locked
SCCM 2012 and ADR RRS feed

  • Question

  • server 2012 sccm 2012

    I'm starting my sccm 2012 environment and for our software updates I have created the following ADR:

    Required 1 or more for classifications Security, Critical,  Definitions, Service Packs, Featured Packs, Update Rollups and Update List and I'm wondering with this rule how I can prevent IE 9 or 10 from installing via software updates. Maybe and exception rule or what do you recommend? Thanks.

    • Moved by TorstenMMVP Monday, March 11, 2013 1:54 PM moved to Security & Compliance
    Monday, March 11, 2013 1:28 PM

Answers

  • They release browser upgrades as the "Update Rollup" classification.  I can't say it will always be that way, but they've used that classification since I started managing updates many years ago.

     

    I've heard some people suggest just not deploying the "Update Rollup" classification as a way to be sure not to deploy Internet Explorer upgrades.  I disagree with that approach since there are many many important Update Rollups that you should be deploying regularly.  But, you may get away with testing/deploying them manually rather than with an ADR.

     

    Nash


    Nash Pherson, Senior Systems Consultant
    Now Micro - My Blog Posts
    <-- If this post was helpful, please click "Vote as Helpful".

    • Marked as answer by jamicon Monday, March 11, 2013 5:44 PM
    Monday, March 11, 2013 5:22 PM
  • Torsten ->  Thanks for the info!  Does it support SQL Server SP1 yet?

     

    Jamicon ->  "I already have a functioning WSUS server"  If that WSUS server was being used for things other than supporting your Software Update Point, you will want to install another WSUS instance on your ConfigMgr server rather than reuse the old WSUS server.

    http://technet.microsoft.com/en-us/library/gg712696.aspx#BKMK_SUPInstallation

     

    The console is installed as a Feature on Server 2012 under Role Administration Tools > Windows Server Update Services Tools.

     

    I hope that helps,

     

    Nash


    Nash Pherson, Senior Systems Consultant
    Now Micro - My Blog Posts
    <-- If this post was helpful, please click "Vote as Helpful".

    • Marked as answer by jamicon Friday, March 15, 2013 4:07 PM
    Friday, March 15, 2013 3:29 PM

All replies

  • Jamicon, I'm sorry but there isn't a very easy or future-proof way to do this because ADR's aren't quite fully baked yet.

     

    The closest thing you can do is go through and identify all of the KB article ID's and add them to your ADR with a "-" in front of them.  This will get you through IE9 and IE10 because those are known articles, but when IE11 is released you will need to beat your ADR rule with the updated KB's before it deploys them.

      

    I hope that helps,

     

    Nash


    Nash Pherson, Senior Systems Consultant
    Now Micro - My Blog Posts
    <-- If this post was helpful, please click "Vote as Helpful".


    Monday, March 11, 2013 1:53 PM
  • very helpful thanks, will it always be one specific classification for the initail install?
    Monday, March 11, 2013 5:11 PM
  • They release browser upgrades as the "Update Rollup" classification.  I can't say it will always be that way, but they've used that classification since I started managing updates many years ago.

     

    I've heard some people suggest just not deploying the "Update Rollup" classification as a way to be sure not to deploy Internet Explorer upgrades.  I disagree with that approach since there are many many important Update Rollups that you should be deploying regularly.  But, you may get away with testing/deploying them manually rather than with an ADR.

     

    Nash


    Nash Pherson, Senior Systems Consultant
    Now Micro - My Blog Posts
    <-- If this post was helpful, please click "Vote as Helpful".

    • Marked as answer by jamicon Monday, March 11, 2013 5:44 PM
    Monday, March 11, 2013 5:22 PM
  • Think I just do that class manually until ADR grows up. You've been very helpful thanks!.
    Monday, March 11, 2013 5:44 PM
  • I hope you can answer this?

    I need to install the WSUS console ONLY on a server 2012, installing without the DB just creates problems. Will 3.0 work on server 2012 I don't want to rebuild another Site server. can you help?

    Friday, March 15, 2013 1:20 AM
  • In Windows Server 2012, WSUS is integrated with the operating system as a server role.  It is not supported with SQL Server 2012, so just use the Windows Internal Database when doing the install.


    Nash Pherson, Senior Systems Consultant
    Now Micro - My Blog Posts
    <-- If this post was helpful, please click "Vote as Helpful".

    Friday, March 15, 2013 1:26 AM
  • It is not supported with SQL Server 2012, so just use the Windows Internal Database when doing the install.




    That is no longer true. http://technet.microsoft.com/en-us/library/hh852344.aspx#BKMK_1_1.

    Torsten Meringer | http://www.mssccmfaq.de

    Friday, March 15, 2013 7:39 AM
  • Thanks for the replys!

    I must be missing something, I already have a functioning WSUS server, full install on a separet server. What I need is just the console on my site server now.

    Has anyone done this?

    Friday, March 15, 2013 3:17 PM
  • Torsten ->  Thanks for the info!  Does it support SQL Server SP1 yet?

     

    Jamicon ->  "I already have a functioning WSUS server"  If that WSUS server was being used for things other than supporting your Software Update Point, you will want to install another WSUS instance on your ConfigMgr server rather than reuse the old WSUS server.

    http://technet.microsoft.com/en-us/library/gg712696.aspx#BKMK_SUPInstallation

     

    The console is installed as a Feature on Server 2012 under Role Administration Tools > Windows Server Update Services Tools.

     

    I hope that helps,

     

    Nash


    Nash Pherson, Senior Systems Consultant
    Now Micro - My Blog Posts
    <-- If this post was helpful, please click "Vote as Helpful".

    • Marked as answer by jamicon Friday, March 15, 2013 4:07 PM
    Friday, March 15, 2013 3:29 PM
  • found it, thank you very much!
    Friday, March 15, 2013 4:08 PM