SCUP (System Center Updates Publisher) 2011 is out. You can download it here: http://technet.microsoft.com/en-us/systemcenter/bb741049
There is a TON of information on the above link. However, you do need to configure a few things that you need to do in Group Policy.
First you need to configure a GPO with the following: Computer > Administrative Templates > Windows Components > Windows Update | Allow Signed Content from intranet Microsoft Update services location. (NOTE: No other settings should be configured under Windows Update)
Then you need to install the SCUP certificates on the SCCM Site Server that is running SCUP. I chose to have SCUP issue a self signed cert. That cert is placed in Computer > WSUS > Certificates store. Export it to a location. Then you need to import it into the Computer > Trusted Publishers and Computer > Trusted Root Authorities stores.
Finally you need distribute the SCUP Self Signed cert to all the computers that you want to participate in SCUP deployments. To do this create a new GPO.
- To place the key in Computer > Trusted Root Authority store – Go to Computer Configuration > Windows Settings > Security Settings > Public Key Policies > Trusted Root Certificate Authorities. Right click Trusted Root Certificate Authorities and select import. Browse to the location where you exported the SCUP self signed cert.
- To place the key in the Computer > Trusted Publishers store – Go to Computer Configuration > Windows Settings > Security Settings > Software Restriction Policies. Right click Software Restriction Policies and select New Software Restriction Policies. Now navigate to Additional Rules. Right click Additional Rules and select New Certificate Rule. Browse to the location where you exported the SCUP self signed cert. Change the drop down to Unrestricted.
You can now deploy SCUP publications like Adobe patches!