Maximize the Power of SMS with New Tools for Managing Updates. Patch Management. Maximize the Power of SMS with New Tools for Managing Updates. Bob Lawler. And. Microsoft Windows Server Update Services (WSUS) goesfurther by helping you control which computers receive which updates and by providing some basic reporting information. But what if you need to update thousands of computers of different types, in different geographies, and with different requirements? And what if your boss wants proof that the updates were actually installed on every system? The solution: the Software Update Management features in Systems Management Server (SMS) 2. Unlike Automatic Updates and WSUS, the SMS 2. This article assumes you already understand the SMS Software Distribution process and the associated objects: collections, packages, programs, and advertisements. For background information on the SMS Software Distribution process, see the. SMS Web site. This article also assumes that you are already using SMS 2. SP1 to collect hardware inventory, distribute software to your SMS clients, and run reports. Software Updates in SMS consist of two parts: the scanning tools and the Distribute Software Updates Wizard. The wizard is built in, but the scanning tools must be downloaded from the SMS Web site. Before using the Distribute Software Updates Wizard, you should install and advertise the scanning tools. Scanning Tools. The primary scanning tool you. The ITMU scans each client computer to detect whether updates are needed for each client, and reports that information back to the SMS site server. Improve enterprise security patch management best practices in your organization with these six steps. Patch management is a complex process. This was first published in March 2003. Patch Management synchronization component failed because of lack. 1 Windows Patch Management, SMS 2.0 SUS Feature Pack. Windows Patch Management, SMS 2003 Overview Page. If you still have Windows NT. In fact, Dell has already released the SMS 2. Inventory Tool for Dell Updates, which scans for needed driver, firmware, and BIOS updates for their server products and then reports that information back to SMS. Installation and Use. You can download these scanning tools directly from the SMS Web site (. SMS 2. 00. 3 Inventory Tool for Microsoft Updates). Once the files have been downloaded, you should review the release notes; a number of post- SP1 updates are necessary before installing the ITMU. Once you have the prerequisites in place, run the installation on your site server. The installation file not only expands the scanning tool and its support files, but also, by default, creates a new package and a few new collections, programs, and advertisements. The new package is given a name that you specify when you run the installation file, and the setup process verifies that you don. The Sync Host is the computer that will download the latest Security Update catalog from Microsoft. The test computer is an SMS client that you will use for testing the scan tools and, later, for security updates. Patch Management using DFS and SMS 2003 (mbetts) While I have not done it.its rumored (and documented) that it is supported. What you would want is to create your DFS infrastructure.then setup a single share for the. How To: Implement Patch Management. Operations and security policy should adopt a patch management process. Using Systems Management Server (SMS). Understanding Patch and Update Management: Microsoft’s Software Update Strategy. Streamlining the Patch and Update Management Process. Patch Management using Microsoft SMS 2003. Having worked extensively with ITMU in SMS 2003 for datacenter patch management of servers, I welcomed the new architecture promised for SCCM. If you are using ITMU now and are new to SCCM here is a high level. Symantec Endpoint Management lets you reduce IT costs and the complexities of software and patch management while improving efficiencies. Manual patch management process results in inefficiency and errors. SMS and SCCM Patch management –> An automated security update rollback process. Patch Management SCCM Security Updates SUM. Microsoft IT uses the Systems Center Suite as the primary solution in its server patch management process. Figure 1. As shown in Figure 1, a package named Microsoft Updates Tool is created along with three programs, Microsoft Updates Tool, Microsoft Updates Tool (expedited), and Microsoft Updates Tool Sync. Finally, two advertisements are created, called Microsoft Updates Tool and Microsoft Updates Tool Sync, as shown in Figure 2. The preproduction collection contains the test client that you specified. Both collections are defined by direct membership rules. The third collection, which matches the name of the package (Microsoft Updates Tool, in this case), is initially limited to the members of the preproduction collection. This is to ensure that the scan tool doesn. The Sync program (Microsoft Updates Tool Sync, in this case) is the program that downloads the latest catalog of security updates from the Microsoft Web site. The Microsoft Updates Tool program runs the scan tool, scanwrapper. Windows Management Instrumentation (WMI). The Microsoft Updates Tool (expedited) program runs scanwrapper. Generally, the expedited program is most useful in your pre- production environment to ensure timelier inventory reporting when testing new updates. Be careful if you chose to run the expedited program in a production environment. The first time the /kick option is used, it may cause a significant increase in network traffic, even if clients are only reporting delta hardware inventory. Network impact should decrease if the program is run regularly. The Microsoft Updates Tool and Microsoft Updates Tool Sync advertisements do pretty much what you. These advertisements recur every seven days, so the scanning process is an ongoing one. After installation, all you need to do to start gathering information on needed updates is to advertise the expedited program to the preproduction collection. This will work for your own testing purposes. Now what? If you select Software Updates in the SMS Administrator Console, you should find a number of updates listed, as shown in Figure 3. These are the updates listed in update catalog. You should use the Compliance by product report to determine which updates are not already fully deployed in your environment. After clicking Next on the Welcome page, you select the scanning tool associated with the update you want to distribute (Microsoft Update, in this case), as shown in Figure 4. On the next page of the wizard, you select whether to add the updates you. If you have not distributed any updates using SMS yet, you have to create a new package. Figure 4. In Figure 5, I typed the name Security Updates for simplicity, but you should always give your packages meaningful, descriptive names. Notice that because Microsoft Update was selected as the scanning tool, the name Microsoft Update. This allows you to inform users as to who is updating their computers, and record in SMS who authorized which updates. To provide users with additional information about the update deployment, you can use Microsoft Word or Word. Pad to create a Rich Text Format (RTF) document with further details. You can then use the buttons on this page of the wizard to import and preview the document. Figure 6. Simply select the appropriate package and program from the dropdown lists. The next page of the wizard, Add and Remove Updates, is where you make the all important decision regarding which updates to include in the package (see Figure 7). Figure 7. In other words, if you have a large group of machines that all need the same updates, put all of those updates in the same package. However, if the updates needed by your computers are not consistent. Note that Service Pack 1 for SMS 2. Here you specify a source location for your package; this is where the package will be stored and updated before being sent to your distribution points. On this page, you also select the package priority and whether to automatically download the updates that you selected on the previous page. If you have already downloaded the updates for manual testing, you can select the I will download the source files myself option; one of the later pages will then let you import the files. Otherwise, you should allow the wizard to download the updates, which it will do by default when you click Next. The Software Updates Status page indicates the readiness of each update. On this page, shown in Figure 8, the list of updates selected on the Add and Remove Updates page is displayed. Figure 8. After you update the properties for an update, the Software Updates Status page will show that the update is ready. Once all the updates in the package are listed as ready, you can move on and finish the package. Figure 9. On this page, you can also configure whether to postpone reboots for workstations or servers, and whether to force any open programs to close in order to reboot. There are actually two Configure Installation Agent Settings pages. On the first, shown in Figure 1. The second Configure Installation Agent settings page lets you configure options such as Advanced Client notification and whether users can delay installation of the updates. Figure 1. 0. For testing purposes, select your preproduction collection or another collection that contains only test computers. For actual deployment, you may want to specify an empty collection and then link to existing collections or add subcollections in order to phase in your roll- out. After a final success page, the wizard ends and the updates are scheduled for deployment. As new updates become available, you can use the Distribute Software Updates Wizard to add those updates to your existing package or create new update packages. Proving Compliance. After scanning for and distributing necessary updates, you will need to ensure that those updates were successfully deployed, and possibly even provide proof that your computers are compliant. In the SMS Administrator Console, you can use Package Status and Advertisement Status under System Status to verify the update package distribution status and deployment status, respectively. Of course, the SMS 2. Reporting feature is where you. The Distribution status summary of software updates report shows the status of all software updates that you have deployed while the Compliance by product report shows the number of compliant and non- compliant computers for each update. To identify the software updates that were not fully deployed, use the Summary of software updates that failed to deploy report. As you can see, SMS provides you with a comprehensive framework for distributing software updates throughout your organization. It also provides that extra measure of confidence through comprehensive and detailed status reporting on update distribution and success. Bob Lawler is a network infrastructure and security consultant, a Microsoft Certified Trainer, and the president of XPO- NET Corporation. He can be reached at. All rights reserved; reproduction in part or in whole without permission is prohibited.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
September 2016
Categories |