May 23 2019 10:55 AM
Hi, I wanted to know what is the schedule that you guys use for the Software update evaluation cycle and more importantly why?
We currently do it everyday, but are looking to change that, to make sure that we can patch anything right after patch Tuesday and to check if the the servicing stack updates have been installed (when they're not technically a pre-requisite for the cumulative updates)
Thks
May 23 2019 12:43 PM
Hi Stephane. On the surface, a deceptively simple question, but there's much more "behind the curtain" when it comes to patch updating, cycles, delivery, etc.
As you've tagged this with SCCM I'm assuming you're looking for advice on patching at scale. Not sure if I'm allowed to include this, and if not a moderator will flag, but I highly recommend joining the following patch management listserv:
http://www.patchmanagement.org/default.html
imho, one of the best patch in existence -- Susan Bradley and team do a great job moderating, contributors run the gamut from managing hundreds of endpoints to 10's of thousands, and compared to other lists, very helpful and non-egotistical group of folks.
It can be a little noisy at times, especially Patch Tuesday weeks, but well worth your time to review.
Disclaimer -- I have no personal, business or financial interests in patchmanagement.org -- group has been helpful to me and just paying it forward. Hope this helps.
--ty don
Hope this helps -- don
May 24 2019 07:08 PM
SolutionIMO, the best schedule here is the default of every 7 days. Here's an older blog post I put together with a lot of info on the scan cycle: https://home.configmgrftw.com/notes-software-update-scan-cycle/. The main point is that the scan cycle doesn't do what you think it does; basically, the scheduled software update scan cycle is *not* critical to deploying updates in ConfigMgr. The scheduled update scan cycle is simply about returning compliance info to the site for updates that are not deployed.
The installation of deployed updates occurs regardless of the scheduled update scan cycle. Thus, having this scan cycle run every day is simply wasted resources; e.g., network, compute, etc.
May 24 2019 07:08 PM
SolutionIMO, the best schedule here is the default of every 7 days. Here's an older blog post I put together with a lot of info on the scan cycle: https://home.configmgrftw.com/notes-software-update-scan-cycle/. The main point is that the scan cycle doesn't do what you think it does; basically, the scheduled software update scan cycle is *not* critical to deploying updates in ConfigMgr. The scheduled update scan cycle is simply about returning compliance info to the site for updates that are not deployed.
The installation of deployed updates occurs regardless of the scheduled update scan cycle. Thus, having this scan cycle run every day is simply wasted resources; e.g., network, compute, etc.