Search the Community
Showing results for tags 'ADR'.
Found 15 results
As someone who is installing his first SCCM solution, I hope this is something easy. I believe that SCCM is deleting kodak scanner drivers from our Windows 10 LTSB 2016 clients, however I don't believe I have any drivers set to update within SCCM. I currently have our Windows 10 ADR set to run on the 2nd Friday of each month and SCEP / Defender updates running each morning @ 1:00am. (Users report seeing the Config Manager Taskbar notification on occasion throughout the month though) When looking at the Driver events all clients seem to lose their Kodak i2xxx scanner driver between 10:30am and 10:50am Finally, when I disabled my ADR's for a few days the drivers were not deleted during that time. Current Site settings: Current Windows 10 Automatic Deployment Rule Settings:
Cleaning up ADRs & SUGs
Petrucci914 posted a question in System Center Configuration Manager (Current Branch)Hello Everyone, I want to get in the habit of cleaning up my SUGs created by my ADRs. I'd like to do this every 6 months but I've run into a problem. Within one of my ADRs, for example, I have the following set for the 'Title' options: -Preview -Security Only Quality Update -Security Only Update -x86 If I want to roll-up updates from the last 6 months into a single SUG, I am unable to enter in these items for the 'Title' option when searching from the 'Software Updates' node. I can only choose one. Aside from that, what is the best practice for rolling up these patches? Do I delete the SUGs, delete the content within the current package, and then when the next ADR runs things will have a fresh start? My SCEP ADR uses the same SUG so what is the best method of cleaning that up?
Possible bug in creation of ADR - SUG
Rocket Man posted a question in Configuration Manager 2012Created ADRs for the new update servicing models, some while back now - Monthly rollup and .NET updates. ADR's created fine with no errors - for example ADR:.NetReliabilityMonthlyUpdateWin7 ADR:Windows8.1MonthlyRollUp Have just stumbled across a possible bug - maybe this is a known bug or is isolated to this CM setup. When you go into the properties of the SUG it states that I must specify a valid name for software update group? It is due to the single . in the names of the ADRs - can anyone confirm they have similar issue? Have re-edited name of SUG removing any single .'s from name and all is OK I have came across this blog that states changing the desc and name of SUGs have no bearing on the deployments and will not trigger another cycle - https://social.technet.microsoft.com/Forums/en-US/a9560993-efa6-48a8-a28a-bb0d5a472bef/sug-name-change?forum=configmanagersecurity Thanks
AutoMatic Deployment Rules for Updates
legion99 posted a question in How do I ?We are in an SCCM 2012 Windows 7 environment and would like to use Automatic Deployment Rules to deploy updates. I have worked out a strategy of using the Custom Severity to allow us to manually choose which updates we want to apply as well as creating multiple rules for multiple locations to spread out the distribution throughout our environment. They have been tested and work correctly. However our SCCM co-administrator is demonstrating what is in my opinion an extreme over abundance of caution regarding these rules and does not want them applied in our environment. The two concerns expressed are: -When we do the sync with Microsoft something will go wrong and the wrong updates will be applied to the wrong computers (I can't possibly see this happening) -There will be issues when we eventually upgrade to R2. (I have not been able to find any evidence that this would happen) Has anyone experienced issues with ADR bad enough to not use it? Can someone help me assure my co-administrator and manager that this level of caution is not necessary?
Automatic Deployment Rules "delete" updates from SUG
Iroqouiz posted a question in Configuration Manager 2012Hi, I've noticed something odd about my Windows Updates. I have ADRs which run on Patch Tuesday, one for Windows 7, 8, Office 2010 and 2013. The updates are placed in four respective Software Update Groups. It seems like older updates are removed from those SUGs. The rules have been in place since the beginning of January. Right now there should be a few dozen updates in this SUG but there are only two. If I filter all my updates like below (to double check that the updates aren't expired/superseded) it finds 24 updates. Why aren't these in my SUG above? The ADR is set to add updates to an existing SUG. Here are the filters. I can't figure out what's happening. My goal was to not really have to pay updates any attention but it seems like I now have to spend time double-checking that all my updates are deployed correctly.
Automatic Report of Updates Found by ADR, Monthly?
nylentone posted a question in Configuration Manager 2012We have ADRs set up to find updates monthly then create deployments (not enabled) for our servers. We would like a nice report of what updates were found by the ADRs emailed to Web and Dev teams so they can review them. How can this be done? I haven't found any built-in reports that seem to do the job. Figured someone here has probably needed the same thing. Many thanks!
JTPort posted a question in Configuration Manager 2012Hi All, Just wondering how people do there software updates for servers and workstations using SCCM 2012. Do you use ADR's to create a new update group each month after patch Tuesday, and have a separate one for out of bands updates? Do you then have several different collections for servers and workstations for pilot, dev and production phases? Just trying to get an idea as to how to create a software update plan for my environment.
Endpoint Protection ADR errors
jester805 posted a question in Configuration Manager 2012I have a Windows 2012 server running SCCM 2012 SP1 CU4. I use it primarily for Endpoint Protection and Windows Updates. I have several Automatic Update Rules to deploy Endpoint definitions every night. I was going through some of the Deployments (to check for errors and such) when I saw that almost all of them had errors. Under Monitoring --> Deployments I click on the Error tab and what I see is this: Last Enforcement Error Code: 0X80070643 and it was dated 5/7/2014. Also, it shows my compliance at only 6.0%. My own PC was listed as having this error so I opened the System Center Endpoint Protection application. I clicked on the Update tab and it shows Up to date with "Definitions last updated: 5/11/2014." Is this something I should worry about since the "successful" date is after the "error" date? On my client PC, I looked at the EndpointProtectionAgent.log file, but did not see any errors. Are there other log files I should look at to find more details about the error? I also see this entry in the Event Viewer (under Event Viewer --> Windows Logs --> System): Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.1491.0). There are other successful messages in the Event Viewer after that message. Maybe just something wrong with that particular update on that particular date?? Thanks in advance!
Windows Updates download only?
jcortez103 posted a question in Configuration Manager 2012I'm running 2012 SP1 and I have an ADR setup for my workstations to automatically download and install. I'd like to handle the servers differently. Is it possible to configure the servers to simply download the patches but only install when I choose to? I know I can do this with WUS, but is it possible with SCCM?
SCCM 2012 Software Updates
Pgrantland posted a question in Configuration Manager 2012Hello, The guy the use to do the server updates retired and my boss would like to utilize SCCM 2012 to do the updates. They are currently getting there updates from WSUS and group policy. He has specific policies setup to restart specific servers at certain times of the day according to what works for the users. I'm thinking the best way of doing this with SCCM would be to create a software update group that contains those servers he had in the policy which can get restarted on the same day or at the same time. My question is that these servers are Server 2003, Server 2008 and Server 2012 systems. Can I have one group that contains three different Operating Systems and apply all security and critical updates to these servers or should each group only contain one specific Operating System? Any help on the best way to setup these groups and deploy windows updates to them would be greatly appreciated. How does your organization go about deploying Windows Updates to your servers\desktops? Thanks Pat
SCCM 2012 - WSUS Issues
Edenost posted a question in Configuration Manager 2012Hello forum! Firstly, I would like to thank anyweb for all of his guides and help he has been able to give us all!! Anyway, I am after my own little bit of personal help. I have successfull installed and deployed SCCM 2012 to a live AD Environment. It already has a WSUS server, but I have since changed Group Policy to point to my new SCCM Server. I have added the SUP and DP roles to SCCM, and configured WSUS as you have explained i: using System Center 2012 Configuration Manager - Part 5& using System Center 2012 Configuration Manager - Part 9. Deploying Monthly UpdatesIt has successfully downloaded and deployed updates to my PC's (XP in this case, but I do have others like Server 2003, 2008, 2008R2 and Windows 7). It shows in the Software Center: As you can see, it is showing 0% downloaded. It has been like this for a couple of days now, and if I try to get another to run at the same time, it says no because there is an install already in progress. I have seen this post, and tried the boundary changes, and also adding the DP to a DP Group, but no luck (reverted the boundary back to AD now, but left DP in DP Group, as I can't see it being a bad thing?!?). I have followed the guides to the word, except for the odd word where I have had to name things to match our naming convention of course lol. I hope someone can help me, as I am in the middle of creating a new Image for my network (both Windows XP and Windows 7), and I would prefer as many updates already applied as possible before I take the image, and of course, I would like to have it all working . EVERYTHING else seems to work, from deploying software and images, to creating device collections with rules. This is the ONLY issue I have. And one last thing, WSUS has been installed on the new server, never touched, just opened once accidentaly and then closed immediately, nothing touched. Also, the old WSUS server is still up, but nothing is talking to it at the moment. Thanks very much to anyone who can help me, I hope this post can help and relate to others too! Phil
ADR not Creating: Deployment Packages
brink668 posted a question in How do I ?I edited my ADR after creating it, and it stopped creating the Deployment Package. I had to delete my ADR and create a new one from scratch to make it work again. How do you do the following: Edit the location of downloads of the ADR for the Package, I can't find this location for the ADR after I create it. If someone deletes the source folder for the Package is there anyway to re-create it without having to re-make the entire ADR rule? When creating the ADR Rule I can see this section below can I get to this section after I am finished making the ADR? My ADR Rule says: ADR 0x80004005 Unspecified Error My Log says: Content download failed. Message: Failed to download one or more content files. Source: SMS Rule Engine. If I remake the rule it works fine... but why do I have to do this...
Automatic Deployment Rule Unknown Error
er_tomas posted a question in Configuration Manager 2012Hello everyone. I have installed SCCM 2012 thanks largely to the amazing guides found on this forum. I have a problem with an ADR that deploys Endpoint Protection updates. When trying to run the rule, it shows the following error: 0X87D20417. Unknown Error. http://db.tt/zcUL3S1O The rule stopped working on saturday. It was working fine before that. This is the second time this happens to me. The first time, I deleted the rule and created it again, however I would like to find the cause for this. Thank you in advance. EDIT: I have found this error on ruleengine.log: "Failed to download the update from internet. Error = 12150" Doing some research, this error seems to be related to filters getting in the way of the server, however this server does not have any filters applied. Whats even weirder is the fact that it stopped working on saturday.
Automatic Deployment Rules for patch managment
Howard posted a question in Configuration Manager 2012I am implenting ADR for patch managment and I am having a bit of a Property filter issue. I would like to create an ADR that creates monthly deployments for my patch managment that I have control on when deploying. So I have checked Create new Software Update Group under general and cleared the "enable the deployment after this rule is run". My problem is setting up the property filters under software updates. Here are my concern: If I check "date released or revised" and set it to last 30 days, my first Software Update Group will only have Updates valid for the last 30 days. If I don't set that time frame it will create a new group each month with all the current updates and over time that will put me over the 1000 update mark esplecially if I incorprate SCUP. What should i do to set that first deployment or how should i setup my property filters? Any thoughts?
How are you using ADR's for patch deployment?
h4x0r posted a question in Configuration Manager 2012Hello everyone, Obviously setting up an ADR for FEP is pretty straight forward, but I was curious what other people are doing with ADR's to handle patch deployment...are there any particular settings you use for filter settings? How often do you have them run? Do you have different ADR's for different patch severity? Thanks for any input!