Multiple SUPs per Site with cross-forest SUP supportSource top level SUP off of internal WSUS serversOptional client content download from WindowsUpdateWindows Embedded support3X delivery of definitions through software updates
• WSUS 3.0 SP2 WSUS-KB2720211 WSUS-KB2734608• You are allowed to put your WSUS db on the same SQL boxas where your CM db lives.• Use a custom Web site during WSUS 3.0 installation• Installing SP1 will reset custom ports to 80/433• Store Updates locally = License agreement
• Add multiple SUP’s per site (8 per Site)• You can add SUP’s cross-forest• NLB no longer required (but still supported through the SDKor PowerShell)• Clients will automatically fail over to additional SUPs in thesame forest if scan fails (same mechanism as MP)
Optional client content from WU/MU• Support for using Windows Update / Microsoft Update as anupdate content source for clients• Local content sources (distribution points) are still prioritized
• Architectural changes to improve SUP synch and client scansto support delivering Endpoint Protection definition updates3X per day (delta synchs and category scans)• Simplified out of box templates for : Endpoint Protection Auto Deployment Patch Tuesday
Publisher can expire orsupersede softwareupdatesConfigMgr 2007 didautomatically expiressuperseded updatesIn CM12, you controlsupersedence behavior
Keep your SUG’s LimitedKeep them under 1000 UpdatesDon’t split up productsKeep your SDP’s tightEnable delta replicationHigh priority for SDP’sMultiple deployments of the same SUGDetail view thru reporting
• Don’t split up SUG into products.• Split up per year and then per month !• Stay under 1000 updates per SUG
• Don’t split up all SDP per month.• Split up per year and save all updates in that SDP !• Enable “delta updates” for Distribution points• Do the work once, also for yearly maintenance.
• Pre-Production / Production• Create Templates• Set Required for workstations• Set your Alerting Target not too high !• Set Available for servers unless you work with workflowcontrol (SCORCH)• No Reboot = Not patched in most cases.
• Split up per year and then per month !• Split up deployments per collection as you want to knowcompliance per Month/Collection• What you see isn’t always what you get ! Look at yourdeployment rates. (monitoring pane)• Reporting is quite powerful.
Log Types of issuesSUPsetup.log Installation of SUP Site RoleWCM.log, WSUSCtrl.log Configuration of WSUS Server/SUPWSyncMgr.log SMS/WSUS Updates Synchronization IssuesObjreplmgr.log Policy Issues for Update Assignments/CI VersionInfo policiesRuleEngine.log Auto Deployment Rules