How to Configure A Software Update Baseline in SCCM 2012

I have a remote site that has about 70 systems that have not been patched for the last 4 months due to the WSUS server going down and I am now just getting around to deploying SCCM 2012 there.

Can one of you SCCM gurus, MCCs, MVPs, someone tell me if the following method makes any sense to you, and if so, is it a good idea? By the way, I already have a software update package that I use to drop Patch Tuesday updates into every month. I would just like to know if the following strategy makes any sense:

  1. Deploy the SCCM 2012 client to these 70 systems
  2. Sync with Microsoft to grab the updates metadata
  3. Run the Software Updates Scan cycle to determine what updates on the 70 systems at the remote site are required
  4. Create a search criteria to grab updates that fall within my company's patch policy (critical and security only)
  5. Download all of these updates into a package and name it after the following convention: SUM_Baseline
  6. Create the Software Update Group and name it after the following convention: SUM_Baseline_YYYYMMDD
  7. Deploy the SUG to the 70 systems located at the remote site

How does this look to you all?

One more thing, I have a Software Update package that I already use, but it is for Patch Tuesday ONLY patches, not Baseline patches. Does it make sense to have two packages, one for Patch Tuesday updates and one for Baseline updates?

My thinking is that the Patch Tuesday package is used for systems that are up to date and do not require prior patches. The Baseline package would be for systems that are either new, or for whatever reason have not been patched for quite some time.

Also, is there anyway to be able to just find out what updates are needed on a subset of systems in the SCCM 2012 console rather than all SCCM 2012 clients? I haven't figured out how to do this, or if it is even possible. Would I create a Software Updates Configuration Baseline for this?

If I can get some good feedback here I would very much appreciate it.

Thanks everyone


Okay, I just found this article and it seemed to answer most, if not all my questions. It's quite a great article:

Managing Software Updates in Configuration Manager 2012