Installing updates for critical servers
Hello!
I am in the middle of configuration auto-updates with SCCM. I have a bunch of critical servers, which could not be scheduled for autoupdates because each downtime window must be approved before. First I wanted to create collection for them without any maintenance
windows, depoy updates to this collection and manually install updates in approved window. However, later I discovered, that updates can be installed any time at non-business hours if no maintenance windows specified. I have some ideas how to resolve that,
but need help to configure SCCM this way:
1) Completely prohibit updates installation for collection (Is it possible to do this on server side only?)
2) Update critical servers withouts SCCM. (Can I update these servers from WSUS or SCCM without CM client and SCCM collection's membership, or I need another WSUS to achieve this?)
September 14th, 2015 6:34am
Hi,
1. you can deploy a custom setting to this collection that turns off the Software Updaet client in SCCM, note that the servers will contact MS update if not GPO's are configured correctly instead.
2. No, you need another WSUS.
Regards,
Jrgen
September 14th, 2015 6:39am
Will it work if I assign to collection non-recurring maintenance window with time in the past?
September 14th, 2015 9:04am
Is your goal to prevent admins from manually installing the updates outside of the maintenance window? If so, then no, manual activity is not subject to maintenance windows.
September 14th, 2015 10:33am
Actually vice versa. I want to prevent any activity of Configuration Manager autoupdating for the collection of servers, and simultaneously give admins right to install updates (which SCCM will have in deployment for this collection, but will not install)
manually.
September 14th, 2015 4:10pm
Then simply deploy them without a deadline. No maintenance window needed.
September 14th, 2015 5:24pm
But without maintenance windows updates are deployed during non-business hours at any time, while I need to prevent any automatic installations and use SCCM only for updates approval.
September 15th, 2015 3:21am