We have recently setup SCCM 2012 SP1. The only thing I'm using it for right now is Endpoint Protection and definition updates. I'd like to start rolling out security updates for Windows and Office. I'm a bit confused on where to start. A little history: We recently went through a forest migration to facilitate a domain name change (no fun). In the old forest/domain, I used WSUS to push all updates. I did not migrate the WSUS server to the new domain, it's since been decommissioned. We migrated most clients over to the new domain starting around the end of November. Everyone has been migrated now so its time to start pushing updates out. I've got all my OS based collections setup.
1st question: Do I need to create separate collections for x32 and x64 for Windows 7? Right now they're all in one collection
2nd question: Do I need to create an initial software update group that contains ALL available updates? All workstations should have all updates installed that were available up to November 2013. I was going to create a group that contained all updates from 11/2013 to current, deploy that, and then create an ADR to grab new updates every month. I've read so many different ways to do this, I'm a bit confused. Most examples I've read for deploying updates with SCCM where all geared towards a lab environment.
3rd question: When you create update packages, what criteria are you using in the search option? I just want to make sure I get the right updates deployed. I was thinking I should filter by Product, Expired-No, Superseded-No, Bulletin ID contains-MS. Would that list all security updates for Windows or the different versions of Office (depending on the product I select)? Where running XP-8.1 and Office 2003-2013.
Thanks for you help.
BTW, the SCCM tutorials on this website are awesome. I used a lot of what I read in the tutorials and the forums here to get my environment setup.