Jump to content


  • 0
anyweb

Managing monthly updates in SCCM

Question

Introduction

 

In this guide I will show you one way of updating your monthly updates released from Microsoft on the second Tuesday of every Month. Many different scenarios can be followed to deploy software updates. In this example, we will use a Software Updates Deployment Package called All Windows XP Updates to store the updates we want made available to our XP machines. We will create a new Deployment Management Task to deploy the new updates, and we will clean up our previous Deployment Management Tasks and remove any expired updates referenced in it by deleting them. As we are not using Update Lists in this guide we will not be concerned with reporting, but if you want to report on the status of your Updates, you should use Update Lists as Part of your Process.

 

 

all_windows_xp_updates_deployment_package.jpg

 

This Deployment Package had been created earlier when setting up the Software Update Point, but you can create a new one if you need to.

 

We will use a Deployment Management task to start the deployment called All XP Updates.

 

all_xp_updates_deployment_management_task.jpg

 

and as you can see from the screenshot above it contains some updates which are expired and this is noticeable because of the Grey Icon.

 

icon_meanings.jpg

 

We will also use our Windows XP All Updates search folder which is created with the following Search Folder Criteria

 

search_folders.jpg

 

Step 1. Run a Synchronisation.

 

Expand your Software Updates node in configmgr, right click on Update Repository and choose Run Synchronisation. Answer Yes when prompted. You can verify that the synchronisation process has completed in the Site Status, Component Status, SMS_WSUS_SYNC_MANAGER log. Look for Message ID 6702 which is SMS WSUS Synchronization Done.

 

sync done.jpg

 

 

Step 2. Check our Deployment Package

 

To start off the monthly update process we need to first see what updates we currently have in our Deployment Package and remove any expired or superseded updates contained within.

 

Expand your Software Updates node in configmgr, expand the Deployment Packages node and highlight the All Windows XP Updates Deployment Package. Expand the Software Updates node within so that you can see what updates we have, click on the Bulletin ID heading to sort our updates.

 

bulletin_id.jpg

 

Take note of the Expired or Superseded updates and highlight them and once done right click and choose Delete. You can press CTRL while selecting these updates and don't forget to scroll so you see all updates.

 

delete_grey.jpg

 

We only want Green updates in our Deployment Package.

 

Click ok when prompted about the Delete process

 

the_selected_updates_will_be_removed_from_the_package.jpg

 

click ok if prompted about Deployment can fail process, this is ok as we will be updating the Deployment Management Task.

 

deployment_to_fail.jpg

 

At this point we now have removed all the expired updates so only green 'good' updates are left, sort the updates by BulletinID again and take note of the most recent one, in our case that is MS09-026

 

all green.jpg

Share this post


Link to post
Share on other sites

Recommended Posts

  • 0

Step 3. Using the Search folder, select the new updates

 

Open our Windows XP All Updates search folder and sort by BulletinID

 

new updates in search folder.jpg

 

as you can see there are a few updates released since our Deployment Package was last updated a month ago, and we need to select those new updates since MS09-026 which was the last update listed in our Deploymet Package (From June 2009)

 

Right-click and choose Download Software Updates

 

download software updates.jpg

 

on the select a deployment package screen click on browse and select our All Windows XP Updates Deployment Package

 

select a deployment package.jpg

 

on the Download Location screen choose to download software updates from the internet

 

download software updates from the internet.jpg

 

select your chosen language and click Finish

 

select language.jpg

 

click next and close when prompted...

Share this post


Link to post
Share on other sites

  • 0

Step 4. Deploy the selected updates

 

right click the selected updates again and this time choose Deploy software updates

 

deploy software updates.jpg

 

give the Deployment Task a name

 

monthly updates.jpg

 

for Deployment Template, choose the one that suits your environment

 

deploy software updates wizard.jpg

 

select our Deployment Package

 

deployment package selected.jpg

 

go with the Default Choice of Download Software updates from the Internet

 

download.jpg

 

select your language

 

language.jpg

 

set the Schedule as below

 

as soon as possible and ignore.jpg

 

review the summary and close

Share this post


Link to post
Share on other sites

  • 0

Step 5. Target the Deploy Task to the collection you want to receive the updates

 

Expand the Deployment Management Tasks node and right click, choose Refresh

 

refresh.jpg

 

you will see that the task is targetted to the Blank for Staging collection which is an Empty collection, right click it the Deployment Management task and choose properties

 

properties and blank for staging.jpg

 

select your targetted XP collection

 

select collection.jpg

 

click ok and apply

 

 

Step 6. Monitor your XP machines and verify that they are receiving the Updates

 

just before the deadline occurs, your XP machines should start receiving the new Update Policy and inform you

 

software updates.jpg

 

finally, once the deadline has been reached the updates are installed automatically

 

software updates being installed.jpg

Share this post


Link to post
Share on other sites

  • 0

Hi, this is great! I love your step-by-step guides! (I wrote on TechNet Forum to you).

One question: What do you realize with the "phase 1", "phase 2" and "phase 3" collections?

I do not understand the whole purpose for this hirachy. If the updates are successfully deployed to

the test group and you get positiv feedback, how do you deploy the updates to the rest of computers

in environment? Do you create an own deployment with All Windows XP Collection as target or do you change the

existing deployment target to another collection?

Share this post


Link to post
Share on other sites

  • 0

you use phase 1/phase 2/phase 3 as stages for applying patches and updates to selected sets of computers

 

for example if you have 100 XP computers in your organisation, you will probably want to do a Test run of the patches on 5 computers in the first week, those computers are in the test collection which is a sub collection of phase 1

 

after all is ok, and a week has passed, you decide it's time to update 25 more machines, and you do so by targetting the phase 2 collection with the deployment Management task by editing it's Collection Tab value

 

remember a collection can contain sub collections, and those sub collections can be Links to other collections

 

so... you can create some XP collections like this

 

Phase 1/test (5 xp computers)

Phase 2/xp_phase2 (25 xp computers)

Phase 3/xp_phase3 (the remaining xp computers)

 

in my screenshots i have NOT implemented the above, because it's up to you to decide how to patch your systems, this is only one way of doing it..

 

 

by the time you have reached phase 1 all your XP computers are updated and you start the whole cycle again, and it takes a month from beginning to end...

Share this post


Link to post
Share on other sites

  • 0

Great articles as always Anyweb.

 

So I was experimenting with what I like to call the "One Package"...One package to rule them all. Is it important that a package only contain updates applicable to the collection it is advertised to, or can it contain updates for other products too?

 

For example: Can a package have updates for Server 2003, 2008, XP, and Vista? I know it "can" but will it only apply those that the client needs? And if I'm deploying newer updates but use the same package again, will it matter if updates that were already installed are still in the package. ie. will it try to reinstall previously installed updates?

 

Last, can you talk a bit about managing the physical file / share level. I don't believe that if I delete a superseded update that it physically removes it. Should that be something we do manually each time we don't need the binary any longer? Or is there some way to clean that up automatically? What about re-using the share? Should all my downloads be in one folder via one share and if so, what parses it? The update list? The deployment package itself?

 

I think I've got most of it down now except for a bit of the philosophy and intent. I know it's flexible, but there are also limitations I'd like to understand better. I'll contribute more as I answer these things myself eventually. But any input and help with strategy is valued. Thanks!

Share this post


Link to post
Share on other sites

  • 0

wow loads of questions and i'll try and answer some...

 

Is it important that a package only contain updates applicable to the collection it is advertised to, or can it contain updates for other products too?

 

I would keep os patches in separate packages that way if you someday have to troubleshoot patches back to the originating level it'll be easier to work with, and there are other reasons, but yes, you can keep all os patches together in one big package.

 

 

For example: Can a package have updates for Server 2003, 2008, XP, and Vista? I know it "can" but will it only apply those that the client needs?

 

yes it can and yes it will just like windows update

 

will it try to reinstall previously installed updates?

 

nope, unless you uninstall the update and its required..

 

 

Last, can you talk a bit about managing the physical file / share level. I don't believe that if I delete a superseded update that it physically removes it. Should that be something we do manually each time we don't need the binary any longer? Or is there some way to clean that up automatically?

 

you have to physically delete it, but you can automate it with scripts, if you find one that works for you please share it here, but for a starting point

look at this

Share this post


Link to post
Share on other sites

  • 0

Hi,

I have deployed patches onto XP collection with a deadline and i dont see any updates that are installing automcatically in my environment but if i set an option like do not set a deadline,i can see a POPUP in the taskbar and need to click the patches to install manually.IS it something gone wrong in the settings?

 

Regards,

Eswar.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...



×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.