Jump to content


  • 0
anyweb

Configuring Software Update Point within SCCM

Question

This guide assumes you have SCCM 2007 setup as described here. This guide was based upon a document entitled Patch Management directions for SCCM by Christopher Stauffer which you can find here.

 

Please note that this guide is designed to help you get a working SUP in SCCM in a LAB Environment as quickly as possible. This guide is provided as is, if you find any errors please report them in the forums.

 

In a production environment please consult Technet for best practise, see below links:

 

Superflow:

 

Software Update Deployment SuperFlow

 

 

About Software Update Point:

 

About Software Update Point

 

Planning:

 

Planning for Software Updates Client Settings

 

Configuration:

 

Configuring Software Updates

How to Configure the Software Updates Client Agent

How to Create and Configure an Active Internet-Based Software Update Point

 

Best Practices:

 

Configuring Configuration Manager Sites for Best Performance

Checklist for Security Best Practices

Best Practices for Central and Primary Site Hardware and Software Configuration

Best Practices for Operating System Deployment

 

Software Update Point process Flowcharts:

 

Software Updates Synchronization Process Flowchart

Software Update Deployment Process Flowchart

Deployment Package Process Flowchart

 

Related:

 

How to obtain the latest version of the Windows Update Agent

 

 

1. Install WSUS

 

Install WSUS but do not configure it. Once done, make sure the Software Update Point Role is installed on the SCCM Server.

 

sup_role.jpg

 

Once you've added the Software Update Point role, verify that it is installed by checking the SUPSetup.log, it should have a line which reads Installation was successful

 

2. Create some Search Folders

 

In the Software Updates section, right click on Search Folders and choose New Folder,

 

enterprise_searches.jpg

 

give the new folder a name like Enterprise Searches (we willl store our yearly searches here)

 

ent_searches.jpg

 

Right click on our new folder and choose New Search Folder,

 

new_search_folder.jpg

 

select the following options from step 1 (in the screenshot),

 

BulletinID, Expired and Superseded

 

choices.jpg

 

in step 2, Set the BulleinID to MS plus the last two digits of the year eg: MS08

Set Expired to No

Set Superseded to No

 

Make sure that Search All folders under this feature is selected and give the search a name, eg: 2008 patches

 

search_folder_criteria.jpg

 

Now that you know how to make a Search Folder, let's make one for Monthly searches, so right click on Enterprise Patches and choose New Search Folder

 

Fill it in as follows

 

monthly_search.jpg

 

and now make one for Windows Server 2008, we do this by adding Product as a search criteria and typing in the search phrase to look for, naturally you can customise it to suit your needs.

 

server_2008_patches.jpg

Share this post


Link to post
Share on other sites

Recommended Posts

  • 0

I have been administrator since SMS2003 and have a couple questions that I can not figure out.

I have read many posts here and did look at the link http://www.windows-noob.com/forums/index.php?showtopic=812

how to install WSUS on remote site.

 

I am using SCCM 2007 at this time, WSUS is fully installed on three servers.

One Primary site SCCM 07 server and two secondary site servers used as distribution and SUPs.

I can re-image computers using tasks and USMT, push software packages .

We have the WSUS setup to automatically download Forefront definition updates which gets pushed out automatically.

We want to control how security updates get pushed out manually by placing the computers in collections which is working fine.

 

my question:

I want computers in the secondary sites to download updates from them instead of pulling from the primary site server.

I did the full installation of WSUS in the secondary sites and now want to know how to let them pull from the primary and be controlled from the primary.

I am simply confused about the selections on the wsus setup.

Share this post


Link to post
Share on other sites

  • 0

Thanks for the reply Peter. I do have a distribution point on the two secondary SCCM servers but I cannot get the WSUS installed correctly on them because I get errors in the Site System Status that others have talked about in this form. I read the install procedure for the remote install of WSUS but I do not think that is what I need in this scenario.

it appears there are two ways to use the remote wsus?

It looks like I can use the primary SCCM to control the secondary DPs but WSUS is required on the Primary and the two secondaries.

I installed WSUS on all three servers with full install. Both secondaries became replicas of the primary WSUS. Is that the correct way to install them.

I did not select the option to use ports 8530 and 8531 but left them at port 80 and 443.

Share this post


Link to post
Share on other sites

  • 0

If you want the clients on the secondary site to use a local WSUS, then you should install WSUS on there and let the software update point handle the configuration. If you installed it on port 80/443 then make sure to configure that in the software update point configuration.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.