Removing unneeded software updates from SCCM

Happy Friday everyone,  I can’t take any credit at all for this one but someone (much better at Powershell than me) has wrote this amazing script on removing updates that are not deployed or not required on any machines but are still in a deployment package. This is been something I’ve needed for a long time to save disk space on DP’s.

See link below.

http://www.scconfigmgr.com/2017/08/17/clean-software-update-packages-in-configmgr-with-powershell

Critical Update Confusion

Happy Wednesday, (Well as happy as an Wednesday can be I guess…) I was prompted by a user that their machine was behind on updates as were many others as they tried updating from the web and got lots of updates.  I did some checking and all the updates looked to be fairly recent within the last month but were listed as Critical level updates.  This confused me as I have critical level updates deploying more often than once a month to not get behind on security vulnerabilities as Microsoft patches them.  After some research I realized there is a difference between Critical level severity and Critical level update classifications.  Microsoft defines Critical Updates as “A widely released fix for a specific problem that addresses a critical, non-security-related bug.”  So just because it’s in the critical classification it may have an severity level of critical.  So if your like me and push out critical severity security updates more often than your other updates don’t start thinking SCCM isn’t working since you got confused between Update classifications and Severity levels.  Found my answer on the technet forums as someone else was confused like I was.  Happy Updating.

Technet Forum post referenced https://social.technet.microsoft.com/Forums/en-US/e55aa1bc-648e-480d-91eb-828ca5b52f73/critical-updates-with-none-as-a-severity-do-not-get-pushed?forum=configmanagersecurity