ConfigMgr 2012 / SCCM 2012 SP1 Step by Step Guide Part 16: Software Updates (Non-Microsoft)
Back to main menu
Part 15 describes the process of configuring a Microsoft Software Update solution. Part 16 now extends the solution to include Non-Microsoft updates using System Center Updates Publisher 2011 (SCUP 2011). I will be concentrating on Adobe updates for the purposes of demonstration.
I wish to acknowledge that I learned how to deploy SCUP by following this excellent guide by Kent Agerlund.
http://blog.coretech.dk/kea/the-complete-scup-2011-installation-and-configuration-guide/
Download SCUP 2011 here and save to a folder on your Config Mgr server
SystemCenterUpdatesPublisher.msi
1. SCUP Installation
2. SCUP Configuration - Integration with WSUS and Config Mgr
3. Certificates
4. GPO
5. Config Mgr package to distribute certificate
6. SCUP Configuration - Publish Updates
1. SCUP Installation
Open a command prompt as Administrator and run the command
The SCUP 2011 installation wizard starts
Click Next to continue
Ignore this as we are using a later version of WSUS. Click Next to continue through the wizard.
SCUP 2011 has now installed. See the console.
2. SCUP Configuration - Integration with WSUS and Config Mgr
Click Options on the SCUP console ribbon
Update Server: Click to "enable publishing to an update server" and Test Connection
Test is successful but we are informed that we have no signing certificate. Click to Create one.
See Certificate
Select the ConfigMgr tab
Enable Configuration Manager integration, choose whether your server is local or remote and Test Connection.
3. Certificates
Open Certificates Console
Type mmc and Add Certificate snap-in
Choose Computer Account
Choose Local Computer
Click OK
See WSUS Publishers Self-Signed Certificate that we created earlier.
Copy and Paste the certificate into Trusted Root Certification Authorities/Certificates and Trusted Publishers/Certificates.
Now we will export the certificate to use in a Config Mgr package (to deploy the certificate to the estate of computers).
Right Click the certificate and choose to Export
Choose "No, do not export the private key".
Choose DER encoded binary X.509
Choose a path for the .cer file
Finish the wizard
OK
4. GPO
Create GPO to "Allow signed updates from an intranet Microsoft update service location"
Right click required OU and "Create GPO, link it here"
Name the object
Edit the object
Computer Configuration, Administrative Templates, Windows Components, Windows Update
Enable "Allow signed updates from an intranet Microsoft update service location"
5. Config Mgr package to distribute certificate
Copy the following to a folder
yourcert.cer (mine is scupcert.cer)
certadm.dll
certutil.exe
You can find certadm.dll and certutil.exe in SysWOW64 folder
Create Config Mgr package
Create a Program to add the cert to the local Root store
certutil.exe -addstore Root scupcert.cer
Create a Program to add the cert to the Trusted Publisher store
certutil.exe -addstore TrustedPublisher scupcert.cer
Configure to run "Add SCUP cert to local Root store" first
Distribute the package to your DPs
Deploy the package to your computers collection (I have chosen a test collection)
6. SCUP Configuration - Publish Updates
Open SCUP console. Select Catalogs tab/ Add Catalogs
Select the Adobe Catalogs and Add
Select the Updates tab and click Import
This starts the Import Software Updates Catalog wizard
Choose all the Adobe Catalogs and click Next
Click Next to continue and accept all the Security Warnings
Close the Wizard
See the Software Updates that have been imported. Highlight the updates you need, right click and choose Assign. This starts the Assign Updates Wizard
Choose "Full Content" and create a new publication. You can add multiple updates to a publication. Click OK to create the publication
Navigate to the Publication tab and select your publication
Select Publish to start the Publish Software Updates Wizard
On Summary page click Next to commence publishing
Verify progress
Wizard is complete
Verify update download and publishing via SCUP,log (log can be found in user profile - see path in screenshot)
Confirmation that updates have been published
Configure Config Mgr Software Update Point for Adobe Products
Verify synchronization via WSYNCMGR.log
See Adobe Updates in Config Mgr. They can now be deployed in the same way as the Microsoft Updates.
Part 15 describes the process of configuring a Microsoft Software Update solution. Part 16 now extends the solution to include Non-Microsoft updates using System Center Updates Publisher 2011 (SCUP 2011). I will be concentrating on Adobe updates for the purposes of demonstration.
I wish to acknowledge that I learned how to deploy SCUP by following this excellent guide by Kent Agerlund.
http://blog.coretech.dk/kea/the-complete-scup-2011-installation-and-configuration-guide/
Download SCUP 2011 here and save to a folder on your Config Mgr server
SystemCenterUpdatesPublisher.msi
1. SCUP Installation
2. SCUP Configuration - Integration with WSUS and Config Mgr
3. Certificates
4. GPO
5. Config Mgr package to distribute certificate
6. SCUP Configuration - Publish Updates
1. SCUP Installation
Open a command prompt as Administrator and run the command
The SCUP 2011 installation wizard starts
Click Next to continue
Ignore this as we are using a later version of WSUS. Click Next to continue through the wizard.
SCUP 2011 has now installed. See the console.
2. SCUP Configuration - Integration with WSUS and Config Mgr
Click Options on the SCUP console ribbon
Update Server: Click to "enable publishing to an update server" and Test Connection
Test is successful but we are informed that we have no signing certificate. Click to Create one.
See Certificate
Select the ConfigMgr tab
Enable Configuration Manager integration, choose whether your server is local or remote and Test Connection.
3. Certificates
Open Certificates Console
Type mmc and Add Certificate snap-in
Choose Computer Account
Choose Local Computer
Click OK
See WSUS Publishers Self-Signed Certificate that we created earlier.
Copy and Paste the certificate into Trusted Root Certification Authorities/Certificates and Trusted Publishers/Certificates.
Now we will export the certificate to use in a Config Mgr package (to deploy the certificate to the estate of computers).
Right Click the certificate and choose to Export
Choose "No, do not export the private key".
Choose DER encoded binary X.509
Choose a path for the .cer file
Finish the wizard
OK
4. GPO
Create GPO to "Allow signed updates from an intranet Microsoft update service location"
Right click required OU and "Create GPO, link it here"
Name the object
Edit the object
Computer Configuration, Administrative Templates, Windows Components, Windows Update
Enable "Allow signed updates from an intranet Microsoft update service location"
5. Config Mgr package to distribute certificate
Copy the following to a folder
yourcert.cer (mine is scupcert.cer)
certadm.dll
certutil.exe
You can find certadm.dll and certutil.exe in SysWOW64 folder
Create Config Mgr package
Create a Program to add the cert to the local Root store
certutil.exe -addstore Root scupcert.cer
Create a Program to add the cert to the Trusted Publisher store
certutil.exe -addstore TrustedPublisher scupcert.cer
Configure to run "Add SCUP cert to local Root store" first
Distribute the package to your DPs
Deploy the package to your computers collection (I have chosen a test collection)
6. SCUP Configuration - Publish Updates
Open SCUP console. Select Catalogs tab/ Add Catalogs
Select the Adobe Catalogs and Add
Select the Updates tab and click Import
This starts the Import Software Updates Catalog wizard
Choose all the Adobe Catalogs and click Next
Click Next to continue and accept all the Security Warnings
Close the Wizard
See the Software Updates that have been imported. Highlight the updates you need, right click and choose Assign. This starts the Assign Updates Wizard
Choose "Full Content" and create a new publication. You can add multiple updates to a publication. Click OK to create the publication
Navigate to the Publication tab and select your publication
Select Publish to start the Publish Software Updates Wizard
On Summary page click Next to commence publishing
Verify progress
Wizard is complete
Verify update download and publishing via SCUP,log (log can be found in user profile - see path in screenshot)
Confirmation that updates have been published
Configure Config Mgr Software Update Point for Adobe Products
Verify synchronization via WSYNCMGR.log
See Adobe Updates in Config Mgr. They can now be deployed in the same way as the Microsoft Updates.
No comments:
Post a Comment