Software Update Point Client Install: Careful with those GPO settings
A bit of a rambling one, but bear with me...
Software Update Point client installation is a new client deployment option for ConfigMgr. At a very high level, it involves publishing the client as a required update in WSUS and then pointing your "clients to be" at the correct WSUS server from which they can install the client. How to do this is all covered in the online guidance here, so I won't repeat: How to Install Configuration Manager Clients Using Software Update Point Based Installation
You'll see that the article discusses the option of using GPO to tell clients which WSUS server to get the client from. This effectively stamps in the registry where the Windows Update Agent should go to get updates.
However, the same registry entry that is stamped by GPO is also the entry that once installed, the ConfigMgr client will want to configure to point to the SUP for its assigned site. This is where the problems can arise. If the GPO says one thing and the SCCM client wants to assign something else then each will be conflicting.
In many cases your OUs/AD sites etc will be organised in a way that means you can get away with setting the same server through GPO that SCCM would then assign later. Let's say for example that you had one SCCM primary site per domain, one of which we'll call DOMAINX. You could therefore set a GPO on DOMAINX that points to your primary site SUP and then once the client is installed, SCCM will configure the same SUP, as all your clients in DOMAINX will be assigned to that one site. All well and good.
Problems can arise if your SCCM infrastructure is organised differently to anything you can mirror in AD to apply the GPOs. Let's say for example you have a domain with two SCCM primary sites in. Each of these manages a set of subnets and you have no geographical data in your OU structure. We're also assuming here that the AD sites are not suitable to be used as SCCM sites (which is not always the case). You don't have a way to configure a GPO setting that is guaranteed to point to the same server that the client will want to point to once assigned.
There are a few troubleshooting steps related to this on the Microsoft web site that cover some of the issues you may see: http://technet.microsoft.com/en-us/library/bb735866.aspx. I highly recommend you read through it if you're considering this deployment option.
In summary though, before diving into using this client deployment method have a think about your AD structure versus your ConfigMgr structure to see if this method still makes sense.
There are also a few workarounds. The real issue here is caused because GPO settings will override the local policy settings that ConfigMgr configures. The solution if you don't have a nice matching domain environment is therefore to set the value without using GPO. A simple way to do this is via a script or a local policy. For example, you could send a script out that says "if this value isn't set yet then set it to SERVER_XYZ". You could still send the script out via GPO to ensure they go to a fairly local WSUS server for the client installation files. However, once the client in installed it will overwrite that value with the SUP for the assigned site. This will then remain in place as you don't have a GPO set to configure it to something else...