I was wondering if anyone could give feedback or suggestions about the way that I have my updates setup currently incase there are any pitfalls that I haven't caught. I am running SCCM 2007 R2 on windows 2003 r2 ( I am working on upgrading it to Win 2008 r2 and SCCM 2007 r3).Before I get to far into a description of my environment I want to add that this entire process is scripted via powershell and run via a scheduled tasks and only requires intervention where specified as maintaining this manually would have been a nightmare.
Collections: I have a collection for each environment (Dev, Test, Prod) and sub collections for each Type of Machine ( Servers, Workstations, Laptops)
Search Folders: I have a Search Folder for each Product that I update via SCCM ( Windows XP, Windows 7, SQL 2005, etc...). The search folders are created to exclude all Superceded, Expired and excluded updates. I exclude updates from being added to the listby setting the custom severity to something other than nothing.
Update Lists: Each Product has an update list for each environment and type for each month within a given window everything older than the window is placed in a baseline Update List. For instance, I have Production-Workstation-Windows XP-201203 Update List that contains all of the updates for that month for Windows XP that will be targeted to the Production Workstations. For Production, I have a 6 month Update window so anything older than 6 months gets put into a baseline Update List ( i.e.- Production-Workstation-Windows XP-Baseline). I initially started doing this because I read that this helps for compliance reporting and because there is a best practice of no more that 500 updates in a given list. I can confirm that even with Windows XP. The update lists are created by parsing the applicable Search Folder and grouping them by Release Date.
Deployment Templates: For Each type of Environment and machine Type there is a deployment template created with all of the applicable rules and requirements (i.e. - Production-Workstation, Test-Server, etc....)
Update Assignments: For each Update list that is created, there is a corresponding Update Assignment assigned to the appropriate Collection based off of the appropriate Deployment Template
Update Packages: There is an update package for each month for each product (i.e. - Windows XP-201203, SQL 2005-201112, etc...)
Each time the script runs it cleans up anything that might have changed (downloads new updates, remove superceded, expired or excluded updates). And it sends out a notification of new updates to allow myself and the other admins to decide whether to exclude the update or not. I can confirm that all of the items created and maintained by this script works as described and I do not have any issues with corrupt or malformed objects of any kind.
Does having so many Update assignments create any issues? In the scenario described above, for production I would have 7 Assignments per product. So for a Production Windows XP machine with Office 2007, silverlight that would theoritically be 21 assigments ( I say theoretically because things like silverlight don't have updates all that often and empty Assignments, List, and packages are removed automatically). So far this setup has not presented any issues and we have been using it in production for a couple of months and all of the automatic features have been working (cleaning up updates, deploying new updates, etc... ). I am just looking for opinions from the group to see if any of this will cause any issues.
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
I was wondering if anyone could give feedback or suggestions about the way that I have my updates setup currently incase there are any pitfalls that I haven't caught. I am running SCCM 2007 R2 on windows 2003 r2 ( I am working on upgrading it to Win 2008 r2 and SCCM 2007 r3).Before I get to far into a description of my environment I want to add that this entire process is scripted via powershell and run via a scheduled tasks and only requires intervention where specified as maintaining this manually would have been a nightmare.
Collections: I have a collection for each environment (Dev, Test, Prod) and sub collections for each Type of Machine ( Servers, Workstations, Laptops)
Search Folders: I have a Search Folder for each Product that I update via SCCM ( Windows XP, Windows 7, SQL 2005, etc...). The search folders are created to exclude all Superceded, Expired and excluded updates. I exclude updates from being added to the listby setting the custom severity to something other than nothing.
Update Lists: Each Product has an update list for each environment and type for each month within a given window everything older than the window is placed in a baseline Update List. For instance, I have Production-Workstation-Windows XP-201203 Update List that contains all of the updates for that month for Windows XP that will be targeted to the Production Workstations. For Production, I have a 6 month Update window so anything older than 6 months gets put into a baseline Update List ( i.e.- Production-Workstation-Windows XP-Baseline). I initially started doing this because I read that this helps for compliance reporting and because there is a best practice of no more that 500 updates in a given list. I can confirm that even with Windows XP. The update lists are created by parsing the applicable Search Folder and grouping them by Release Date.
Deployment Templates: For Each type of Environment and machine Type there is a deployment template created with all of the applicable rules and requirements (i.e. - Production-Workstation, Test-Server, etc....)
Update Assignments: For each Update list that is created, there is a corresponding Update Assignment assigned to the appropriate Collection based off of the appropriate Deployment Template
Update Packages: There is an update package for each month for each product (i.e. - Windows XP-201203, SQL 2005-201112, etc...)
Each time the script runs it cleans up anything that might have changed (downloads new updates, remove superceded, expired or excluded updates). And it sends out a notification of new updates to allow myself and the other admins to decide whether to exclude the update or not. I can confirm that all of the items created and maintained by this script works as described and I do not have any issues with corrupt or malformed objects of any kind.
Does having so many Update assignments create any issues? In the scenario described above, for production I would have 7 Assignments per product. So for a Production Windows XP machine with Office 2007, silverlight that would theoritically be 21 assigments ( I say theoretically because things like silverlight don't have updates all that often and empty Assignments, List, and packages are removed automatically). So far this setup has not presented any issues and we have been using it in production for a couple of months and all of the automatic features have been working (cleaning up updates, deploying new updates, etc... ). I am just looking for opinions from the group to see if any of this will cause any issues.
Thanks in advance for any suggestions,
TimN_FL
Share this post
Link to post
Share on other sites