Auerbach software deployment updating and patching dec 2016 Sixygirl
Subsequent groups should be broken up by individual year 2011, 2012, etc. Tell application owners it’s their responsibility to install and reboot their servers.Keep update groups under 1000 updates or you will have problems. Clarify that “No Reboot = Not patched” in most cases! At the same time try to identify those servers that can be patched and rebooted automatically without having an impact on your user base.I had a real eye opener at a conference recently that made me sort of "un-learn" a lot of notions that had been drilled into my brain based on three separate SCCM 2012 books.I thought I'd share some of that here so (hopefully) others won't have to struggle with repeated "trial and error" attempts to roll out a solid SCCM 2012-based software updates strategy: Don't split updates up by product name! The client agent on the local machine will determines product categories automatically and only downloads the updates that are needed!The worst part is all the books you buy are very confusing and (quite frankly) they tend to make recommendations that are flat wrong.Maybe they are focusing on theory rather than practicality but I'm just amazed at how badly so many books written by so-called "experts" managed to steer me off course with regards to this key feature in SCCM.
During this summer of sizzling heatwaves throughout the Northern Hemisphere, activity on the security front could get even hotter with new wormable vulnerabilities reported in Microsoft remote desktop services.Use automatic update groups for monthly and daily updates only!When you create the packages for your update groups make sure to name them by year as well.This is done in the SCCM console under “Monitoring - Deployments”.The compliance column there is your exact compliance figure for the collection you are targeting (as opposed to the compliance column in the software update groups view which is for ALL SYSTEMS).