3

If any one can explain to me the difference between sccm, wsus, gpo, sce "system center essential", in sw and patch deployment.

Thanks

Massimo
  • 68,714
  • 56
  • 196
  • 319
Eddy
  • 257
  • 3
  • 10
  • 22

2 Answers2

2

With GPOs you can only do basic software distribution tasks (i.e. automatically install some software), and you don't have much control on this process.

With WSUS you can do all of your patch management, but it's not a full-featured desktop management solution.

SCCM is exactly this: you can manage almost everything on your network using it.

System Center Essentials is a reduced bundle of SCCM and SCOM, tailored to small- and medium-sized companies.

You can find a product comparison between SCCM, SCOM and SCE here.

Massimo
  • 68,714
  • 56
  • 196
  • 319
  • thanks, can you tell me what is the limitation of GPO ? – Eddy Feb 16 '10 at 16:32
  • You can only deploy .MSI packages, you have no control on when the installation will happen, you can't handle dependencies, you can't check if an application is already installed, GPOs must be linked to specific Active Directory OUs, there is no centralized reporting... and probably many else. – Massimo Feb 16 '10 at 18:46
1

WSUS is the Microsoft's basic offering for enterprise OS and Microsoft application patching. It is capable of connecting to Microsoft's update catalogue, has a small amount of configuration around scheduling rollouts by groups etc, and limited reporting details on patch deployment.

SCCM (System Centre Config Manager) is the replacement for SMS, it has SCUP (System Centre Updates Publisher) as one of it's components. This builds on top of the WSUS infrastructure and components and gives you massively more configuration and reporting, as well as having the ability to connect to other vendors' update catalogues (Adobe, Dell, HP, etc) and also deploy your own custom patches for any apps. In addition to patching, SCCM also retains all the software packaging, and deployment, OS deployment, etc of SMS.

GPOs (Group Policies) can be used for software deployment, but doesn't have any special patch-specific functions, and has very limited info/reporting on deployments

SCE (System Centre Essentials) is a cut-down SCCM for smaller businesses that shares much of the functionality of it's big brother.

GAThrawn
  • 2,424
  • 3
  • 20
  • 38
  • what do you mean "special patch-specific functions" ? – Eddy Feb 16 '10 at 16:32
  • For patch installation, you can either do a 'dumb' this is an installer, send it to the PC and run it; or a proper patch package scans the machine, checks exact version ranges of installed software and only sends out what's needed, reports back on machines that install/reject/don't need it and history, and use the Windows Update Agent infrastructure on the PCs to do this. – GAThrawn Feb 16 '10 at 18:05