It really comes down to how often the ADR's evaluate, we actually have a specific point about this question documented here can you let me know if this helps https://patchmypc.com/how-to-use-automatic-deployment-rules-adrs-with-patch-my-pc#topic7
Quote from: Rustee12 on November 04, 2020, 06:12:53 AM
Hi - we're currently demo'ing PatchMyPC and loving it so far, I can see so much time savings with this product!
I've run into a scenario that I'm wondering how best to approach it - today we are synching just a couple of products from the catalog to MECM as we demo the product. We have one SUG created for our PatchMyPC products and have an ADR that was set to run daily. Last night a new version of Adobe Acrobat Reader DC hit the SUG, and our pilot deploys received the updated Reader due to the deployments being active. In theory this is exactly what one would want - new product hits, syncs, deploys and worked as expected since my ADR was set to run daily for PatchMyPC products.
Where the thinking begins is - for our environment we have a 'stage 1/2/3' that we follow for all deploy over a couple of weeks and is a tried and highly successful method that our CRB is on board with. If we maintain 1 SUG, with our deploys already set, I seemingly lose my ability to leverage my various stages? Even if I modify the ADR to only run night of patch Tuesday/morning following I can still have the updates hitting and bypassing our validation.
I'm thinking I am going to need to create a new SUG monthly? Is this right?
Future me is going to be working with my CRB to try and sway them to the side of 'patching is routine, products x, y, z will just auto patch', my only question on that will be the scheduling of deploys on the SUG, since if I get into this routine and 1 SUG, it will still bypass our validation.
Wondering if anybody has any ideas of how to approach this?