Excluding unwanted updates from ADR

In a previous post I wrote about how to uninstall (or “Approved for Removal” in WSUS terms). But how do we exclude updates from appearing in our Software Update Groups (SUG) created by out Automatic Deployment Rules (ADR)?

Before you’re asking, of course I’m using ADR’s for patching the whole environment! Everyone should!

Problem

A week after we deleted KB123456 from our deployment it reappeared. Since we know that this is a production breaking update we do not want it to appear in our update deployments.

Solution

To understand how to solve this we first need to understand how ADR works. I won’t go into detail about the mechanics and logs related to ADR, but the key fact that needs to be known here is:

Each time an ADR runs it completely regenerates the SUG associated with the ADR. Continue reading →

Managing production breaking updates in SCCM 2012

If you’re managing updates through SCCM 2012 with the help of Automatic Deployment Rules (ADR). Why wouldn’t you? I mean, what could possibly go wrong? There’s no need for pre-prod testing!

It’s a couple of days past patch tuesday, the new patches are deployed and installed. This is when you get the dreadful call about how a production application broke over night. Ooops?

Problem

Patch KB123456 has been installed into the production environment and it broke core functionality.

Solution

This is resovled by creating a package with an uninstall program which is deployed to the collection with the affected devices.

1. The Collection

Navigate into the Asset and Compliance workspace and create a new Device Collection.

Continue reading →