We have deployed SUS for clients (desktops and laptops). The good part is it works reasonably well, and (surprise!)...
even remote (VPN) clients get their patches. Some SUS clients still get the Windows Update icon in their system tray prompting them to install new updates downloaded from Microsoft. The GPO settings specify local SUS server, install automatically at 6:00 a.m. every day and prompt for reboot.
Are the clients still getting their updates from the Windows Update Web site? (I know for sure they are getting the group policy and updates from SUS as well.) Do both update mechanisms co-exist on some PCs? How can Windows Update be completely disabled?
Make sure those clients have updated their GPO settings completely. You can double-check by verifying that the registry modifications have been made and they are retained after the computer reboots.
Related Q&A from Rod Trent
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.