Jump to content


  • 0
adriansweden

Windows 7 enterprise + security updates how to make this easier

Question

Hi folks, I have sccm2007 , No WSUS no MDT .

 

When we deploy machines everthing works fine , but the security updates are driving me nuts.

When the machine gets deployed and it promtps to ctrl + alt + delet login, we log in on each machine and run updates manually over internet, the updates mostly are .net framework security, lync security se this print screen about the updates http://s11.postimage.org/8o94yk4wz/winupdate.png .

 

My question when we log on machine and run manually 50 criticial updates, there is a reboot, then we have to log in again, run updates and there are 3 critical updates then reboot, then there are 7 critical updates and reboot . How to make this easier so we don't have to log on each machine and reboot 3 times, we deploy around 100-200 machines/week . how to make this easier how to get those critical updates and no need to log on each machine 3 times .

 

have a funny day

 

Share this post


Link to post
Share on other sites

8 answers to this question

Recommended Posts

  • 0

Hi,

If you deploy around 100-200 Machines each week I would consider installing a WSUS server to mange them, How do you manage updates after the deployment, from Microsoft Update?

You can use the install software updates script from MDT and use it standalone i SCCM 2007 and deploy the updates from internet directly.

Check out this post by Chris Nackers on the topic:http://www.chrisnackers.com/2011/04/28/using-ztiwindowsupdate-wsf-to-install-updates-in-a-system-center-configuration-manager-task-sequence/

Regards,
Jörgen

Share this post


Link to post
Share on other sites

  • 0

Hello, yes after the deployment is finished, we log on manually on machines and cotrol panel search windows updates?

there are 50 security updates first then reboot then, 3 updates then reboot then 7 updates then reboot .

 

Iam following your link tutorial but it loooks advanced stuff to me :(

 

In order to use the ztiwindowsupdate.wsf script, we also need to have ZTIUtility.vbs available to the script. So first, lets create a package called “ZTIWindowsUpdate” that contains the ztiwindowsupdate.wsf and ztiutility.vbs script.

 

Iam lost allready here , how to create those packages ?

Share this post


Link to post
Share on other sites

  • 0

If you are not implementing WSUS then why do you not install these updates in you master image before you capture it and redeploy, would make alot of sense to do this initially considering your infrastructure and it would only require you to do it the once also, instead of every instance of the thin image!!

The sysprep may wipe some updates but not a whole big pile, if any!

Share this post


Link to post
Share on other sites

  • 0

I would say , do a new build and capture and include all new updates for the image.

 

Then get the WSUS role and SUP on the SCCM server, this will make your life alot easyer :)

 

OR if you have CM 2012 in maybe a lab enviorment you could copy the windows 7 WIM file to that server and run Offline Servicing, ofc you would need WSUS and a SUP to do that but like i said before, and others to gogo wsus :) it never to late

to learn.

Share this post


Link to post
Share on other sites

  • 0

If you are not implementing WSUS then why do you not install these updates in you master image before you capture it and redeploy, would make alot of sense to do this initially considering your infrastructure and it would only require you to do it the once also, instead of every instance of the thin image!!

The sysprep may wipe some updates but not a whole big pile, if any!

RocketMan : I can not install those updates on the image, the updates are .net framework security updates, lync updates,forefront security updates, office security updates, I can not add them on .wim ?

Share this post


Link to post
Share on other sites

  • 0

Well I know what i'd be doing if I had no WSUS:

1: Implement WSUS

OR

2: Install .net framework, Office, Lync on the master image before capture and do updates also before capture.

 

Considering you have 100-200 machines to do weekly, I think option 2 is better, can be quite slow sometimes for clients(100-200 p/w) to do all updates via SCCM/WSUS, but I would still consider implementing it anyway so that these machines that you image on a weekly basis continue to get updates the configMgr way!

 

 

OR if you have CM 2012 in maybe a lab enviorment you could copy the windows 7 WIM file to that server and run Offline Servicing

 

And as OneOne mentioned you could be continuously servicing your wim image weekly offline and redeploying the most up to date image possible every

week!!

http://www.windows-noob.com/forums/index.php?/topic/4683-using-sccm-2012-rc-in-a-lab-part-12-updating-an-operating-system-image-using-offline-servicing/

Share this post


Link to post
Share on other sites

  • 0

Well I know what i'd be doing if I had no WSUS:

1: Implement WSUS

OR

2: Install .net framework, Office, Lync on the master image before capture and do updates also before capture.

 

Considering you have 100-200 machines to do weekly, I think option 2 is better, can be quite slow sometimes for clients(100-200 p/w) to do all updates via SCCM/WSUS, but I would still consider implementing it anyway so that these machines that you image on a weekly basis continue to get updates the configMgr way!

 

 

And as OneOne mentioned you could be continuously servicing your wim image weekly offline and redeploying the most up to date image possible every

week!!

http://www.windows-noob.com/forums/index.php?/topic/4683-using-sccm-2012-rc-in-a-lab-part-12-updating-an-operating-system-image-using-offline-servicing/

 

 

I can not install .net framework security updates on master image IT DOES NOT WORK

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.