Jump to content


  • 0
anyweb

Managing monthly updates in SCCM

Question

Introduction

 

In this guide I will show you one way of updating your monthly updates released from Microsoft on the second Tuesday of every Month. Many different scenarios can be followed to deploy software updates. In this example, we will use a Software Updates Deployment Package called All Windows XP Updates to store the updates we want made available to our XP machines. We will create a new Deployment Management Task to deploy the new updates, and we will clean up our previous Deployment Management Tasks and remove any expired updates referenced in it by deleting them. As we are not using Update Lists in this guide we will not be concerned with reporting, but if you want to report on the status of your Updates, you should use Update Lists as Part of your Process.

 

 

all_windows_xp_updates_deployment_package.jpg

 

This Deployment Package had been created earlier when setting up the Software Update Point, but you can create a new one if you need to.

 

We will use a Deployment Management task to start the deployment called All XP Updates.

 

all_xp_updates_deployment_management_task.jpg

 

and as you can see from the screenshot above it contains some updates which are expired and this is noticeable because of the Grey Icon.

 

icon_meanings.jpg

 

We will also use our Windows XP All Updates search folder which is created with the following Search Folder Criteria

 

search_folders.jpg

 

Step 1. Run a Synchronisation.

 

Expand your Software Updates node in configmgr, right click on Update Repository and choose Run Synchronisation. Answer Yes when prompted. You can verify that the synchronisation process has completed in the Site Status, Component Status, SMS_WSUS_SYNC_MANAGER log. Look for Message ID 6702 which is SMS WSUS Synchronization Done.

 

sync done.jpg

 

 

Step 2. Check our Deployment Package

 

To start off the monthly update process we need to first see what updates we currently have in our Deployment Package and remove any expired or superseded updates contained within.

 

Expand your Software Updates node in configmgr, expand the Deployment Packages node and highlight the All Windows XP Updates Deployment Package. Expand the Software Updates node within so that you can see what updates we have, click on the Bulletin ID heading to sort our updates.

 

bulletin_id.jpg

 

Take note of the Expired or Superseded updates and highlight them and once done right click and choose Delete. You can press CTRL while selecting these updates and don't forget to scroll so you see all updates.

 

delete_grey.jpg

 

We only want Green updates in our Deployment Package.

 

Click ok when prompted about the Delete process

 

the_selected_updates_will_be_removed_from_the_package.jpg

 

click ok if prompted about Deployment can fail process, this is ok as we will be updating the Deployment Management Task.

 

deployment_to_fail.jpg

 

At this point we now have removed all the expired updates so only green 'good' updates are left, sort the updates by BulletinID again and take note of the most recent one, in our case that is MS09-026

 

all green.jpg

Share this post


Link to post
Share on other sites

Recommended Posts

  • 0

I have one more on this:

 

I have SCCM R2 with server 2008.I created a standard template for Windows XP machines with some custom settings.

I have few updates that are required by clients.I started deploying these to my client PCs.when i do this,i have come acroos an option to downlaod software updated either from internet or from network location.I have placed all the updated in a shared location(\\PRODSCM\Updates\November).When i select this folder to get these updates,I do see only the folders for these patches(which are inside the november folder) not the content inside( ilke .exe files).But if i select the any patch folder ,i can see only that patch gets updated to DP but not all the patches.Can some tell me is there any option to get all the patches one at a time ?

Share this post


Link to post
Share on other sites

  • 0

I have 20 patches and a standard template with some custom settings.Now i created a package (Test package) for these 20 patches and advsetised on to XP machines.SO it install succuessfully without any issues(of course again in this case,user invention is required to click on the taskbar icon)

 

Now my question:is it possible for me to create a another package that should has only 6 patches(from above 20) so i can distrbute only these patches to another collection with standard template.

 

I have tried to do this but i can see only new deplyment management that consists of 6 patches .

 

It assumes that,if a patch is already downloaded onto DP and member of Any packages,it wont comes under newly created package ?

 

I am not sure if this information makes you to understand my quiry but if anything requires i can post some more information .

 

Regards,

Eswar.

Share this post


Link to post
Share on other sites

  • 0

You do not need multiple packages when you need to use updates that already excist in a package. Just create a new deployment in which you select the needed updates, ONLY the selected updates in the deployment will be advertised

 

 

Yes i aggree but if i have package called "October" and deplyment called "october" with 20 patches in the package.i have created new deplyment called "November" and advertised on to some collection.If i want to delete unwanted packages which already deplyed,how can i do it if i am not sure bcz the deplyment called is "november" and pcakage exits is "October" ?

Am i thinking wrong here?

 

Regards,

Eswar.

Share this post


Link to post
Share on other sites

  • 0

Hi all,

 

I'm still reading this update deployment stuff so forgive me if I misunderstood something.

 

First of all, this is a great post!

 

Second ... question:

Let's say I have been managing the updates for several months now.

Based on your guide, to deploy the latest updates we need to:

- select which update(s)

- download it

- select it(them) again

- deploy it

 

Now, how do we know which update already been downloaded?

Can it be just "automatic"?

I mean, it would be easier when we choose to deploy an update(s) it will just auto-download if it's not exist in the source package.

 

 

Ap

Share this post


Link to post
Share on other sites

  • 0

depends on what your criteria are,

 

Microsoft releases updates every month, some are security related (bulletin ID) some not...

 

as you want your machines to be secure, using the Bulletin ID is a good idea (and best practise).

 

if you want your XP or Vista or 7 machines to get access to the other updates then make them available as a separate Deployment Management task and package, at least thats the way I do it.

 

here's one SAMPLE suggested layout of a SUP using search folders categorised to find updates quickly sorted by client/server and further broken down into year, security udpates and all updates... etc.

 

 

 

windowsnoob sup.jpg

 

cheers

niall

Share this post


Link to post
Share on other sites

  • 0

Yes I have a similar issue. How do you include updates which don't have an "MS0X" Bulletin ID in a month based set of search folders? I can see the names of some of your search folders listed and I can't think how to achieve them.

 

I'm trying to devise a nice system for covering monthly bulletins and also everything else that MS release each month and am having trouble coming up with a decent structure. :(

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...



×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.