While this isn't strictly an O/S deployment question - I wasn't quite sure where else it would fit.

We currently run SCCM 2007 with WSUS 3.0 on Server 2008.

We are looking at rolling out ForeFront using SCCM which is interesting to say the least - however what I'm curious about is how the rest of you handle Client Updates (WSUS).

We currently have 2 WSUS servers.

What we'd like to do is have ALL ForeFront updates automatically installed on clients - but only if they have ForeFront installed (I know WSUS can do this by itself - bear with me).

We'd also like to be able to either install or push out additional windows updates as we see fit.

Now ideally - we'd like to use SCCM to just push them out as we can with other software but the instructions on how we'd do this aren't clear.

We could just approve the updates and let WSUS handle it - but we don't want it rebooting clients during the working day or scheduling the installs when the clients are turned off (hence - why we wanted SCCM to handle it).

Is this asking too much of WSUS and SCCM?

(We have 2 WSUS servers mostly because 1 of them was in-place prior to SCCM being implemented and now SCCM also hosts its own WSUS server)

Any thoughts - ideas - anything useful regarding SCCM/ForeFront/WSUS ?

Thanks,

Az