we are moving looking to move away from WSUS/GPO windows patching to SCCM and i have read and bookmarked quite a bit on configuring windows patching in SCCM and have it setup and tested and it seems to be working as it should, however i have one sticking point that i could use some clarifying on. we have/had our WSUS patching broken down by AD security groups with pc's targeted in each group for instance WSUS_Servers and for that said policy we had it set via GPO where automatic updates were enabled and set to option 4 to download and install but to not reboot with a user logged on in which servers had to be manually rebooted when it wouldn't affect production... i.e... early AM hours or weekends for mailservers, fileservers, web servers, etc, etc. I would like to duplicate that scenario if possible IN SCCM so that an admin or on call technician reboots all critical servers after the patches have been installed, due to our environment and how it was setup(incorrectly i might add) which we are address as well. Currently have a deployment deadline for those critical servers to be no later than 2 weeks after they become availiable to install a 3AM in the morning and the suppress reboot option for servers is set is that the best way to approach this or to use maintenance windows for those collections
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
we are moving looking to move away from WSUS/GPO windows patching to SCCM and i have read and bookmarked quite a bit on configuring windows patching in SCCM and have it setup and tested and it seems to be working as it should, however i have one sticking point that i could use some clarifying on. we have/had our WSUS patching broken down by AD security groups with pc's targeted in each group for instance WSUS_Servers and for that said policy we had it set via GPO where automatic updates were enabled and set to option 4 to download and install but to not reboot with a user logged on in which servers had to be manually rebooted when it wouldn't affect production... i.e... early AM hours or weekends for mailservers, fileservers, web servers, etc, etc. I would like to duplicate that scenario if possible IN SCCM so that an admin or on call technician reboots all critical servers after the patches have been installed, due to our environment and how it was setup(incorrectly i might add) which we are address as well. Currently have a deployment deadline for those critical servers to be no later than 2 weeks after they become availiable to install a 3AM in the morning and the suppress reboot option for servers is set is that the best way to approach this or to use maintenance windows for those collections
Share this post
Link to post
Share on other sites