volk1234 Posted May 24, 2012 Report post Posted May 24, 2012 HI, Can anybody tell properly how to manage Windows Updates whith SCCM in real world? not in LAB. What is the Best practice to organize update groups? And how to maintain previously created packages - how to automate deletion of not required updates from update group? Quote Share this post Link to post Share on other sites More sharing options...
anyweb Posted May 24, 2012 Report post Posted May 24, 2012 it's different for every company, however there are scripts for deleting unused updates from packages such as this one here. Quote Share this post Link to post Share on other sites More sharing options...
volk1234 Posted May 25, 2012 Report post Posted May 25, 2012 So, how many packages i need usually ? One for Windows updates, one for Office updates and some other updates- ? Or i have too make packages whith criteria -requared? Quote Share this post Link to post Share on other sites More sharing options...
josharldt Posted May 25, 2012 Report post Posted May 25, 2012 Like Niall said, it's different for every company... I have found that, for my organization, the following works well: 1. Create a Software Update Group for the updates that you will be deploying this month along with a Deployment Package. The naming convention should have the month and year so it's easy to keep track of. 2. Create a Software Update Group named All Software Updates and a Deployment Package with the same name. 3. Deploy the Software Update Group for the current month as a WOL enabled required deployment. 4. Once the current months updates have been successfully deployed. Move the current months patches to the All Software Updates group. 5. Delete the current months Software Update Group and Deployment package. 6. Deploy the All Software Updates group to All Systems as Available with WOL disabled. So, basically what we do is deploy the current months updates, then roll them up into another Software Update Group that is always set to Available just in case some machines missed the deployment. This way the users that missed the deployments can install them on their own leisure due to politics... I hope this gives you some ideas so that you can come up with a process that works well for your organization. 1 Quote Share this post Link to post Share on other sites More sharing options...
volk1234 Posted May 25, 2012 Report post Posted May 25, 2012 For example: i have all my servers in Windwos 2008R2 collection. I had deploy windows updates whith criterias Product,Buleten ID I had deploy Office updates to all servers- but there onle 2 servers have Office installed. But there are still many updates needet to aplay- Report Viewer for only one server, and so on. How i must to deploy them ?? Quote Share this post Link to post Share on other sites More sharing options...
volk1234 Posted May 26, 2012 Report post Posted May 26, 2012 josharld can you post some pictures- how you doing your updates... Quote Share this post Link to post Share on other sites More sharing options...
Howard Posted June 25, 2012 Report post Posted June 25, 2012 I acutually like to bump this subject as I find myself struggling to come up with a normal or typical deployment. First Question I have is for JOSH. I like the idea of pushing your updates up to all software updates group to protect you from a security hole, but what happens when you reach 500 updates. I thought there was a limit to the amount updates you could store in a group. How do you deal with the managment of updates groups....i.e. dropping the expired updates form the group? I think the site would benefit as a whole with a recommended procedures guide for this. In your guide on setup and setting up SCCM 2012 with Software Updates you only cover MS or security updates, it suttle but I think some people would miss it. Coming from a WSUS deployment to this is extremly frustrating because there seems like there is so much more work to do and more to think about.. I would love to see a guide that kinda gives the "best practices" for this type of user. I just want to say that I think that this website is by far the best resource on the web for SCCM 2012. KUDOS. 1 Quote Share this post Link to post Share on other sites More sharing options...
Howard Posted June 26, 2012 Report post Posted June 26, 2012 I also found this which is an interesting read. http://blogs.technet.com/b/server-cloud/archive/2012/02/20/managing-software-updates-in-configuration-manager-2012.aspx Quote Share this post Link to post Share on other sites More sharing options...
tmiller_hockey Posted June 26, 2012 Report post Posted June 26, 2012 So can someone explain how you would create an ADR that would automatically populate weekly and deploy to a Windows 7 machine collection? Quote Share this post Link to post Share on other sites More sharing options...
juice13610 Posted August 4, 2012 Report post Posted August 4, 2012 The problem with solutions mentioned in this blog post on technet is that it seems MS thinks anyone who is an SCCM admin has only SCCM as a responsibility. Also, it mentions creating huge compliance-only update groups (not deployed) that you can check to make sure your machines are patched, but it never mentions how to patch just the ones that need it. Do I have to check this compliance and then create collections with potentially hundreds of machines that missed an update 6 months ago? Doesn't really do a great job explaining, IMHO. I also found this which is an interesting read. http://blogs.technet...nager-2012.aspx Quote Share this post Link to post Share on other sites More sharing options...
