Right now I have 2 patch servers. It's complicated but 1 server is for patching one subset of systems (unmanaged by the users) and group 2 is for a different subset of systems (managed by the users). Now this requires a WSUS and Patch Management server for each set of systems. This would be OK if they could be stand alone servers, but because of licensing one system has to be pointed to another system and this has been an inconvenience. So I would like to consolidate them so I no longer have to manage 2 servers. There are 2 unique differences between the groups.
1) Patches are released at different times for the 2 groups. The first group gets the patches pretty much the week after patch Tuesday. The second group of systems does not get the patches released to them until the end of the month.
2) The first group, the patches are released and the systems download the patches when they check into WSUS. The systems are members of PM maintenance window groups that run on different days. Patch Manager initiates the tasks against those systems, patches the systems, and reboots the systems.
The second groups gets the patches released to them on the end of the month. The system itself then downloads the patches and installs the patches on next scheduled time listed on the system. The user then reboots the system at the best time that works for them.
Now I guess my concern is that when I release the patches to group 1 I need to make sure no patches get released to group 2 yet. It's easy now because I just filter on unapproved updates and release them. But if the server is merged the updates will already have been approved to group 1 so I can no longer filter what patches need to be released to group 2. How do you guys handle this and do you have any recommendations on how to handle this?
Thanks.
