YPCC

Sccm will only help you deploy and run the script. Creating the script is very tricky. Just last week i was trying this and failed. The suggested method by Mozilla is to use a gpo to install the certificate. It is techincally possible, just very tricky. Unless you are a confident scripter, i wouldnt even bother attempting to try.

2 things. Is this a "application" deployment or a "package" deployment. If applcation, then the result is based on the outcome of the "detection method" and not a exit code. You could put exit 0 a thousand times but software center will still report an error. If you are deploying as a "package" then exit 0 should work fine. Garth is right in saying sccm uses the local system account. The solution for this is very easy. Add a "net use" command to your script just before you access the share. No drive letter required! Your script should look like: %SYSTEMROOT%\System32\mrt.exe /F:Y /Q for /f "tokens=2 delims==" %%I in ('wmic os get localdatetime /format:list') do set datetime=%%I set datetime=%datetime:~0,4%-%datetime:~4,2%-%datetime:~6,2%_%datetime:~8,2%-%datetime:~10,2%-%datetime:~12,2% echo f | xcopy /f /y "%SYSTEMROOT%\Debug\"mrt.log Net use "\\servername\log_folder" "\\servername\log_folder\"%datetime%-%computername%scan.log exit /b 0 Net use is required to create a temporary mapping to your share. Without it, sccm will nlt be able to access your share UNLESS you run the script using user credentials

Why not create a package (no source files required). Then use the same command youve used above. Bear in mind you may need to use sysnative instead of system32 on x64 machines. Cant remember for sure. In terms of deployment not showing check timing (utc) of deployment. Ensure no maintenance windows are being applied specifically for task sequences.

Seen something similar before. Check that adobe havent pulled the update. Sift the logs to determine the URL from where scup is downloading the .cab files to ensure that cab actually exists at the url. That 404 could be related.

By far sccm for everything inc image. Create a reference machine, customise, install office, capture, deploy. Alternatively "precache" office. See google for more info about the precache option. The advantage is a standardised environment and an automated imaging process. You can heavily customise your reference machine as you wish including adding your core apps (adobe flash, reader, java, other business apps etc)

A slightly dirtier tactic would be to remove the content from the DP if it is not needed. If imaging is carried out from one room only, then only store the content on the DP desginated for the imaging room. That gives sccm no other option but to use your dp.

So I've recently had some challenges at work having to setup multiple deployments to multiple collections at various times. Bit of a pain in the butt and very tedious and repetitive. Today I had a lovely day off work to myself, low and behold I therefore ended up writing a script to automate my patching process. By no means am I a scripter of any sort, in fact I'm a beginner but with some time, testing and googling I have come up with the below which I think is pretty generic enough for anyone to modify It will read a CSV, create collections based on what I call "Phase" and add a prefix so all my collections come out as "Server Patch Management - XXXXX", it will then insert the hostnames into the newly created collections, and finally deploy your chosen SUP to all the collection based on the time and date specified in the CSV. Its pretty simple: 1 - You create a CSV file as described in the script, keeping to that EXACT same format with those exact same headers. By the way the UK column is actually time, we run in various time zones so I used a column header called UK 2 - Set your software update group that you want to deploy. In this case I want to deploy a SUG called "Microsoft - Oct 2015 - Windows 7 Security Patches" 3 - Add a naming prefix (not required but I prefer to add a naming prefix to my collection so they can be clearly identified). That's all, away you go 4 - Don't forget to change ABC for your sitecode and change the path to the location of where your module is located On the surface it looks tricky to decipher but try it out first, once it starts making sense you can tinker with the parameters and customise for your own organisation. Open to suggestion on how I can improve this as well. < <# Use a imported CSV containing Phase, Date, Time and Computer name to create a software update deployment. format of the CSV must be as follows: Phase,Date,UK,Hostname Pilot 1,10/09/2015,10:00,UKW00000 Pilot 2,14/09/2015,10:00,UKW11111 Wave 1A,08/10/2015,15:30,UKW22222 Wave 1B,09/10/2015,06:00,UKW33333 Wave 1B,09/10/2015,06:00,UKW44444 Wave 1B,09/10/2015,06:00,UKW55555 Wave 1C,09/10/2015,11:00,UKW66666 Addition columns in the CSV will be ignored #> 　 #Set Module Location import-module C:\windows\ConfigMgrConsole\bin\ConfigurationManager.psd1 cd ABC: 　 # Set Input File, Enter Name Of Software Update Group & Set Prefix Name For Collections $inputfile = Import-CSV 'c:\users\username\desktop\input.csv' $updategroup = "Microsoft - Oct 2015 - Windows 7 Security Patches" $collectionprefix = "Server Patch Management - " # This Will Set 3 Differing Input Variables Which Are Used Later $input1 = $inputfile | select phase | sort phase -Unique $input2 = $inputfile | select hostname,phase $input3 = $inputfile | select phase,date,uk | sort phase,date,uk -Unique # Create A Loop From Input1 # Read Input1 & Create New Device Collections Based On Values In The "Phase" Column Adding A Prefix of "Server Patch Management - " To Each ForEach ( $entry in $input1 ) { $collection = $collectionprefix+$entry.Phase New-CMDeviceCollection -Name $collection -LimitToCollectionName "All Systems" -ErrorAction SilentlyContinue } # Create A Loop From Input2 # Read Input2 & Add Computers Found Under The "Hostname" Column Into The Collections Created Above. ForEach ( $entry2 in $input2 ) { $collection2 = $collectionprefix+$entry2.Phase Add-CMDeviceCollectionDirectMembershipRule -CollectionName $collection2 -ResourceId $(get-cmdevice -Name $entry2.hostname).ResourceID } # Create A Loop From Input3 # Read Input3 & Obtain Target Collection, Create Deployment Name, Invert Date & Deploy Update Group ForEach ( $entry3 in $input3 ) { # Set Collection Prefix $collection3 = $collectionprefix+$entry3.Phase # Concatenate Group & Collection To Create Deployment Name $deploymentname = $updategroup + " - " + $collection3 # Invert DD/MM/YYYY Date Format Into YYYY/MM/DDD Which Is Correct SCCM Syntax $availday = $entry3.Date.split("/")[0] $availmonth = $entry3.Date.split("/")[1] $availyear = $entry3.Date.split("/")[2] $availyyyymmdd = $availyear + "/" + $availmonth + "/" + $availday Start-CMSoftwareUpdateDeployment -SoftwareUpdateGroupName $updategroup -CollectionName $collection3 -DeploymentName $deploymentname -DeploymentType Required -TimeBasedOn UTC -DeploymentAvailableDay $availyyyymmdd -DeploymentAvailableTime $entry3.uk -DeploymentExpireDay $availyyyymmdd -DeploymentExpireTime $entry3.uk -UserNotification DisplayAll }

**UPDATE** Well after trying various different possibilities I just couldn't determine the cause of the problem. In this case I blame Microsoft and its software. It seems the SUP and WSUS had confused themselves and the clients were trying to obtain updates but kept thinking there was a proxy in place (which there wasn't). I tried various options to resolve this, in the end I had to rebuild my SCCM server. Everything know works fine with machines reporting into SCCM as needing updates etc. Moral of the story is sometimes Microsoft products just don't work as they should. If they did then we support guys wouldn't have a job On a side note, I have figured out that if you do deployed SCEP, then the first update has to be done from Microsoft. Seems as though the SCEP I have may be slightly out of date or something. After attempting to get SCEP to update form my SCCM server, I had to allow my client to contact Microsoft.com to obtain a package which updated SCEP. Now I can manage my SCEP clients from SCCM. Might be handy for someone!

Hi all, i've recently followed the guide on here to setup a lab environment with SCCM, a DC and a single client. Have configured the SUP. It syncs with Microsoft and obtains the updates (headers) and they are showing in SCCM under "all software updates", My problem is neither the server or the client itself are detecting any updates as required. I have not set any GPOs for windows updates and have checked my client is pointing to the URL for my SCCM's SUP. The ports are also set correctly. Ive tried various things and still am lost. Not sure where i am going wrong. Here is what i have checked and tried: - SCCM is installed as a single PRI site with a local WSUS role installation - SUP was then configured within SCCM, correct products and classification have been selected - I can successfully synchronise updates within SCCM and can see various updates - I have ensured my client is pointing to SCCM's SUP and have disabled all firewalls - I can even download and deploy the updates to a collection of my choice - For some reason however my client just doesn't report back as needing the update (even though my client is out of date and definitely needs patches) - When i checked the deployment summary i can see my client shows as "unknown" instead of showing "non-compliant" - When i go onto my client and run "check for updates" via the control panel, it reports back as windows is up to date (even though its not) - I've run a policy scan and update scan cycle many times now I just cant seem to figure out why my client isnt telling SCCM that it needs updates. Any help would be much appreciated. Even the SCCM server itself isn't reporting back as needing updates. So its not client related. Something I've got wrong in the configuration. Thanks in advance.