How to Configure A Software Update Baseline in SCCM 2012

update patch-management sccm sccm-2012

I have a remote site that has about 70 systems that have not been patched for the last 4 months due to the WSUS server going down and I am now just getting around to deploying SCCM 2012 there.

Can one of you SCCM gurus, MCCs, MVPs, someone tell me if the following method makes any sense to you, and if so, is it a good idea? By the way, I already have a software update package that I use to drop Patch Tuesday updates into every month. I would just like to know if the following strategy makes any sense:

  1. Deploy the SCCM 2012 client to these 70 systems
  2. Sync with Microsoft to grab the updates metadata
  3. Run the Software Updates Scan cycle to determine what updates on the 70 systems at the remote site are required
  4. Create a search criteria to grab updates that fall within my company's patch policy (critical and security only)
  5. Download all of these updates into a package and name it after the following convention: SUM_Baseline
  6. Create the Software Update Group and name it after the following convention: SUM_Baseline_YYYYMMDD
  7. Deploy the SUG to the 70 systems located at the remote site

How does this look to you all?

One more thing, I have a Software Update package that I already use, but it is for Patch Tuesday ONLY patches, not Baseline patches. Does it make sense to have two packages, one for Patch Tuesday updates and one for Baseline updates?

My thinking is that the Patch Tuesday package is used for systems that are up to date and do not require prior patches. The Baseline package would be for systems that are either new, or for whatever reason have not been patched for quite some time.

Also, is there anyway to be able to just find out what updates are needed on a subset of systems in the SCCM 2012 console rather than all SCCM 2012 clients? I haven't figured out how to do this, or if it is even possible. Would I create a Software Updates Configuration Baseline for this?

If I can get some good feedback here I would very much appreciate it.

Thanks everyone


Okay, I just found this article and it seemed to answer most, if not all my questions. It's quite a great article:

Managing Software Updates in Configuration Manager 2012

Related

BITS policies to limit bandwitdth usage is not taking effect
How to detect virtual machines freezes
vSphere/ESX How to log migration event to guest Windows OS
Load balancing network traffic using iptables
Which kjournald process belongs to which filesystem?
Batch script is not getting executed when called by Start-Process Cmdlet
Why does a SPN on a different host cause a server to lose its trust? How should I fix it?
Windows 7 login issues
Is Exchange 2010 compliant with RFC 3848
PuppetDB: unable to get local issuer certificate
request failed: error reading the headers
Differences between HP and EMC SAN