![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 61%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Microsoft Configuration Manager
An integrated solution for for managing large groups of personal computers and servers.
4,442 questions
Several years ago; when there was a almost-global "storm" that affected multiple customers, many MVPs and other experts in CM kind of quickly banded together and made multiple methods for preventative maintenance. Some of this is repeated, some of this might be old now: but start here:
https://www.deploymentresearch.com/fixing-wsus-when-the-best-defense-is-a-good-offense/
What we use internally are multiple things; I'm not going to claim it's the absolutely perfect and right thing to do; but just saying this is what we've ended up with:
https://tcsmug.org/blogs/sherry-kissinger/512-wsus-administration-wsuspool-web-config-settings-enforcement-via-configuration-items
https://tcsmug.org/blogs/jeff-carreon/513-what-s-sup
But, please read the original at deploymentresearch.com; do your own evaluation of what might be best for your environment.
