Hassan Almanasrah Posted October 8, 2015 Report post Posted October 8, 2015 Many thanks for your guidances and support, I cam up with some questions for the part of pushing updates using SCCM 2012 which are below:1. In your post, Automatic update is enabled using GPO, isn't it better to be disabled?2. In Some comments on the post, discussion for is it necessary to us GPO of Windows updates for client or not. Can you please provide final decision if the two GPO settings regarding Windows update are necessary or not in the case we use SCCM 2012 for windows updates which integrates for sure WSUS, but not WSUS Explicitly.3. Why the serach criteria for Windows updates includes Bulletin ID as mandatory, while I can see some KBs in the lab with Bullitin ID, why these updates are neglected ???4. Could you please provide post explaining the below points: KB updates statistics: when we click on update circle appears on the right showing (Compliant, Required, Not required, Unknown), What are meanings? How are being evaluated? Evaluation is done for all Assets or the Assets related to the update? Next to Bulletin ID, there are Required, Installed and Percent Compliant columns, how these are laso evaluated and is it accurate. Also, the posts are showing how SUP is installed and configured and how Updates are installed, distributed and deployed, But the Best practice strategy is not provided. What I mean is how often updates being checked, like WSUS every Tuesday?? How the next bunch of updates are deployed?? Where to save the downloaded updates, is it to the first time we download or to create new folder for each group of update What the action will be done, if PC has been re-imaged? should it be added to special collection that will be deployed with all previous windows updates? and then moved to the correct collection?Again many thanks for your support, waiting your kind feedback. Quote Share this post Link to post Share on other sites More sharing options...
Garrett804 Posted October 22, 2015 Report post Posted October 22, 2015 You really should look into a 10748 Deploying System Center 2012 course or the 10747 course for Administering System Center 2012 as they both will not only answer these questions for you but give you insight on overall design and implementation. I say that because you seem to not have a grasp over the system at all and something like SUP and "best practices" don't really exist because everyone has a preference as to when/how/why depending on the industry and size of the organization. Here are some of my quick answers for you though. 1. Disable the GPO, either decide if you want SCCM controlling overall update compliance and deployment or leave it as automatic updates 2. SCCM SUP integrates with WSUS and has the ability to control 100% of the overall compliance, deployment, and reporting for WSUS 3. I'm not sure what exactly you are pointing out here but the SUP database just like a WSUS database is going to pull updates based on your criteria that you have given it upon setting it up. (example: Windows 7, critical/security updates, service packs) 4. The circles on the right are for overall compliance in the entire environment based on devices in your system with configuration manager clients installed. The meanings are either compliant (they have the update/updates installed), Not Compliant (They don't have them installed), Unknown (There has been no reported compliance back to the MP or FSP so the system does not know one way or the other) Again I'd recommend you get into some good training classes or find a local SCCM Group you can sit down with over coffee and have it not only verbally explained to you but maybe even demonstrated. Quote Share this post Link to post Share on other sites More sharing options...