SCCM 2012 Windows Monthly Updates

Question

I have got production environment. I patches monthly windows updates and scheduled updates via SCCM 2012. Updates installed successfully at scheduled time. But some users attempted to manually uninstall some updates.

Can I force users to not uninstall any monthly updates without approval ?

or Can I force sccm to reinstall, when it find any updates removal via maually or by any users ?

Thanks

Nomi

How are the users uninstalling updates? – Brett Larson Nov 09 '16 at 02:34 — Brett Larson, Nov 09 '16 at 02:34

score 0 · Answer 1 · answered Nov 09 '16 at 03:01

Regarding your question of how can I force users not to install any monthly updates - You can use the following group policy to disallow the removal of updates for both admin / non-admin users. You can hide the "View Installed Updates" page with group policy as well.

Regrading your second question of how can I force updates to re-apply if they are removed by users. You need to configure or be aware of the following moving pieces.

Re-evaulation - During the time defined in your client settings for "Schedule Deployment Re-evaluation" the endpoint will re-evaluate the missing software defined in the deployment (default is 7 days).

Installation - Under the deployment, schedule the updates to be installed outside of the maintenance window after the deadline, otherwise, installion will occur during a maintenance window.

Reboot - For the updates to finally be applied you will need a maintenance window configured in which PCs can reboot. (As long as the deployment has not supressed reboots - pictured).

SCCM 2012 Windows Monthly Updates

1 Answers1