Hi Chad,
As you're using an ADR for "Security Updates" and "Critical Updates", you'd 
have to change the ADR to only select one of "Security Only" or "Security + 
Quality".  As per the links/info, doing both causes compliance issues.
As the Title is slighty different for the Windows ones vs the .Net Framework 
ones, you'd add "Title" where the search list is  -Security Only  if you want 
the "Security + Quality" to be selected.  Same as Erik, this is the way we are 
If you want the "Security only" to be selected, add "Title" where the search 
list is  -Quality Rollup    

(using the minus sign before the text means "does not contain" that text)
Using those titles should not affect the selection of all the other updates you 
want in your ADR.
From: thecodepo...@gmail.com
Date: Fri, 14 Oct 2016 10:37:45 -0700
Subject: Re: [mssms] MS Patching
To: mssms@lists.myitforum.com

Hi Chad,  We are deploying the full rollups to our infrastructure. My 
understanding is that each month will have 2 rollups on patch Tuesday. Security 
only and Security + Quality. The Security only are non-cumulative, the Security 
+ Quality are cumulative. Each third Tuesday will see a "preview" rollup with 
the quality updates in them that will be included in the next month's Security 
+ Quality rollup. (Obviously, I am only talking about the OS specific rollups 
here.) We decided to take the approach of going all in, since we have a DEV 
testing environment.  As for ADRs, we don't use them for anything "production" 
related, but I just started using them to handle downloading and distributing 
updates out to our infrastructure. This way when my patch admins build their 
monthly patching cycles, they don't have to worry about downloads and 
distribution to DPs.  One thing to consider with the rollups is, choose one or 
the other. I only have anecdotal evidence of this, but if you deploy both to 
collections, it will mess with your compliance reporting. So pick one or the 
other. In all honesty, unless you have a known reason, I don't know why you 
wouldn't deploy the full rollups. (Obviously with heavy testing...)  The blogs 
Robert listed earlier are a great primer on the new process.
On Thu, Oct 13, 2016 at 3:34 PM, Chad Beard <cbe...@artc.com.au> wrote:

Apologies if I’ve missed a previous thread.
But what is everyone’s thoughts on the new MS patching procedure and how are 
you handling it in ConfigMgr.
Currently we have an ADR setup that scans for Critical and Security’s released 
in the last 14 days.
Also wondering how people are utilising the monthly rollup patch that gets 
released and if they’re excluding it.
Chad Beard
Senior Infrastructure Support - (Data Centre)
Enterprise Services

P.  0882305155
M.  +61 434 076 370


Australian Rail Track Corporation
11 Sir Donald Bradman Drive
Keswick Terminal SA 5035
The information in this email and any attachments to it is confidential to the 
intended recipient and may be privileged. Receipt by a person other than
 the intended recipient does not waive confidentiality or privilege. Unless you 
are the intended recipient, you are not authorised to disseminate, copy, retain 
or rely on the whole or any part of this communication. If you have received 
this communication in
 error please notify ARTC on +61 8 8217 4366. While we have taken various steps 
to alert us to the presence of computer viruses we do not guarantee that this 
communication is virus free.


Reply via email to