I do not understand SCCM 2012 windows updates

[cyr0nk0r]

Ok, so there seems to be some changes in terms when moving from wsus to sccm2012.

 

Previously, I maintained a wsus server on 2008 r2. I created 2 collections, workstations and servers.

Workstations were all XP systems

Servers were any 2003 or 2008 r2 machine.

 

I then set an auto-approve rule to automatically approve any critical updates to XP and apply it to the workstations collection. I then point each machine to WSUS in group policy and everything just worked.

 

I am looking to replicate the exact same behavior with SCCM. Every guide I can find (especially ones in this forum) only show you how to setup this insanely complex series of creating ADR's for 1 month updates, patch tuesday updates, then creating new software update groups for every week after patch tuesday and all this nonsense.

All I want is critical updates to automatically download from Microsoft, auto-approve, then auto-deploy to a collection. I don't want to ever touch it again. I don't need or care about reporting after every patch tuesday and all that. I just want a set and forget solution. Nothing I can find mentions how to set something like this up.

 

Can someone explain the series of steps needed to get updates automatically downloaded and deployed to a collection without me having to do anything after its initially configured?

[Rocket Man]

Well thats what the ADR does, you CAN create one for each OS type, schedule when it will evaluate(every month, week, daily etc).

During the setup of them initially, you will have the option to distribute to your DP(s) and to what collection to deploy it to, this will be the only time you'll have to this, as when the rule runs again whether it be monthly, weekly, daily etc, it will pull down the new updates into the update package, distribute automatically out to DP(s), and then the client on the machines knows to pull updates from the DP and which updates are needed depending on flavour of OS the client is installed on!

 

Have never tried it but you could possibly have one ADR with all updates in it for all OS types and deploy this to the all systems collection!

[willisj318]

 

 

Have never tried it but you could possibly have one ADR with all updates in it for all OS types and deploy this to the all systems collection!

 

 

I did this in my lab, it works fine. I guess it really depends what you want to report against and all that. <--- This is pretty much how we do it for 2007 as well. We deploy one big updates package to an update collection with anything that needs to be patched.