Hi,
We want to deploy automatically Windows updates in our enviromnent in a controlled matter.
Therefore we are looking at automated deployment rules. We could use Powershell to create update groups in automated way but why not use built in ADR(?)
It's no ideal, f.e. you cannot deploy one (deployment rule) set of updates to multiple groups. An automatic deployment rule looks for a certain set of f.e. last month (whereas we would like have had month -1) and deploys it to 1 collection (and 1 only).
We came up with this idea:
The idea is that once a patch would cause issues, we could disable the automatic update rule(s) and remove the patches with issues
Concerns:
----------
-isn't there a way to have the patches of month -1?
-as you can see, the evaluation schedule runs every 3 months at the same time (in order to have exactly the same updates), that won't cause any problems, right?
-if there is an issue with a patch:
*the timeframe could mess up things
*we need to remove the patch from every deployment group manually
So not ideal situation for now. Please advise. Any feedback welcome!
J.
Note: run = 2nd Wednesday of month (after patch Tuesday)
Jan Hoedt