using the following command line and options (i.e. dependency chain with first program):

·         Command Line: certutil.exe -addstore Root SCUPCert.cer

·         Run: Hidden

6.       Deploy "SCUP 2011 Cert Root program" as this root program is running another program first.

7.       Once you are done with deployment of the certificate then you will be able to deploy SCUP updates to your ConfigMgr environment. You can also add partner catalog right from the SCUP console using the process defined in the following section.

Adding and deploying partner catalog


·         Connect to SCUP 2011 console and click on "Add Partner Software Updates Catalogs"

·         Highlight the catalog and click on Add

·         Go to Catalogs tab and you will see the list of catalogs. Highligt the one you want to import and right click and choose "Import"

·         Follow the wizard by clicking Next  



·         Once 3rd party catalog is successfully imported into SCUP then you need to publish those updates so that they can be synced with ConfigMgr

·         Click on Updates tab and choose the updates you want to publish as shown below 

·         Choose appropriate publish options as shown below and follow the wizard to complete the publish process

·         Once Updates are published then you can sync them with ConfigMgr using ConfigMgr console. Once they are in ConfigMgr console then those updates are available for deployment just like any other Microsoft updates

·         To run the sync, connect to the ConfigMgr 2007 console and browse through Software Updates node and right click on "Update Repository" and choose "Run Synchronization" option

·         Review WsyncMgr.log and notice the following:

·         Once they are successfully synchronized with ConfigMgr then you will be able to see it in the console and able to deploy them just like any other updates.





İsmail Şen