Deploying Windows Server updates on few select Windows Server in OU in SCCM 2007 R3

Posted on 2014-10-13
Last Modified: 2014-10-30
Hi Folks,

Assuming that the existing SCCM 2007 R3 infrastructure has already been implemented,
Can anyone here please share some instructions and steps that I need to follow to safely and successfully deploy Windows Update for few selected Windows Server OS within specific OU only not all ?

Because I need to perform updates on different time frame for each OU:

Test and Development Windows Server group WIndows Update deployment and reboot maintenance period Saturday 8 AM - 1 PM only.

Production Windows Server group WIndows Update deployment and reboot maintenance period Sunday 8 AM - 8 PM only.

How and where to configure that on the SCCM Console ?

  • 3
  • 2
LVL 14

Expert Comment

by:Abduljalil Abou Alzahab
ID: 40379325
You can create collections on SCCM based on Servers OU then implement updates on the collections and regarding time of deployment you have two methods: Configure Maintenance Window on server collection or configure deployment time by group policy.

Author Comment

by:Senior IT System Engineer
ID: 40379334
Hi man,

I'd like to know what are the difference between those two ?

Configure Maintenance Window on server collection
Configure deployment time by group policy
LVL 14

Accepted Solution

Abduljalil Abou Alzahab earned 500 total points
ID: 40379341
Maintenance Window provide administrators with a way to define a period of time that limits when changes can be made on the systems that are members of a collection.
More information:

Group Policy Settings: You can Enabled and select one of the following options:

◦ Notify for download and notify for install. This option notifies a logged-on administrative user prior to the download and prior to the installation of the updates.

◦ Auto download and notify for install. This option automatically begins downloading updates and then notifies a logged-on administrative user prior to installing the updates.

◦ Auto download and schedule the install. If Automatic Updates is configured to perform a scheduled installation, you must also set the day and time for the recurring scheduled installation.

◦ Allow local admin to choose setting. With this option, the local administrators are allowed to use Automatic Updates in Control Panel to select a configuration option of their choice. For example, they can choose their own scheduled installation time. Local administrators are not allowed to disable Automatic Updates.

But even if you want to use group policy I recommend to configure Maintenance Windows to make sure that updates not installed during working hours.

Author Comment

by:Senior IT System Engineer
ID: 40391786
Thanks for the clarification Abdul.

So in this case which option should I be paying extra attention to avoid SCCM deploying updates in the wrong time frame and rebooting the server immediately ?

Author Closing Comment

by:Senior IT System Engineer
ID: 40415068

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question