Hi,
I just has a question about how people are configuring their software update deployments.
How ours are configured is that we have them split up by year and OS.
So for Windows 7 we have the following groups.
-Microsoft Windows 7 Critical and Security Updates in 2012 and older
-Microsoft Windows 7 Critical and Security Updates in 2013
-Microsoft Windows 7 Critical and Security Updates in 2014
-Microsoft Windows 7 Critical and Security Updates in 2015
-Microsoft Windows 7 Critical and Security Updates in 2016
We then have an ADR that checks each month for new updates. All of the above software update groups are deployed to our Workstation updates collection, as well as the SUG created by the ADR.
My question is, would you recommend removing the deployments for the 2012, 2013,.... SUGs once the workstations are compliant and just leave the 2016 deployment? The reason I leave all of the deployments is that if a workstation is missing some old patches for some reason it would get them automatically, are there any performance impacts to leaving all of these patches deployed.
Thanks,
Travis