dedmete Posted February 14, 2014 Report post Posted February 14, 2014 Hello all, We have recently setup SCCM 2012 SP1. The only thing I'm using it for right now is Endpoint Protection and definition updates. I'd like to start rolling out security updates for Windows and Office. I'm a bit confused on where to start. A little history: We recently went through a forest migration to facilitate a domain name change (no fun). In the old forest/domain, I used WSUS to push all updates. I did not migrate the WSUS server to the new domain, it's since been decommissioned. We migrated most clients over to the new domain starting around the end of November. Everyone has been migrated now so its time to start pushing updates out. I've got all my OS based collections setup. 1st question: Do I need to create separate collections for x32 and x64 for Windows 7? Right now they're all in one collection 2nd question: Do I need to create an initial software update group that contains ALL available updates? All workstations should have all updates installed that were available up to November 2013. I was going to create a group that contained all updates from 11/2013 to current, deploy that, and then create an ADR to grab new updates every month. I've read so many different ways to do this, I'm a bit confused. Most examples I've read for deploying updates with SCCM where all geared towards a lab environment. 3rd question: When you create update packages, what criteria are you using in the search option? I just want to make sure I get the right updates deployed. I was thinking I should filter by Product, Expired-No, Superseded-No, Bulletin ID contains-MS. Would that list all security updates for Windows or the different versions of Office (depending on the product I select)? Where running XP-8.1 and Office 2003-2013. Thanks for you help. BTW, the SCCM tutorials on this website are awesome. I used a lot of what I read in the tutorials and the forums here to get my environment setup. Quote Share this post Link to post Share on other sites More sharing options...
Stonelion Posted February 18, 2014 Report post Posted February 18, 2014 Would you be using WSUS integrated with SCCM? I find the intelligence you get with this combination makes targeting the correct patches to the right machines much easier. The answer to your questions would rely on how you had your WSUS and SCCM set up. Quote Share this post Link to post Share on other sites More sharing options...
dedmete Posted February 18, 2014 Report post Posted February 18, 2014 Would you be using WSUS integrated with SCCM? I find the intelligence you get with this combination makes targeting the correct patches to the right machines much easier. The answer to your questions would rely on how you had your WSUS and SCCM set up. Yes. I have WSUS installed on my SCCM server (all roles are on the same box). Quote Share this post Link to post Share on other sites More sharing options...
