Hello,
Sorry if this was already asked but I could not find it. When people deploy updates are they just deploying all updates to all workstations? I have created collections for the most widely used applications but it will get very tedious creating collections for the applications that are only on 5-20 machines. Please let me know what other people are doing for this.
-Judical
Hey Judical,
Are you currently using ADR's to deploy those updates? If not, then that may help you here! We do have a very good doc on our website here that explains how to setup ADR's (Automatic Deployment Rules) to deploy out third party updates - https://patchmypc.com/how-to-use-automatic-deployment-rules-adrs-with-patch-my-pc
If that's not what you're looking for then I can see what other suggestions we can offer here, but hopefully that helps you! :)
Best,
Spencer-PMPC
Yes, I use ADRs. They are setup for our most used applications, my concern is just all of the rest. Should I just deploy them out to all machines or create collections for each program?
You can deploy them out to all machine as the updates include Applicability rules along with them much like Microsoft Updates. This checks the clients to make sure that the base applications are installed first and that the version of the application is lesser/older than what is trying to be installed. This means that only clients with that application installed will receive those specific updates.
So in short, yes you can deploy all updates out to all workstations and only the clients with the app installed will receive that update! Here is a link explaining those Rules and how to view the Applicability rules for those updates - https://patchmypc.com/how-to-view-applicability-rules-and-troubleshoot-detection-states-for-third-party-updates
Only issue I can see with doing it this way is that your reports will show a lot of "Not Applicable" reports back from clients that don't have the base app installed, otherwise this would work nicely!
Thank you for the response. I just wasn't sure if putting 150 updates in to 1 update group and pushing them out to all workstations would cause issues. It will definitely be more work to find out which updates are failing with a group so large but I'll give it a go after patch Tuesday.
Happy to help! It may take longer to scan against all those updates per machine if they are in one group but this is a good option for you. Again, you can use ADR's to just pull in those specific applications then setup Device Collections to pull in the clients that have specific applications on them using a Query similar to this one here: http://allthesystems.com/2020/09/create-an-sccm-collection-based-on-software-installed/
It's more setup in the beginning but should help you automate the process and make scanning against those SUG's less stressful on the system! :)