Patching
Question
Team,
Client A – It has April month patch deployed and installed as per ADR SUG.
April month patch got superseded during May.
We setup ADR to use “Existing SUG”
Once ADR evaluated for may month and deployed it.
Will the April month patch installed on client A get overwritten with superseded patch or superseded patch also gets installed with it ?
We can clean up WSUS in 3 ways
1.using wsus cleanup wizard
2.using powershell script
3.using the wsus maintenance tab in SUP which was added from 1906 version.
is my understanding right ?
In which scenario we will go with import updates option from wsus ?
I am aware that we will go with hotfixes since it will not sync in wsus.
Apart from this do we have any other scenario ?
Can i get some learning about “Emergency updates”
Will emergency updates gets synced in wsus.
Answers ( 5 )
How about .net framework and Adobe – will those get replaced in client if it’s superseded.
So in the client machine also it gets replaced and we will not see old cu. Am I right ?
– Any new patch such as monthly CUs that have supersedence will take precedence and install depending on how you setup your deployments.
What gets overwritten or installed alongside is all dependent on the CU update itself. Generally they are rolled over with new improvements or removed to fix a previous issue.
Hi Harjit,
I am not getting the above message. You mean that all Cumulative updates will get overwritten if its superseded ?
Yes! Cummulative Updates (CU) are a collection of a bunch of updates. Think of it as a package containing many many updates. If you recall back in the Windows XP and Windows 7 days, when you checked for updates, you would often see 30 to 40 updates and sometimes less and sometimes more. In order to streamline and improve the performance of updates, Microsoft has gone to the CU model.
So, a current CU could have 50 individual updates within, as an example. Next CU could have the same individual updates but improved to fix things, or could have more or could have less. That’s just something you don’t need to wreck your brain on. Just think that next month’s CU will superseed this month’s and so on.
Let me try to answer some of your questions:
We setup ADR to use “Existing SUG”
-The best practice is to use a new SUG each month for updates and not an existing one. Your deployments will be skewed and your compliance will always be off. The only one you should use an existing SUG is for definitions like Endpoint Protection.
Once ADR evaluated for may month and deployed it.
Will the April month patch installed on client A get overwritten with superseded patch or superseded patch also gets installed with it ?
– Any new patch such as monthly CUs that have supersedence will take precedence and install depending on how you setup your deployments. What gets overwritten or installed alongside is all dependent on the CU update itself. Generally they are rolled over with new improvements or removed to fix a previous issue.
We can clean up WSUS in 3 ways
1.using wsus cleanup wizard
2.using powershell script
3.using the wsus maintenance tab in SUP which was added from 1906 version.
is my understanding right ?
– Yes, plus you need to run some queries to cleanup your SUSDB and do re-indexing.
In which scenario we will go with import updates option from wsus ?
– You don’t do this. You should never muck with WSUS directly when you are using SCCM for patching. Any updates that should be needed will be provided in SCCM SUP.
I am aware that we will go with hotfixes since it will not sync in wsus.
– Not sure what you mean here. Again, hotfix updates are rare these days as a new OOB patch is generally provided.
Apart from this do we have any other scenario ?
Can i get some learning about “Emergency updates”
Will emergency updates gets synced in wsus.