Hi, @Roberto
Thank you for posting in Microsoft Q&A forum.
- What is the role of "Software Update Groups"(SUG)?
If we only deploy one update to clients, we do not need the SUG, if we deploy multiple updates to clients, we need to put the multiple updates to a SUG, then deploy the SUG to clients.
2) What is the role of "Deployment Packages"?
We need to download the updates content and put them into deployment packages, then distribute them to the DP, then client contact to DP for the contents.
3) How the two above relate and interact with "Automatic Deployment Rules"?
ADR used to deploy multiple updates automatically to clients, so it will need the SUG and Deployment Packages.
4) Why are all my client getting the updates even though I associated my automatic deployment rule to deploy to a collection that includes only a handfull PC?
You may check the update in SCCM console "All Software Updates" to see how many deployments are assigned to the update.
When we use SCCM to deploy updates to clients, we do not need to do any operations in WSUS normally, the settings in SUG component properties will sync to WSUS automatically.
To uninstall windows updates by SCCM, we may refer to this article:
https://systemcenterdudes.com/sccm-uninstall-windows-update/
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.