Simpler Windows updates than SCCM/ConfigMGR???

mike2401 used Ask the Experts™
We're looking for a simpler solution for controlling Windows updates on our 60 windows servers (some of which are Server 2016  which seem to have a mind of their own as to when they want to update themselves) .

As a new admin in my company, I'm working hard to learn lots of things but SCCM / ConfigMgr seems like a beast to learn.  

The desktop guy uses it for the win10 desktop update (400 users in 6 locations).  My boss doesn't want to use the same instance for servers because years ago, desktop updates were pushed to servers which trashed a bunch.

In my previous job, we used WSUS which seemed more manageable.

So, I'm looking for a simple solution for windows updates for servers without me needing to get a PHD in configmgr.

We're even open to 3rd party solutions if that would make it less painful.

I guess from a bandwidth perspective, downloading it once and updating from a local copy would be more efficient but since we just got a fatter internet connection, I'm even open to skipping that as a requirement if it would make it simpler.

Any thoughts would be very much appreciated.

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Sr. Systems Administrator
So you mention you used to use WSUS. Any reason you are not considering it now? It can be a little intensive for large orgs but for only 60 servers, not so much. SCCM is overkill for servers. If you are looking for third party tools, Manageengine, Solarwinds and others provide Patch Management software but if you are just looking for Windows patches on Servers, you would only be using a small part of their software.
You can use WSUS.  We use WSUS for servers and ConfigMgr for desktops.

It's worth considering Microsoft's view is to move as much as possible to SCCM and way from individual systems like WSUS. You'd be going against the trend, but there's nothing stopping you reverting back to standalone WSUS. You may struggle to find many guides on how to revert back to WSUS as it's a little out of the ordinary, but its certainly possible and a better option than using a 3rd party tool.

Alternatively, did you know you could just access the WSUS that is part of SCCM (as there is still a fully functioning WSUS server 'hidden away' in there) as SCCM uses WSUS for updates. Don't believe me? RDP onto the server assigned with the SCCM role 'Software Update Point' and you'll see the WSUS role is installed. You can even open the WSUS console as normal :-)

Note: It's not officially recommended as changes you make to WSUS directly may conflict with policies/tasks that SCCM is trying to push out so take care if you consider this an option, but it is theoretically possible.
If nothing else, it may help you transfer your experience from WSUS over to SCCm's way of doing things by being able to look at it from both views.


Thanks everyone.

Steve: on a fresh Server 2016, there's a WSUS Role (without having installed SCCM), so maybe it's just part of native windows server?

In any event, I think WSUS is a great idea and appropriate to my current skill level and available time to learn something substantially more complicated.


Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial