Hi Chad, As you're using an ADR for "Security Updates" and "Critical Updates", you'd have to change the ADR to only select one of "Security Only" or "Security + Quality". As per the links/info, doing both causes compliance issues. As the Title is slighty different for the Windows ones vs the .Net Framework ones, you'd add "Title" where the search list is -Security Only if you want the "Security + Quality" to be selected. Same as Erik, this is the way we are going. If you want the "Security only" to be selected, add "Title" where the search list is -Quality Rollup
(using the minus sign before the text means "does not contain" that text) Using those titles should not affect the selection of all the other updates you want in your ADR. Shane From: thecodepo...@gmail.com Date: Fri, 14 Oct 2016 10:37:45 -0700 Subject: Re: [mssms] MS Patching To: firstname.lastname@example.org Hi Chad, We are deploying the full rollups to our infrastructure. My understanding is that each month will have 2 rollups on patch Tuesday. Security only and Security + Quality. The Security only are non-cumulative, the Security + Quality are cumulative. Each third Tuesday will see a "preview" rollup with the quality updates in them that will be included in the next month's Security + Quality rollup. (Obviously, I am only talking about the OS specific rollups here.) We decided to take the approach of going all in, since we have a DEV testing environment. As for ADRs, we don't use them for anything "production" related, but I just started using them to handle downloading and distributing updates out to our infrastructure. This way when my patch admins build their monthly patching cycles, they don't have to worry about downloads and distribution to DPs. One thing to consider with the rollups is, choose one or the other. I only have anecdotal evidence of this, but if you deploy both to collections, it will mess with your compliance reporting. So pick one or the other. In all honesty, unless you have a known reason, I don't know why you wouldn't deploy the full rollups. (Obviously with heavy testing...) The blogs Robert listed earlier are a great primer on the new process. -Erik On Thu, Oct 13, 2016 at 3:34 PM, Chad Beard <cbe...@artc.com.au> wrote: Apologies if I’ve missed a previous thread. But what is everyone’s thoughts on the new MS patching procedure and how are you handling it in ConfigMgr. Currently we have an ADR setup that scans for Critical and Security’s released in the last 14 days. Also wondering how people are utilising the monthly rollup patch that gets released and if they’re excluding it. Chad Beard Senior Infrastructure Support - (Data Centre) Enterprise Services P. 0882305155 M. +61 434 076 370 E. cbe...@artc.com.au Australian Rail Track Corporation 11 Sir Donald Bradman Drive Keswick Terminal SA 5035 artc.com.au The information in this email and any attachments to it is confidential to the intended recipient and may be privileged. Receipt by a person other than the intended recipient does not waive confidentiality or privilege. Unless you are the intended recipient, you are not authorised to disseminate, copy, retain or rely on the whole or any part of this communication. If you have received this communication in error please notify ARTC on +61 8 8217 4366. While we have taken various steps to alert us to the presence of computer viruses we do not guarantee that this communication is virus free.