Jump to content


anyweb

using System Center 2012 Configuration Manager - Part 10. Monitoring our Monthly Updates Automatic Deployment Rule

Recommended Posts

Hi,

 

Firstly, great tutorials, very useful indeed.

 

Have a weird one that has occurred today. We have an ADR set that includes severities so that we can set a custom severity of "low" to exclude any updates that are pushed out to the clients. However, in the latest batch of updates, I had marked up IE11 as low, and for some reason I cannot fathom, it was included in the deployment and so was released out onto our clients.

 

Obviously, this isn't ideal, and has resulted in me running around trying to figure out why it's happened, however my co-workers and I cannot find a flaw in the logic of the rule, so I am opening up to the gestalt to see if anyone else might have some idea as the reason behind this.

 

Thanks in advance for any brainstorm that can be provided.

 

All the best,

 

Iolair

Share this post


Link to post
Share on other sites

Hmmmm...sorry to hear that happened. It is possible that Microsoft modified the IE11 update, and that's why it got put into your deployment? For instance, usually a new IE browser is listed as "optional" in the Windows Update catalog. Eventually (many months or a year later), Microsoft decides that the new browser version is "important" or "critical."

 

I don't use ADRs for Windows Updates; I'm just thinking out loud here.

Share this post


Link to post
Share on other sites

Thanks for the reply.

 

IE11 hadn't been shown as an update since it came out, but that changed in May. We always run a month behind on updates to allow kinks to be ironed out before we apply the updates to clients. By default there is no severity classification on most of the updates, so we have a rule in the ADR that states anything but "Low" severity updates are included, and if we don't want an update to be included in the update group we put a custom severity of "Low" onto that update so it is excluded. This has worked fine in the past, and I set this severity on IE11 on Friday, however come Saturday, when the ADR ran and created the Software Update Group for May, the rule was ignored and IE11 included.

 

The very scenario you suggested had previously happened with IE10. Microsoft had changed the classification from a Security Update to an Update Rollup, and it slipped through that way, hence why we have been especially careful about IE11, and so the frustration over this (*use polite words....) "hiccup". ;)

Share this post


Link to post
Share on other sites

Hi anyone that can help


I'd just like to say this site is great. It's helped me a lot moving towards my goal of hopefully one day being ann SCCM specialist.


I have a question. I'm currently trying to use Automatic Deployment Rules for patch Tuesday on a lab I have setup, So I


can try and understand how it works. The ADR works to a point, gathers some software updates, 6 in total last time


around. However, when I look in the "All software updates" node I can see 108 updates listed from the last patch Tuesday


are available. Any ideas why these 108 updates are not in my ADR group? I used the following criteria in my ADR


settings.


DATE RELEASED OR REVISED: Last 1 week (7 days)


UPDATE CLASSIFICATION: Critical Updates Or Security Updates OR Update Rollups OR Updates


Any suggestions what to check out would be massively appreciated.


David

Share this post


Link to post
Share on other sites

Hi there,

Thank you so much for the guide, I find myself coming here time after time and get great answers.

I have setup ADR and it works great*,

* my only little problem is that most of the machines restart during business hours. I am not sure where to say run the rule on this day and install at this time with +/- 4 hrs.

Evaluation schedule >> Run the rule on a schedule.(Monthly)

Deployment Schedule (Client local time) >> Software available time (As soon as possible) >>Installation deadline (specific time) but not sure what it means with number of days, weeks, months****** I suspect here is my problem but don't understand what the combination should be. If it is triggered by the evaluation schedule I could do within 4 hours of that? Will that get the machines to restart within 4+ hours of Evaluation?

I would prefer to have the deadline reached on Saturday.

 

Thank you,

Ed

Share this post


Link to post
Share on other sites

I am setting up ADR for MS patch Tuesdays, and have a question concerning the process and how best to minimize disk space for updates. I have a need for targeting PILOT collection first, and then PRODUCTION, once the PILOT is successful. Currently I have the following:

 

For the PILOT collection::

Create the ADR

Target a collection - in this case pilot

Deployment package is selected for example XXXX

Package source path is \\YYYY

ADR runs on a schedule and creates a new SUG

The deployment is enabled after the rule is run

Deployment Schedule is X

 

For the PRODUCTION collection:

Create the ADR

Target a collection - in this case production

Deployment package is selected for example ZZZZ

Package source path is \\WWWW

ADR runs on a schedule and creates a new SUG

The deployment is enabled after the rule is run

Deployment schedule is X+5 days

 

My question is can I share the Deployment Package between PILOT and PRODUCTION ADRs [e.g. XXXX] and therefore share the package source [e.g. \\YYYY]? This may be a silly question but want to ensure I can piggyback in this way, as running the ADRs separately into distinct package source paths duplicates the download file content.

 

Appreciate your assistance,

 

 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.