Jump to content


  • 0
blaf

SCCM Windows Updates - restart policy and failed updates

Question

1. I am preparing Windows updates deployments with SCCM in medium size company - around 500 computers.

In my test environment I deployed Windows updates for last 6 months, more than 200 definitions got updated but a couple failed temporarily on some machines. When I mentioned temporarily they are installed after retry in software center.

Challenge is the notification in status bar which shows that update failed, even though more than 200 updates got installed notification points to a couple of failing updates.

I can hide all notifications when I configure settings for deployment and keep only end user notified for computer restart. This will probably bypass failing updates notification but will NOT install those required updates.

If I keep this notifications enabled then end users will generate numerous tickets for Help Desk assuming updates are not installing properly.

I can't send introductory email to 500 people with something like:

"If you notice you have a couple of updates which failed please hit retry in software center and they will get installed"

 

What are the best practices in the industry?

 

2. Second thing would be restart policy with SCCM. We can configure in Administration/Client Settings/Default Client Settings ( or create a custom client settings) /Computer Restart option to reboot computer max 24hours after updates are installed.

(Display a temporary notification to the user that indicates the interval before the user is logged off or the computer restarts(minutes)) - max 1440min = 24h

 

This will make sure that updates are being installed and computer is compliant. But it's not that simple as it seems.

VIP people don't want to be forced to reboot their computers after 24 hours if they are in the middle of presentation or on meeting.

It's really hard to plan and reboot computer prior to important events but there is no option to postpone.

If we don't make reboot mandatory ( in group policy on domain controller ) than computers will be vulnerable.

There are other tools on the market, like shutdown tool from coretech group, not sure if this tool could reboot computers which are not even patched by mistake after 7 days. I need to test this tool in my lab.

Any advice, the best solutions out there?

Thanks,

Blaf

Share this post


Link to post
Share on other sites

0 answers to this question

Recommended Posts

There have been no answers to this question yet

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.