Chapter 10. Keeping ConfigMgr clients patched
In 1789, Benjamin Franklin wrote (among many other things) that “in this world nothing can be said to be certain, except death and taxes.” It’s been well over 200 years since that statement, so I think it could do with a little update. Let’s change that list to read “death, taxes, and patching.” True, it’s not as statesman-like as the original, but it stands up to scrutiny, I feel.
Who likes patching so much that they’re more than happy to sort it out manually? Every month. Any takers? No, I didn’t think so.
As administrators, patching—that’s downloading, deploying, and managing software updates, for the uninitiated—is just one of those things we do. All the time. And just when you’re up-to-date on all the latest patches, you know that it’s only a matter of time before the next round. So why not let ConfigMgr do the heavy lifting for you? Patching is a core component of ConfigMgr, and as you can see in figure 10.1, that’s what this chapter is all about.
Software updates in ConfigMgr are managed by a software update point (SUP), which in turn uses traditional Windows Server Update Services (WSUS), which you may already use in your production environment. In this chapter, you’ll install and configure the SUP, download updates, and deploy updates to your managed client.