Running a similar set up to John. I like the sound of that default patching rule though. Nice!
On Wed, Jan 6, 2016 at 3:07 PM, Marcum, John <[email protected]> wrote: > I do something very similar but I have it down to 4 sets of server MW > collections and I use AD groups to define the collections. The server > admins are responsible for putting each server in a group. If they fail to > do so then the server is patched using a “default” patching rule that > basically patches and reboots it. J > > > * ------------------------------ * > > * John Marcum* > > MCITP, MCTS, MCSA > * Desktop Architect* > > * Bradley Arant Boult Cummings LLP* > * ------------------------------ * > > > > [image: H_Logo] > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Mote, Todd > *Sent:* Wednesday, January 6, 2016 8:45 AM > > *To:* [email protected] > *Subject:* RE: [mssms] Patching servers with SCCM > > > > We’ve been patching about 400 servers for a number of years that range > from domain controllers to exchange, SQL, and everything in between. The > TL;DR is “Maintenance Windows are your friend.” > > > > We have about 100 collections that are nothing more than maintenance > window collections that servers get put in. I don’t admin all of them so > the local admin lets us know what window they want and the server goes into > that collection. Nothing is deployed to these collections, they only apply > MW’s. > > > > We have separate collections where things get advertised to, like Software > Updates. Each deployment has its own settings about whether to ignore or > respect maintenance windows. Every deployment is always set to be > available as soon as possible and deadline as soon as possible if it’s set > to respect maintenance windows. Then, at the MW time, it patches and > reboots. > > > > Our exchange 2010 environment is about 30 servers, CAS’s start patching on > Thursday mornings and the mailboxes patch on Sunday mornings, the rest are > scattered around between them and their windows don’t overlap. Domain > controllers patch one a night over a week. If servers have clusters or > some failover requirement we work with the server admin to set up automated > processes to occur 10 minutes before the window begins to move resources > from node to node to facilitate patching. We do this for failover clusters > and FSMO roles on DC’s. > > > > If you have services that are resilient, and Microsoft doesn’t break > anything with bad patches, patching servers is pretty easy, not much > different than clients, to be honest. In fact, if you give clients > maintenance windows too it works out great, everybody knows when their > computers will reboot, but that’s another discussion. > > > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Duncan McAlynn > *Sent:* Wednesday, January 6, 2016 3:46 AM > *To:* [email protected] > *Subject:* RE: [mssms] Patching servers with SCCM > > > > I have just a little experience in this… ;-) > > > > Honestly, I would strongly recommend taking a look at Infront’s OPAS > solution that can make this almost a no-brainer. It really does help remove > all the pain points you’ve talked about addressing. You can learn more at: > http://www.infrontconsulting.com/opas > > > > > > > > [image: cid:[email protected]] > > * Duncan McAlynn*, Sr. Solutions Specialist, Americas > *HEAT **Software * > > M: +1.512.391.9111 | [email protected] > HEAT Software <http://www.heatsoftware.com/> | 490 N McCarthy Blvd. > Suite 100 | Milpitas, CA 95035 > > > > Ask me > <[email protected]?subject=Why%20are%20you%20THE%20leader%20in%203rd%20party%20patching%20for%20Microsoft%20System%20Center?> > why we’re *THE* leader in 3rd party patch management for System Center > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Russ > *Sent:* Tuesday, January 05, 2016 5:00 PM > *To:* mssms > *Subject:* [mssms] Patching servers with SCCM > > > > We've been patching our servers with WSUS up until this point, but we'd > like to move over to SCCM. I wanted to get an idea on how people are > handling their 2 and 3 tier applications? Currently we have a number of > different windows to patch the SQL servers, then app tier, then web tier or > whatever. But what I am hoping is to make things a bit more well defined > (and to start building collections for various applications and that sort > of thing.) > > > > Do you suppress reboots on servers, and then send out a script for > rebooting? Do you make maintenance schedules which would cause reboots in > certain order? Do you patch or reboot manually? What sorts of > methodologies do you deploy? > > > > It would be nice to put a process and methodology in place so that it's > not reinventing the wheel for every individual group of servers. > > > > We don't currently have SCCM in place for servers, so that's all new as > well. So we sort of have a unique opportunity to start fresh. > > > > Would appreciate any feedback or ideas you have give me. > > > > Thanks, Russ > > > > > > > ------------------------------ > > > Confidentiality Notice: This e-mail is from a law firm and may be > protected by the attorney-client or work product privileges. If you have > received this message in error, please notify the sender by replying to > this e-mail and then delete it from your computer. > >
