Currently we have 1 central site and 4 child primary site. The child sites are regionalized. We have WSUS install on all site servers but only the central site goes out to internet to get windows update. Patches are then roll down to child primary sites. When i installed SCUP for configmgr, We install SCUP on the central site and we publish the 3rd party patches from the central site and let it roll down to the child site. I would like each child site to be able manage their own 3rd party patches deployment but also at the same time control by central site what 3rd party patches are available for the child sites. In a setup like this where should i install the configmgr extension pack? Do i need to install EP at each location where i have a site server/wsus? Is it not recommended to install EP on a site server? Thanks. |