none
How do YOU deploy windows updates via SCCM?

    Question

  • Hi All,

     

    We have been using SCCM for about 3 months now, mainly for OS deployment and haven't really spent much time looking at other features like software metering etc yet. We had a consultant come in and initially set everything up and one of the things they went through briefly with us was the software updates feature - they basically said that a common way of using this was to once a month (or once a week if you are keen) do a search for all updates released in the last month and then add all of those updates to an update list and create a new update package and deployment thing from them. So we've been doing that and now have 3 separate update lists/packages/deployment templates/whatever from the last 3 months worth of updates. Once a new machine has been built it picks up each of these packages (eventually) and gets the updates installed. All of the existing machines obviously just pick up the new updates when we create a new update package and set it for installation.

    I'm just wondering if this is how other people do it though? Is there a better way? Would it be better to just add the new updates to a single existing update package or would that then mean that we can't easily get them deployed to existing machines as well?

    Thanks

    Chris

    PS if anyone from the SCCM team is reading this - it really bugs me that the software updates section doesn't follow the same "Advertisement" system that the OS deployment and software deployment sections use... it feels very out of place and confusing to anyone new to the system.


    My website: www.cjwdev.co.uk My blog: cjwdev.wordpress.com
    Thursday, May 26, 2011 10:49 PM

Answers

  • At the moment we just create a new update list and new deployment package every month with that month's updates in, but this seems like it could get very messy in a few years time when we have potentially hundreds of these packages and lists... and we can't remove old ones because then new machines would not get the updates in those packages installed.


    My website: www.cjwdev.co.uk My blog: cjwdev.wordpress.com


    Yes, we may need to create new update list, new deployment package and distribute new package for every month. There could be updates getting superceded and we can remove them from package and update list. While building new machines either you can use software update feature in TS or you can update the image every 6 mponths with previous months patches.

    In SCCM 2012 we can see more improvements in terms of patch management.


    Anoop C Nair - This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Chris128 Tuesday, June 07, 2011 10:13 PM
    Monday, May 30, 2011 2:08 AM
  • Most of times when implementing Software Updates in SCCM I create Search Folders which will dynamically show new updates every month. There is the choice to create multiple Search Folders for different products or combine them in a single Search Folder.

    It is possible to create new Update Lists every month, and use the Deployment Templates (one for every collection used) for easy management of them. It is also possible to create a Update List named "Monthly Updates", and add new updates to the same Update List everytime.

    Then advertisements in Deployment Management (one for every collection) can be used to deploy them to your clients.

    Last thing is the Deployment Package. Microsoft says there can be 500 updates placed in a single package, so in my opinion you can re-use the same package everytime. That way it's easier to manage monthly updates, and only new Update Lists/Advertisements must be created.

    I have no blog written for Patch Management in SCCM 2007, but for SCCM 2012 it's present: http://henkhoogendoorn.blogspot.com/2011/04/patch-management-in-configmgr-2012-beta.html


    My ConfigMgr blog: http://henkhoogendoorn.blogspot.com Follow me on Twitter: @henkhoogendoorn
    • Marked as answer by Chris128 Tuesday, June 07, 2011 10:13 PM
    Tuesday, May 31, 2011 10:03 AM

All replies

  • See, very useful guide for software updates. Hope this helps !!!

     

    Guide to Software Updates Deployment in Configuration Manager 2007 

    Guide to Software Updates Deployment in Configuration Manager 2007 – Part 2

    and

    Information on the ConfigMgr 2007 client side process for Software Updates


    Anoop C Nair - This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Edited by Anoop C Nair Friday, May 27, 2011 1:55 AM http://blogs.technet.com/b/configurationmgr/archive/2009/08/20/guide-to-software-updates-deployment-in-configuration-manager-2007-part-2.aspx
    Friday, May 27, 2011 1:53 AM
  • On top of the articles from Anoop you can find useful information in the flowcharts - http://technet.microsoft.com/en-us/library/bb932171.aspx

     

    About the PS: In CM2012 all three objects are much more aligned and use the same terms like deployments, packages etc.


    Kent Agerlund | My blogs: http://blog.coretech.dk/author/kea/ and http://scug.dk/ | Twitter @Agerlund | Linkedin: /kentagerlund
    Friday, May 27, 2011 5:16 AM
  • Thanks guys, certainly useful resources but I don't think they really answer the question - I know what each of the bits in the Software Updates section do and how to use them, but what I'm asking is how other people actually manage this as new updates are released. I mean do you create a new update list and package every month/week for new updates or do you add all new updates to an existing package etc etc, and if you add them to an existing package, will clients that already installed this package get the new updates that have been added?

    At the moment we just create a new update list and new deployment package every month with that month's updates in, but this seems like it could get very messy in a few years time when we have potentially hundreds of these packages and lists... and we can't remove old ones because then new machines would not get the updates in those packages installed.


    My website: www.cjwdev.co.uk My blog: cjwdev.wordpress.com
    Sunday, May 29, 2011 6:39 PM
  • At the moment we just create a new update list and new deployment package every month with that month's updates in, but this seems like it could get very messy in a few years time when we have potentially hundreds of these packages and lists... and we can't remove old ones because then new machines would not get the updates in those packages installed.


    My website: www.cjwdev.co.uk My blog: cjwdev.wordpress.com


    Yes, we may need to create new update list, new deployment package and distribute new package for every month. There could be updates getting superceded and we can remove them from package and update list. While building new machines either you can use software update feature in TS or you can update the image every 6 mponths with previous months patches.

    In SCCM 2012 we can see more improvements in terms of patch management.


    Anoop C Nair - This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Chris128 Tuesday, June 07, 2011 10:13 PM
    Monday, May 30, 2011 2:08 AM
  • Most of times when implementing Software Updates in SCCM I create Search Folders which will dynamically show new updates every month. There is the choice to create multiple Search Folders for different products or combine them in a single Search Folder.

    It is possible to create new Update Lists every month, and use the Deployment Templates (one for every collection used) for easy management of them. It is also possible to create a Update List named "Monthly Updates", and add new updates to the same Update List everytime.

    Then advertisements in Deployment Management (one for every collection) can be used to deploy them to your clients.

    Last thing is the Deployment Package. Microsoft says there can be 500 updates placed in a single package, so in my opinion you can re-use the same package everytime. That way it's easier to manage monthly updates, and only new Update Lists/Advertisements must be created.

    I have no blog written for Patch Management in SCCM 2007, but for SCCM 2012 it's present: http://henkhoogendoorn.blogspot.com/2011/04/patch-management-in-configmgr-2012-beta.html


    My ConfigMgr blog: http://henkhoogendoorn.blogspot.com Follow me on Twitter: @henkhoogendoorn
    • Marked as answer by Chris128 Tuesday, June 07, 2011 10:13 PM
    Tuesday, May 31, 2011 10:03 AM
  • Thanks for the answers guys - guess we will just carry on doing what we are doing then... and look forward to SCCM 2012 ! :)
    My website: www.cjwdev.co.uk My blog: cjwdev.wordpress.com
    • Proposed as answer by BryacjUK Wednesday, December 19, 2012 1:57 PM
    Tuesday, June 07, 2011 10:13 PM
  • What I have learned about deploying Windows updates to a Build and Capture Reference machine is that you cannot have more then one Deployment Management, I had done nemerous testing with one package and multiple Deployment Management, Seperate packages and Templates and Deployment Management and Multiple "Install Updates" action in a Task Sequence, but Only one Deployment Runs no metter what, However when multiple deployments are assigned during the regular build the multiple Deployment Managements are applied, did anyone come accross this issue where multiple Deployment Management cannot run in Build and Capture.
    Thursday, June 28, 2012 5:36 PM
  • Have a look at softwarecentral dot com They have developed a web interface add on which is extremeley simple to use and you no longer need updates!!

    Only took 2 hours for them to remotely install it and we have had ZERO issues.

    Check it!

    Wednesday, December 19, 2012 2:00 PM
  • Hey Chris THANKS TO YOU, i was making a update list for month that's ok, but making a package for every "product" and deployments for every OS and in two years i have more than i can count ..... so from now on i only make one UL and one package, but i can erase the oldest packages and oldest deployments  so.. what can i do? can i just add the updates to a one package and make it like UPDATES BEFORE TODAY?

    Well sorry for mi english i only hope you can understand me.

    Thanks

    Wednesday, April 24, 2013 6:04 PM