Stonelion Posted October 8, 2014 Report post Posted October 8, 2014 Hi, I am trying to find some help with deploying windows server patches to production servers without deploying the current months group of patches. Here is some background - we have one SCCM 2012 R2 CU2 server with integrated WSUS v3.2. We have two groups of servers, one for the test environment and one for the production environment. These groups are patched using ADR's and have been working great (thanks for the documentation you provided on how to set this up). I have deployed the latest patches to the test environment - the easy part. I would also like to deploy all patches apart from the latest months of patches to the production servers, this would give us a months window to check that the latest set of patches won't have a negative impact. i would like to automate this on a monthly basis Does anyone have any suggestions on the best way to achieve the production environment part of the scenario? The rest is working fine. Thanks for your input. Quote Share this post Link to post Share on other sites More sharing options...
Steve G. Posted October 16, 2014 Report post Posted October 16, 2014 If you wish to vet your updates for your servers, you simply don't use ADR's. ADR's were created primarily as a way to push out FEP definition updates on a daily basis, as an alternative to going into WSUS and auto-approving them. Thus, they lack some common-sense functionality like excluding updates that are too recent. Instead, create a custom software update search that excludes the last two months, and deploy that. Save that custom search and you can use it every month to add new patches to the SUG, or create a new SUG to deploy every month (whether to use the former or latter mostly has to do with how you handle server reboots). Quote Share this post Link to post Share on other sites More sharing options...
