Managing monthly updates in SCCM

[anyweb]

Introduction

 

In this guide I will show you one way of updating your monthly updates released from Microsoft on the second Tuesday of every Month. Many different scenarios can be followed to deploy software updates. In this example, we will use a Software Updates Deployment Package called All Windows XP Updates to store the updates we want made available to our XP machines. We will create a new Deployment Management Task to deploy the new updates, and we will clean up our previous Deployment Management Tasks and remove any expired updates referenced in it by deleting them. As we are not using Update Lists in this guide we will not be concerned with reporting, but if you want to report on the status of your Updates, you should use Update Lists as Part of your Process.

 

 

 

This Deployment Package had been created earlier when setting up the Software Update Point, but you can create a new one if you need to.

 

We will use a Deployment Management task to start the deployment called All XP Updates.

 

 

and as you can see from the screenshot above it contains some updates which are expired and this is noticeable because of the Grey Icon.

 

 

We will also use our Windows XP All Updates search folder which is created with the following Search Folder Criteria

 

 

Step 1. Run a Synchronisation.

 

Expand your Software Updates node in configmgr, right click on Update Repository and choose Run Synchronisation. Answer Yes when prompted. You can verify that the synchronisation process has completed in the Site Status, Component Status, SMS_WSUS_SYNC_MANAGER log. Look for Message ID 6702 which is SMS WSUS Synchronization Done.

 

 

 

Step 2. Check our Deployment Package

 

To start off the monthly update process we need to first see what updates we currently have in our Deployment Package and remove any expired or superseded updates contained within.

 

Expand your Software Updates node in configmgr, expand the Deployment Packages node and highlight the All Windows XP Updates Deployment Package. Expand the Software Updates node within so that you can see what updates we have, click on the Bulletin ID heading to sort our updates.

 

 

Take note of the Expired or Superseded updates and highlight them and once done right click and choose Delete. You can press CTRL while selecting these updates and don't forget to scroll so you see all updates.

 

 

We only want Green updates in our Deployment Package.

 

Click ok when prompted about the Delete process

 

 

click ok if prompted about Deployment can fail process, this is ok as we will be updating the Deployment Management Task.

 

 

At this point we now have removed all the expired updates so only green 'good' updates are left, sort the updates by BulletinID again and take note of the most recent one, in our case that is MS09-026

 

[tcwatson]

Great tutorial but I'm not sure if there's a step missing, or I missed a step.

 

I don't see where the updates deleted from the Deployment Package got cleared up from the Deployment Management Task. After running through the tutorial, all of the grey icons are gone from the package, but those deleted updates still show up as part of the Task, which I think is going to cause issues.

 

I think the console even warned me that there would be issues, but I don't see where we updated the task like the tutorial mentions. Or did I miss it?

 

-T

[anyweb]

i need to update the post, i'll try and do it soon

 

basically, if an update is grey, it's expired and expired updates will never install so if they are in an deployment management task they won't install.

 

to recap:

 

cleanup your Deployment Management task and remove any expired updates,

 

then cleanup your Deployment Package,

 

the order should be sequential from top of the SUP node down, i'll edit the post to reflect this (and will post a note to confirm the edit is done) soon. You could of course go the other way but there may be a short period where users have a policy referencing an update which doesnt exist, but it's expired anyway so shouldn't matter, but... test it yourself to confirm.

 

cheers

niall

[kchusa]

Hi, I have a problem i am stuck at delete updates popup, first time this has happened. I click delete updates and the circle keeps spinng and I can never click ok, i have tried several times, shutdown and restarted. i have 34 updates that are expired in the package and trying to delete them, it finds them but it hangs. any ideas?

[Peter van der Woude]

I think that's more of an problem with the console (MMC). Did you try closing it and starting it again? Or did you try on another console?

[Ted the Chilehead]

i need to update the post, i'll try and do it soon

 

basically, if an update is grey, it's expired and expired updates will never install so if they are in an deployment management task they won't install.

 

to recap:

 

cleanup your Deployment Management task and remove any expired updates,

 

then cleanup your Deployment Package,

 

the order should be sequential from top of the SUP node down, i'll edit the post to reflect this (and will post a note to confirm the edit is done) soon. You could of course go the other way but there may be a short period where users have a policy referencing an update which doesnt exist, but it's expired anyway so shouldn't matter, but... test it yourself to confirm.

 

cheers

niall

 

 

This seems very confusing. So, you are cleaning up MULTIPLE management tasks AND MULTIPLE deployment packages each month?

[anyweb]

you can do it whatever works for you, you don't even have to use Update Lists unless you want to report on the deployments, this is only one way of doing it, feel free to post an alternative

[Ted the Chilehead]

you can do it whatever works for you, you don't even have to use Update Lists unless you want to report on the deployments, this is only one way of doing it, feel free to post an alternative

 

I'm tryin to wrap my head around something that could be, but no luck. I was just confused about the steps at the end. I need to play around with this. I like the simplicity of WSUS by itself, but I do like the flexibility of software updates and reporting in SCCM. If I find something or come up with an alternate method, I will post it. One great thing about your post here is that it's one of the more clearer "how to guides" with screen shots. You don't find many other examples out there like that.

[Ted the Chilehead]

Ok. I see what you were saying in a different post which clears this up for me.

 

When you synch your update respository, you can pick new updates and:

 

1) Add the new updates to the update list (if reporting)

2) Add the new updates to the update repository

3) Add it to a NEW update management task using a deployment template

 

What I did to make selecting expired and superseded items easier to select and find was to change the column view so that "Expired" and "Superseded" were the first two columns. I have the following columns whenever I am viewing updates either in search folders, deployments, and deployment packages...

 

Expired, Superseded, Bulletin ID, Article ID, Title, Downloaded, Date Released, Dave Revised.

 

Using this method I better able to choose which have been expired or been superseded to delete. Then, when adding new updates, I can sort by date revised and date released OR by the bulletin ID... this comes in handy when downloading definition updates such as updates for FCS as they don't have bulletin ID's.

 

So, most of my steps follow yours in the plan I'm laying out for our helpdesk folks with the primary exception being: while cleaning up updates from the list and the repository, remove the deployment task from the previous month. Then, add new updates to the update list, respository and deploy the new updates to a new task for the current month.

 

Thanks for your posts and screen shots. It's a great base to start with as you can see I believe we'll adapt this method you've demonstrated.

[bekker]

Hi im new to sccm and found your forum very useful however i have question is it possible to create one deployment management contain all update i mean xp,2003,2008 and then target by template for each os

thanks in advance

• Reply
  
• Report
  
• 
  

[hashirph]

Thanks for the great article ... It really helped a lot while configuring the setup in our company..

 

I have a question ...

 

When I deploy a software update ( Windows Patch ) to the clients, normally how much time it takes to get to the clients... I have seen when I create a software deployment task, it comes very fast, but in case of a patch update using software update in SCCM , I have to wait two or three days to see the result on the clients...

 

How can I make it more faster....