We are implementing SCCM for the first time using 2012SP1. At this stage we are ready to begin deploying software updates using the provided "Patch Tuesday" template and and Auto Deployment Rule creating new monthly Software Update groups as described in most best practices documentation I can find.
My main unanswered question at this point is if we should be creating separate Software Update Groups / Deployments based on OS/Architecture or not? I have read some suggestions that the client will only download appropriate updates/hotfixes from a deployment package based on the os/arch which would suggest that a single sug/deployment for win7 32 and 64 (for example) might be the way to go. On the other hand, I'd be willing to create separate deployments if it improved performance in some way.
What is everyone else here doing?
-Single adr/sug/deployment for all "security" patches? ie one mega security
-Single adr/sug/deployment for all individual os security patches? ie separate for win7, win 2008, win 2012, etc?
-Single adr/sug/deployment for all individual os architecture security patches? ie separate for win 7 32, win 7 64, etc?
Thanks for any advice.