Deploying Windows Server updates on few select Windows Server in OU in SCCM 2007 R3

Posted on 2014-10-13
Last Modified: 2014-10-30
Hi Folks,

Assuming that the existing SCCM 2007 R3 infrastructure has already been implemented,
Can anyone here please share some instructions and steps that I need to follow to safely and successfully deploy Windows Update for few selected Windows Server OS within specific OU only not all ?

Because I need to perform updates on different time frame for each OU:

Test and Development Windows Server group WIndows Update deployment and reboot maintenance period Saturday 8 AM - 1 PM only.

Production Windows Server group WIndows Update deployment and reboot maintenance period Sunday 8 AM - 8 PM only.

How and where to configure that on the SCCM Console ?

Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 14

Expert Comment

by:Abduljalil Abou Alzahab
ID: 40379325
You can create collections on SCCM based on Servers OU then implement updates on the collections and regarding time of deployment you have two methods: Configure Maintenance Window on server collection or configure deployment time by group policy.

Author Comment

by:Senior IT System Engineer
ID: 40379334
Hi man,

I'd like to know what are the difference between those two ?

Configure Maintenance Window on server collection
Configure deployment time by group policy
LVL 14

Accepted Solution

Abduljalil Abou Alzahab earned 500 total points
ID: 40379341
Maintenance Window provide administrators with a way to define a period of time that limits when changes can be made on the systems that are members of a collection.
More information:

Group Policy Settings: You can Enabled and select one of the following options:

◦ Notify for download and notify for install. This option notifies a logged-on administrative user prior to the download and prior to the installation of the updates.

◦ Auto download and notify for install. This option automatically begins downloading updates and then notifies a logged-on administrative user prior to installing the updates.

◦ Auto download and schedule the install. If Automatic Updates is configured to perform a scheduled installation, you must also set the day and time for the recurring scheduled installation.

◦ Allow local admin to choose setting. With this option, the local administrators are allowed to use Automatic Updates in Control Panel to select a configuration option of their choice. For example, they can choose their own scheduled installation time. Local administrators are not allowed to disable Automatic Updates.

But even if you want to use group policy I recommend to configure Maintenance Windows to make sure that updates not installed during working hours.

Author Comment

by:Senior IT System Engineer
ID: 40391786
Thanks for the clarification Abdul.

So in this case which option should I be paying extra attention to avoid SCCM deploying updates in the wrong time frame and rebooting the server immediately ?

Author Closing Comment

by:Senior IT System Engineer
ID: 40415068

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question