Jump to content


  • 0
anyweb

Configuring Software Update Point within SCCM

Question

This guide assumes you have SCCM 2007 setup as described here. This guide was based upon a document entitled Patch Management directions for SCCM by Christopher Stauffer which you can find here.

 

Please note that this guide is designed to help you get a working SUP in SCCM in a LAB Environment as quickly as possible. This guide is provided as is, if you find any errors please report them in the forums.

 

In a production environment please consult Technet for best practise, see below links:

 

Superflow:

 

Software Update Deployment SuperFlow

 

 

About Software Update Point:

 

About Software Update Point

 

Planning:

 

Planning for Software Updates Client Settings

 

Configuration:

 

Configuring Software Updates

How to Configure the Software Updates Client Agent

How to Create and Configure an Active Internet-Based Software Update Point

 

Best Practices:

 

Configuring Configuration Manager Sites for Best Performance

Checklist for Security Best Practices

Best Practices for Central and Primary Site Hardware and Software Configuration

Best Practices for Operating System Deployment

 

Software Update Point process Flowcharts:

 

Software Updates Synchronization Process Flowchart

Software Update Deployment Process Flowchart

Deployment Package Process Flowchart

 

Related:

 

How to obtain the latest version of the Windows Update Agent

 

 

1. Install WSUS

 

Install WSUS but do not configure it. Once done, make sure the Software Update Point Role is installed on the SCCM Server.

 

sup_role.jpg

 

Once you've added the Software Update Point role, verify that it is installed by checking the SUPSetup.log, it should have a line which reads Installation was successful

 

2. Create some Search Folders

 

In the Software Updates section, right click on Search Folders and choose New Folder,

 

enterprise_searches.jpg

 

give the new folder a name like Enterprise Searches (we willl store our yearly searches here)

 

ent_searches.jpg

 

Right click on our new folder and choose New Search Folder,

 

new_search_folder.jpg

 

select the following options from step 1 (in the screenshot),

 

BulletinID, Expired and Superseded

 

choices.jpg

 

in step 2, Set the BulleinID to MS plus the last two digits of the year eg: MS08

Set Expired to No

Set Superseded to No

 

Make sure that Search All folders under this feature is selected and give the search a name, eg: 2008 patches

 

search_folder_criteria.jpg

 

Now that you know how to make a Search Folder, let's make one for Monthly searches, so right click on Enterprise Patches and choose New Search Folder

 

Fill it in as follows

 

monthly_search.jpg

 

and now make one for Windows Server 2008, we do this by adding Product as a search criteria and typing in the search phrase to look for, naturally you can customise it to suit your needs.

 

server_2008_patches.jpg

Share this post


Link to post
Share on other sites

Recommended Posts

  • 0

you must keep the blank for staging collection EMPTY at ALL TIMES

 

never put systems in it and never link to other collections in it, ever.

 

you do this because all of your Deployment Management Tasks will point to the 'blank for staging' collection by DEFAULT. That is the way you want it to be, the LAST thing you want to happen is for an untested patch or service pack to go out to all your servers or clients causing mayhem in your organisation

 

keep blank for staging empty Always, and use the phase 1,phase 2, phase 3 and test subcollections to test patches, working your way from

 

test > phase 1 > phase 2 > phase 3

 

by the time you've reached phase 3 ALL of your systems should be targetted and patched with your selected patches and you then point your Deployment Management tasks back to blank for staging

 

cheers

Share this post


Link to post
Share on other sites

  • 0

Hmmmm....right at the start you say "Install WSUS but do not configure it. "

 

We already have WSUS here for years. Now with SCCM installed how do we configure it?

Same way as this guide?

 

I tried, but SCCM does not initiate a download on WSUS. I dont know how to fix it.

Share this post


Link to post
Share on other sites

  • 0

I found this in the SCCM documentation:

 

Using an Existing WSUS Server for a Software Update Point

You can use a WSUS server that was active in your environment before installing Configuration Manager 2007, but client computers connecting to the WSUS server will scan for all software updates in the WSUS database. This might result in client computers returning compliance state information for software updates outside of the configured classifications, categories, and languages. Before using an existing WSUS server as an active software update point site system, it is recommended that the software updates metadata is deleted from the WSUS database if possible. The WSUS server will be synchronized with new software updates metadata based on the settings configured for the active software update point.

 

 

 

Hmmmm....right at the start you say "Install WSUS but do not configure it. "

 

We already have WSUS here for years. Now with SCCM installed how do we configure it?

Same way as this guide?

 

I tried, but SCCM does not initiate a download on WSUS. I dont know how to fix it.

Share this post


Link to post
Share on other sites

  • 0

I found this in the SCCM documentation:

 

Using an Existing WSUS Server for a Software Update Point

You can use a WSUS server that was active in your environment before installing Configuration Manager 2007, but client computers connecting to the WSUS server will scan for all software updates in the WSUS database. This might result in client computers returning compliance state information for software updates outside of the configured classifications, categories, and languages. Before using an existing WSUS server as an active software update point site system, it is recommended that the software updates metadata is deleted from the WSUS database if possible. The WSUS server will be synchronized with new software updates metadata based on the settings configured for the active software update point.

 

How do you delete those "software updates metadata" because we had also a working WSUS and coupled our SCCM to it and I never deleted anything but I can see that I don't have all machines in my compliance sheets. I can see there is something that doesn't give the right information. :huh:

Share this post


Link to post
Share on other sites

  • 0

hi kingskawn sorry i just posted that screenshot for another post on technet, it wasnt directed at you.

 

are you software updates working ok or not ?

Hi 'Anyweb.' Just wanted to say thanks for taking the time and effort to put together this article, found it very helpful having just deployed my first SCCM2007 setup. Kepp up the good work! :)

Share this post


Link to post
Share on other sites

  • 0

Hi 'Anyweb.' Just wanted to say thanks for taking the time and effort to put together this article, found it very helpful having just deployed my first SCCM2007 setup. Kepp up the good work! :)

 

thanks !

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.