“Security Only” updates

BatchPatch Forums Home Forums BatchPatch Support Forum “Security Only” updates

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • July 1, 2020 at 10:23 am #12395
    lhardwick
    Participant

    Hi,

    We currently use SCCM to deploy updates. I have been looking at using BatchPatch as a utility for ‘spot cleanups’ where servers have been missed, or new servers deployed with updates missing.

    All is looking good, excepts one niggle I cant get my head around.

    For .NET, we only deploy “Security Only” updates as our developers are touchy about the CUs. These updates are only available via SCCM/WSUS and the MS Update Catalog from my limited understanding.

    So, to put it simply, is there a way to get BatchPatch to deploy these updates without using SCCM/WSUS?

    Thanks!

    July 1, 2020 at 1:04 pm #12397
    doug
    Moderator

    I think you are correct that the only release channels for “Security Only” updates for .NET are the Microsoft Update Catalog and Windows Server Update Services (WSUS). SCCM gets these updates because SCCM is installed with and uses its own WSUS. To get these updates with BatchPatch you have two options.

    1. Install a WSUS to use in conjunction with BatchPatch. BatchPatch can utilize any existing WSUS *except* for a WSUS that is currently in use with SCCM. This is because SCCM basically completely takes over the WSUS, so it can no longer be used as a standard stand-alone WSUS. However, you can install a new WSUS, if desired, and you can use that with BatchPatch. The problem with this approach is that if you are already using SCCM, your computers are going to be pointed to it in group policy, and to then have your computers utilize the separate WSUS just for ‘spot cleanups’ would require you to modify the group policy (or the underlying registry values) temporarily on those computers. This probably isn’t the greatest approach.

    2. You can manually download the desired updates from the Microsoft Update Catalog, and then using the BatchPatch ‘Deployment’ feature you can easily deploy those updates to the target computers as needed. This is what I would recommend, and you can use the following two tutorials to see how it’s done:

    Remotely Deploy a Standalone .MSU Update to Multiple Computers

    Remotely Install Multiple .MSU Files (or .MSI and .MSP files) to Numerous Computers

    July 1, 2020 at 1:14 pm #12398
    lhardwick
    Participant

    I was thinking of option 1, but option 2 sounds like it might be far simpler and easier to manage.

    Thank you!

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.