Jump to content


cm4coc

Problems deploying critical OOB patch MS15-093

Recommended Posts

Our machines all require the pre req patch MS15-079 to be installed first so we can install MS15-093. I create a deployment including MS15-079 and MS15-093. The machines receive MS15-079 which prompts a reboot after installing and then after the reboot MS15-093 is not installed because CM sees it as not required due to the software update scan not being run yet which can take up to a week. So is this normal we have to wait up to a week for the software update scan to run before both patches will be installed? Not very effective or efficient for patches that need to get out ASAP such at MS15-093. Is there a way to force a software update scan after MS15-079 is installed and machine is rebooted?

Share this post


Link to post
Share on other sites

To answer your questions:

 

 

Is there a way to force a software update scan after MS15-079 is installed and machine is rebooted?

 

Yes.

 

WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000113}" /NOINTERACTIVE

 

However, I wouldn't recommend doing that. I'd personally recommend (and we have done this on ~8k machines, with zero issues):

 

1) Use PowerShell App Deploy

2) Download all the MSUs you need; Windows 7, Windows 8, IE8, 9, 10, etc.

3) Use the Install-MSUpdates command to install the MSUs:

 

If ($Is64Bit)

{

 

Install-MSUpdates -Directory "$dirFiles\Updates\x64\First"

Install-MSUpdates -Directory "$dirFiles\Updates\x64\Second"

}

else

{

Install-MSUpdates -Directory "$dirFiles\Updates\x86\First"

Install-MSUpdates -Directory "$dirFiles\Updates\x86\Second"

}

 

 

Basically, I've placed all of the "Cumulative" update, depending on architecture, into the Updates\<Architecture>\First folder. The MSU will be installed if it's not present. It'll then go onto the next folder, the "Second", and install the MSU for the OOB update there.

 

This ensures they get installed (if needed) in order.

 

You can use App model to determine applicability by utilizing the Get-Hotfix command:

 

Get-HotFix | Where-Object {$_.HotfixID -eq 'KB3087985'}

 

Voila.

 

Package it up, deploy it, and be happy.

 

You could also, if you don't like using PSAppDeploy, just chain together two wusa installs of the individual MSUs depending on architecture/OS/IE revision, but that's a lot of work.

Share this post


Link to post
Share on other sites

Thanks for the suggestion. I'm just going to temporary decrease the interval for software update scans in the client settings to 24 hours so they should both be installed within a day at least that way.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...