locked
Excluding IE 11 RRS feed

  • Question

  • Hi guys,

    I have a client which cannot have IE 11 installed on their machines, so I want to exclude any.

    I'm in the process of deploying a windows 7 baseline to all production workstations, so I created a software update group with all win 7 updates and created an initial package.

    If I were to select the same software update group (above) but exclude the IE 11 updates, saving it as a new software update group (Win 7 baseline excl. IE 11), then using this group and same package as was initially created (because this contains all the downloaded updates), this would be fine?

    I'm just not sure if using the same package is a problem, but it shouldn't be if I deploy the correct sup to collection?

    Hope this makes sense.

    Thanks - Travis

    Monday, April 25, 2016 1:52 PM

Answers

  • "then using this group and same package as was initially created"

    Using it where? You never use update packages. Update packages are containers for the update binaries only. They are not linked to or referenced by any other objects at all including update groups or update deployments. Clients will download update binaries from any update package that is accessible to the client (and has the update in it of course) thus you never ever specify what update package to "use".

    ADRs of course reference an update package because you have to tell it where to download the binaries to and during the deployment wizard you will prompted to select a package if any of the updates aren't downloaded yet so it knows where to download them to. But, as noted, this is only for where to download the updates to and has nothing to do with the clients "using" them because that is beyond your control.

    Thus, as you've noted and Simon reinforced, yes, just create the new update group with all but the updates that you want to exclude and deploy it. Assuming that the updates are already downloaded, you will not be prompted for a package. 


    Jason | http://blog.configmgrftw.com | @jasonsandys

    • Proposed as answer by Frank Dong Tuesday, April 26, 2016 2:09 AM
    • Marked as answer by Frank Dong Monday, May 9, 2016 10:08 AM
    Monday, April 25, 2016 6:06 PM

All replies

  • I would create a separated Software Update Group, containing only IE11. Then deploy this SUG only to those Clients which should get IE11.

    For excluding your particular Client, you could create a Static Collection and set this as a Exclude Collection on the Collection, where your IE11 SUG is deployed to.


    Simon Dettling | msitproblog.com | @SimonDettling

    Monday, April 25, 2016 5:26 PM
  • Hello Travis_83

    Using the same package to save all downloaded updates not is a good practice. I recommend you create a dedicated package for every SUG that you create and every SUG has a specific technology, not all type of updates (critical, medium, low, x86, x64, etc) for a OS. You can have an Update Baseline for all updates older than 2016 for example focused in x64 Windows 7 and another one focused in Windows 7 x86.

    Also create an ADR for 2016 Win 7 x86 and another one for Win 7 x64 updates.

    Here I show you a link where you can find the best practices managing updates in SCCM.

    https://technet.microsoft.com/en-us/library/hh692394.aspx

    Regards


    La respuesta se proporciona "TAL CUAL", sin garantías y no confiere derechos. Es recomendable probar siempre cualquier sugerencia en un entorno de prueba antes de implementar! This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

    Monday, April 25, 2016 5:39 PM
  • "then using this group and same package as was initially created"

    Using it where? You never use update packages. Update packages are containers for the update binaries only. They are not linked to or referenced by any other objects at all including update groups or update deployments. Clients will download update binaries from any update package that is accessible to the client (and has the update in it of course) thus you never ever specify what update package to "use".

    ADRs of course reference an update package because you have to tell it where to download the binaries to and during the deployment wizard you will prompted to select a package if any of the updates aren't downloaded yet so it knows where to download them to. But, as noted, this is only for where to download the updates to and has nothing to do with the clients "using" them because that is beyond your control.

    Thus, as you've noted and Simon reinforced, yes, just create the new update group with all but the updates that you want to exclude and deploy it. Assuming that the updates are already downloaded, you will not be prompted for a package. 


    Jason | http://blog.configmgrftw.com | @jasonsandys

    • Proposed as answer by Frank Dong Tuesday, April 26, 2016 2:09 AM
    • Marked as answer by Frank Dong Monday, May 9, 2016 10:08 AM
    Monday, April 25, 2016 6:06 PM