Pretty new to the SCCM game (looks like I have to order a book or get a course, what a beast this is).
I'm quite experienced with WSUS as we've been using it successfully since the product was launched. Just installed SCCM, and reinstalled WSUS to get it integrated with SCCM to get the SCCM client automatically deployed – which worked fine.
My questions is the same as the topic – where do I manage updates? Am I supposed to use the WSUS interface to approve/decline updates, or is this something I should do via SCCM? Do I have to create packages, maintenance windows etc etc just to install windows updates?
I'm not very found of the thought of having to manually approve every single security update that Microsoft releases, so the WSUS auto-approving of security patches has worked fine for us. Can I achieve this while still using SCCM?
Best Answer
If you're using SCCM to control WSUS, do not use the WSUS Admin Console. It's a good idea to just delete the shortcut all together. Approve updates in SUM (SCCM Console, Updates Section).
Conversely, you can have both installed and just use WSUS; you're not required to use SUM. In either case make sure you're site setup is configured correctly for whichever you choose.
SCCM's approval process is different than WSUS and the client will no longer use the WAU service to install updates; the CCM service will install the updates.
If you're a little fuzzy on how to deploy updates with SUM, Microsoft has a Guide.
And there's very in dept documentation for Software Updates in Configuration Manager.