none
Software updates ADR's RRS feed

  • Question

  • Hello,

    Have been setting up ADR's for Win 10 updates deployments but have a concern. I would like to have 3 tiers of the install timing for users:

    1st : Deployments made available for users to install at their leisure from the software center

    2nd : After say 1 week, install the updates as per maintenance windows in the evening.

    3rd : After 1 more week if not yet installed, just install no matter what at any time, with the standard notifications for reboots as per SCCM client settings.

    Tier 1 and 2 are easy with a deployment made 'available' with a deadline of 1 week and a maintenance window set on the collection.

    Problem I have with Tier 3 is that unless the computer is 'on' during a maintenance window, in theory, the updates may never install.

    Wake on Lan is not a viable option for us due a bunch of security reasons, .1x, limited dhcp leases etc. etc. I wont go into it. 

    The only idea I have had is to have another duplicate deployment in the ADR with a 2 week deadline, with the settings to ignore the maintenance windows. (untested so I don't know if it would work)

    Hope this makes sense, thanks in advance for any comments.

     

     



    Thursday, May 23, 2019 11:22 AM

Answers

  • This concept of a soft deadline and a hard deadline or a T1, T2, T3 has been discussed by and with the product team lately. There's nothing built in to automatically accomplish this today though.

    Running a script to set the ignore MW setting in the deployments at T3 is the easiest path that can see to get this done today.


    Jason | https://home.configmgrftw.com | @jasonsandys

    • Marked as answer by ChrisHardwick Friday, June 7, 2019 11:06 AM
    Thursday, May 23, 2019 2:02 PM

All replies

  • You can create configuration baselines based on the software updates. You could create a non-compliant message for the machines that dont get the updates installed longer than 1 one week, then have the non compliant devices be moved to another collection that doesnt include a maintenance window with those software updates deployed to them/

    Website: www.walshamsolutions.com Technical Blog: https://www.walshamsolutions.com/technical-blog Personal Blog: https://www.walshamsolutions.com/personal-blog Twitter: Dwalshampro

    Thursday, May 23, 2019 12:33 PM
  • Interesting, thankyou, will look into it as a possible solution. I would have to add an 'exclude' on the standard updates collection for those Tier 3 machines as maintenance windows are cumulative I believe.
    Thursday, May 23, 2019 12:41 PM
  • This concept of a soft deadline and a hard deadline or a T1, T2, T3 has been discussed by and with the product team lately. There's nothing built in to automatically accomplish this today though.

    Running a script to set the ignore MW setting in the deployments at T3 is the easiest path that can see to get this done today.


    Jason | https://home.configmgrftw.com | @jasonsandys

    • Marked as answer by ChrisHardwick Friday, June 7, 2019 11:06 AM
    Thursday, May 23, 2019 2:02 PM