Is using WSUS alone sufficient for an organization's patch management, or is it more beneficial to integrate SCCM with WSUS for a comprehensive solution?
Asked
Active
Viewed 31 times
0
-
3No, WSUS alone is not sufficient. It may be sufficient for many scenarios of patching Microsoft products. You also need to have a solution for measuring what is missing, and typically that gap is addressed by the Config Mgmt solution. SCCM is one, there are other solutions that are more capable. – Greg Askew Aug 27 '23 at 14:09
1 Answers
0
WSUS is used to patch Windows servers and machines. For this task alone, yes it is sufficent.
However, SCCM does a lot more, it is primarily used to install software and keep them up to date. So they server different purposes.
Some examples: WSUS patches the Windows OS AND some Microsoft products. However, if you wanted to install Adobe Reader on all machines in the fleet, WSUS won't help you; for this you would need SCCM. Essentially if you want to patch/maintain any other software on machines other than Windows OS patches, you should go with SCCM. If you are new to all of this I'd recommend just WSUS to get you started, then move onto SCCM when you've learnt more.
Source: 20 years as IT admin/architect for large Enterprise companies with over 5000 users.
Mucker
- 382
- 2
- 10