Almost a year ago I had a post with questions on the patch scan process.

I have been reviewing my patch process again due to Student laptop's getting re-imaged this summer. I am hoping I can get some additional information based off the replies from that post.

1. It was stated that monthly patch bundles were created and deployed. I am unsure how that is best accomplished. If I create an all Microsoft (Windows 7 for example) Patch bundle for each month, yet the workstations it is deployed to may not require the patch, would this not cause the bundle to fail? If it just fails on that section will the remaining patch's continue to deploy?

What is the best way to deploy a monthly patch bundle? In the past I would create a patch bundle through the Patch Management area for Windows 7 but assign to only a single workstation and then go back and assign to the Windows 7 group as a "run on ref" option. Is it better to assign the patch bundle to all nonpatched devices? If this is done will a system that is reimaged and no longer has the patch or a new system created after the bundle create be automatically assigned said bundle?

Any other good strategies for patching systems? I create custom bundles for Adobe, Java, and Quicktime to ensure I control how they are deployed. Java seems to be one that works better when older versions are not installed. This method seems to be working well for those products. It is my MS Windows updates that are way off the mark. I have most of my systems with 60 to 80 patches reported ready. No matter how many times I deploy the patches they never seem to report as patched on the devices (Even tho the bundle reports back as successful). I am getting ready to start an SR since I think this is an issue with the server since so many of my systems are doing this. Good deployment procedures would be nice since I really hate to mess with my Universal WIndows image since it is working so well. Recreating it just to patch it with the latest Windows Updates would be pain.