Jump to content


  • 0
anyweb

Configuring Software Update Point within SCCM

Question

This guide assumes you have SCCM 2007 setup as described here. This guide was based upon a document entitled Patch Management directions for SCCM by Christopher Stauffer which you can find here.

 

Please note that this guide is designed to help you get a working SUP in SCCM in a LAB Environment as quickly as possible. This guide is provided as is, if you find any errors please report them in the forums.

 

In a production environment please consult Technet for best practise, see below links:

 

Superflow:

 

Software Update Deployment SuperFlow

 

 

About Software Update Point:

 

About Software Update Point

 

Planning:

 

Planning for Software Updates Client Settings

 

Configuration:

 

Configuring Software Updates

How to Configure the Software Updates Client Agent

How to Create and Configure an Active Internet-Based Software Update Point

 

Best Practices:

 

Configuring Configuration Manager Sites for Best Performance

Checklist for Security Best Practices

Best Practices for Central and Primary Site Hardware and Software Configuration

Best Practices for Operating System Deployment

 

Software Update Point process Flowcharts:

 

Software Updates Synchronization Process Flowchart

Software Update Deployment Process Flowchart

Deployment Package Process Flowchart

 

Related:

 

How to obtain the latest version of the Windows Update Agent

 

 

1. Install WSUS

 

Install WSUS but do not configure it. Once done, make sure the Software Update Point Role is installed on the SCCM Server.

 

sup_role.jpg

 

Once you've added the Software Update Point role, verify that it is installed by checking the SUPSetup.log, it should have a line which reads Installation was successful

 

2. Create some Search Folders

 

In the Software Updates section, right click on Search Folders and choose New Folder,

 

enterprise_searches.jpg

 

give the new folder a name like Enterprise Searches (we willl store our yearly searches here)

 

ent_searches.jpg

 

Right click on our new folder and choose New Search Folder,

 

new_search_folder.jpg

 

select the following options from step 1 (in the screenshot),

 

BulletinID, Expired and Superseded

 

choices.jpg

 

in step 2, Set the BulleinID to MS plus the last two digits of the year eg: MS08

Set Expired to No

Set Superseded to No

 

Make sure that Search All folders under this feature is selected and give the search a name, eg: 2008 patches

 

search_folder_criteria.jpg

 

Now that you know how to make a Search Folder, let's make one for Monthly searches, so right click on Enterprise Patches and choose New Search Folder

 

Fill it in as follows

 

monthly_search.jpg

 

and now make one for Windows Server 2008, we do this by adding Product as a search criteria and typing in the search phrase to look for, naturally you can customise it to suit your needs.

 

server_2008_patches.jpg

Share this post


Link to post
Share on other sites

Recommended Posts

  • 0

If your update package has a deadline that's set in the future it will indeed wait with the installation untill after the deadline. You can choose to install the updates manually from the server or adjust the deadline of the update package.

 

thanks bro for the explanation..i didn't realize the package will follow the deadline even though it successfully downloaded into the server..now all the patches have been installed after meet the deadline time..thanks..

Share this post


Link to post
Share on other sites

  • 0

Hello,

 

By doing MS - Date Released within 1 month - Date Revised within one Month - Expired No - Superseded No ==> 16

 

which seems low as the email from WSUS is 36 (37 counted) patches so I changed to

 

MS - - Date Revised within one Month - Expired No - Superseded No ==> 31

 

- Date Revised within one Month - Expired No - Superseded No ==> 114

 

So this shows that there seems to be a gap within these variances of criterai and not really sure which one is the best way to go as for example this month I noticed several patches released 4/13/2010 and revised 7/13/2010... in my search folders they were not picked as I selected the released and revised within the last month ... it is an "AND" not an "OR"

 

Any idea? Should it an OR? Or select only the patches Revised within a 1 month?

 

e.g.:MS10-024 Security Update for Windows Server 2003 x64 Edition (KN976323)

 

Also the patches coming with no bulletin ID are not picked up is it correct?

 

e.g.:"Update for Microsoft Office Outlook 2007 Junk Email Fileter (KB2202131)"

 

All the one WSUS was listed as "Other Updates" none are picked...

 

Update Rollup 4 for Exchange Server 2010 (KB982639)

Windows Malicious Software Removal Tool - July 2010 (KB890830)

Windows Malicious Software Removal Tool - July 2010 (KB890830) - IE Version

Windows Malicious Software Removal Tool x64 - July 2010 (KB890830)

Definition Update for Microsoft Office 2010 suites (KB982726), 64-Bit Edition

Definition Update for Microsoft Office 2010 suites (KB982726), 32-Bit Edition

 

Thanks,

Dom

Share this post


Link to post
Share on other sites

  • 0

interesting points and yes your search folders will produce different results based on your criteria, experimenting will give you a better overview,

as regards not including certain updates (patches) from your statement

 

Also the patches coming with no bulletin ID are not picked up is it correct?

 

correct, by including MS as the bulletin ID (or MS10 or whatever) we are looking for Security Updates only , only SEcurity Updates are given a bulletin ID.

 

if you want All Security Updates AND all other updates, create another search folder called 'all updates' for the given OS and do not include bulletin ID as a search category, see the difference ?

Share this post


Link to post
Share on other sites

  • 0

Hi there,

 

I would like install all update after an os deployement with software (like Windows 7 and Office 2010) because I need to ensure that any new installations are fully patched. I follow a topic from this website and I think my "Software Update" are OK beacause I can deploy update (picture 1). I hope it's possible and i think (I'm not sure) you need to use "Install Software Update" (picture 2) to do this. Anybody can confirmed me that? I see you can deploy update with package (picture 3) but I think you need to update your package so, it's not for me the better solution.

 

 

 

Thanks in advance.

 

Best Regards

post-6793-12835026821495_thumb.jpg

post-6793-12835027602339_thumb.jpg

post-6793-12835027963339_thumb.jpg

Share this post


Link to post
Share on other sites

  • 0

yes it's possible, just advertise a new deployment management task (or tasks) containing the updates (both windows 7 and office updates) to the collection(s) that the computers are in

Share this post


Link to post
Share on other sites

  • 0

OK and think you fir your answer.

But how to do this? How advertise a new deployment management task (or tasks) containing the updates? I just need to do like this : http://www.windows-noob.com/forums/index.php?/topic/1815-using-update-lists-when-deploying-monthly-updates/ and add "Install Software Update" in TS?

 

 

 

Thanks in advance.

 

Best Regards

Share this post


Link to post
Share on other sites

  • 0

yep that shows you how to point the Deployment Management Task to a specific collection, you should probably create two Deployment Management Tasks, point one to your Deployment Collection and the other to the Unknown Computers Collection

Share this post


Link to post
Share on other sites

  • 0

below is a screenshot of Offline Updates (via MDT integration in the Task Sequence)

 

post-1-1246990311_thumb.jpg

 

 

this, For me it doesnt work....

 

if i deploy via Advertissement after OS Installed it works well (so my Deployment Package works well), but during depoyment, it failed, i got deploying error and i got that in my sccm.log log :

 

sccm.jpg

 

 

any idea ? it is work for some of you ? (Update offline, during deploying OS)

 

 

Best Regards

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.