This product doesn’t have a granular scheduler to deploy update. SCCM has a system role called Software Update Point (SUP). When it is set, SCCM can manage updates catalog and binaries to make updates packages.
Such as WSUS, packages can be created regarding to classification, products, languages of the update (this is not an exhaustive list).
It does not suit us, so we specify that the computers are to be distributed into groups using the client side targeting (group policies or registry parameters).
To do this, in the WSUS console click Options and open Computers.
After the updates are installed, the PCs are restarted automatically (having notified the user in 5 minutes). To let the computers in the company have all available patches installed, both policies can be configured so that the update service (wuauserv) is forced to start on the client.
To do it, under Computer Configuration -The next step is to assign the created policies to the corresponding Active Directory containers (OU).
Change the value to Use Group Policy or registry settings on computers. Open the Group Policy Management console and create two new group policies: Server WSUSPolicy and Workstation WSUSPolicy.
Let’s start with the description of the server policy Server WSUSPolicy.
However, updates computer equipment is a necessity for security.
In our example OU structure is extremely simple: there are two containers – Servers (it contains all servers of the company, as well as domain controllers) and WKS (Workstations – user computers). We consider only a fairly simple option of binding the WSUS policies to clients.
In real world, it is possible to bind a single WSUS policy to all domain computers (a GPO is assigned to the domain root), distribute different computers between different OUs (like in our example), in distributed networks it’s worth to bind different WSUS servers to the AD sites, or to assign a GPO based on the WMI filters, or even combine these methods.
In one of the previous articles we have described the installation of a WSUS server on Windows Server 2012 in detail.
The next step – configure Windows clients to use a deployed WSUS server.