ADR vs Endpoint Protection's Update Interval

[eyetea6]

I can't find the answer anywhere so I'd like to ask you all.

 

What is the reason for using ADR to deploy endpoint definition updates from the SCCM server when the clients already check for updates every 2 hours (or whatever interval you set)?

 

I don't understand why I would need to deploy from the server with ADR rules when the clients already handle checking for updates themselves. Am I misunderstanding something?

Thanks.

[Peter van der Woude]

The ADR makes the new updates available to the client and the Endpoint Protection interval makes sure the client will check for the new available updates.

[eyetea6]

The ADR makes the new updates available to the client and the Endpoint Protection interval makes sure the client will check for the new available updates.

 

What do you mean that it makes new updates available? I have SCCM 2012 downloading defintions every few hours so they are fresh. Are those updates not available until they are "deployed" somehow through the automatic deployment rules?

 

For example, if the ADR runs once per day at 3:00am and the clients check every two hours for updates, the clients will get a new update after 3:00am and then continue to check every 2 hours. If SCCM downloads new updates throughout the day, will the clients not be able to get them until the next morning when ADR runs again?

 

Secondly, if the client is updating from MicrosoftUpdate, do the ADR rules even matter?

 

Thanks. I'm just not sure what ADR really is and the literature I'm finding doesn't really answer my questions.

[Peter van der Woude]

It's actually three phases:

1. The SUP/WSUS will check with Microsoft for new updates.
2. The ADR will download the updates and make them available to the clients.
3. The client will check for available updates.

An ADR doesn't matter when the client updates directly from Microsoft Update.

[eyetea6]

Excellent.

One more question about SUP/ADR. I noticed that SCCM was only downloading definitions every 7 days. When I changed the sync schedule of SUP to daily, I then started seeing new updates every day in "All Software Updates" which were downloaded from Microsoft and put into the distribution point.

 

So since SUP is downloading the updates from Microsoft, what do you mean by your second point that "ADR will download updates?" Do you mean that ADR will download the updates from SCCM to the different distribution points or that ADR will download updates from Microsoft too?

 

Thank you.

[Peter van der Woude]

The SUP/WSUS will only get the metadata of the updates. That's is only the information about the update, like information about the OS, what it's for and where to download it. Then the ADR will really download the updates, add them to a package and deploy them to the clients.

[eyetea6]

I'm lost because I saw that I was only getting definition updates in "All Software Updates" every 7 days. Then after I changed the sync schedule for the SUP from 7 days to 1 days, I started getting updates every day. I didn't change any ADR though. Does that make sense?

[Peter van der Woude]

That makes sense, because what you see there is only the metadata of the update. When the update is really downloaded it has to be part of a Deployment Package.

[eyetea6]

Ah. Well that blows my mind.

I can see in patchdownloader.log that it is downloading at the time one of the ADRs are set. I was oblivious to this before and thought that SUP was responsible for downloading. But I guess since SUP started updating daily and getting the metadata, the daily ADR rule was then able to download daily.

 

Thanks.