ConfigMgr 2012 / SCCM 2012 SP1 Step by Step Guide Part 15: Software Updates (Microsoft)
Back to main menu
Part 15 of the guide describes the implementation of a software updates solution. This section is for Microsoft updates only. Non-Microsoft updates are discussed in Part 16.
The process is divided into the following sections:
1. WSUS Role
2. Config Mgr Software Update Point
3. Updates Infrastructure and deploying updates
4. Client view
1. Add WSUS Role
Launch Add Roles and Features Wizard
Choose Role-based or feature-based
Choose local server
Choose WSUS role. You are prompted to add features that are required for WSUS.
Select to Add Features. Click Next to continue
Click Next
Click Next
Select required role services. Note that we need WSUS services and Database. We will not be using Windows Internal Database (SQL Server Embedded)
Choose location for WSUS updates. Note that this folder will only contain WSUS metadata and will not grow massive in size. (ConfigMgr will manage the download of the actual updates files to deployment packages). Choose a folder. Note that it must exist already.
Enter the database server name and click "Check Connection"
Click Install to continue installing WSUS
When installation has succeeded click Close to finish
Launch Administrative Tools
Double-click WSUS to continue the installation
Enter WSUS content location. Catalog information and EULA are downloaded here during synchronisation with Microsoft Updates. Note that Updates will not downloaded to this location. Updates will be downloaded to ConfigMgr Deployment packages.
WSUS has been installed. We do not need to configure it. Config Mgr will do that for us. Click Cancel to finish.
Verify that the database has been created.
2. Config Mgr Software Update Point
Right click Site Server and choose Add Site System Role
Verify server name and click Next
We do not need proxy server this time. Click Next
Choose Software Update Point
Choose 8530 and 8531 for client communications
Click Next
Choose to Synchronize with Microsoft Updates
Choose to enable sync on a schedule. Every 7 days is sufficient
Choose default supersedence behaviour
Choose your required classifications
Choose the required products. I chose Windows 7 and Office 2010.
Choose English only (or not as the case may be)
Verify your choices and click Next to continue
Software Update Point has been added. Click Close to finish.
Navigate to Software Library. Right click on Software Updates and click Synchronize Software Updates. This manually starts the first sync with Microsoft Update catalog.
Click Yes to verify
Verify sync via WSYNCMGR.LOG
Updates start to appear in the console. Note that these entries just show details of available updates in the catalog. We will download the updates in the next phase.
3. Updates Infrastructure and deploying updates
Create a test collection
Add test resources to the collection
Prepare folder structure for Windows 7 and Office 2010
Note that the Deployment process involves Software Update Groups and Deployment Packages. Software Update Groups should be created monthly and are deployed to collections of devices. They will contain all the updates released that month and are simply a filtered list of downloaded updates (note that a SUG can contain a maximum of 1000 updates). The same deployment package can be used each month. The deployment package contains all the downloaded updates binaries.
See here for a possible software update strategy for your organization.
For the sake of demonstration we will just consider Windows 7 updates in this example.
Open Software Updates. On top right hand side of screen click Add Criteria (this is merely for filtered searching of updates)
Choose Product, Bulletin ID, Expired and Superseded and click Add
Now filter the criteria as above
Click Search
You are now presented with a filtered list of Windows 7 updates which are not expired or superseded.
Save Search Criteria for future use (Save Current Search)
This is now accessible under Saved Searches
If you scroll down through the list you will notice that none of the updates have been downloaded. The next time we do this (next month) we will select only those updates that haven't been downloaded.
Highlight the updates and right click to deploy
This launches the Deploy Software Updates Wizard
Enter suitable names for the Deployment and the Software Group. Select Deploy (as this is our first time we have no deployment template. We can create one as part of this initial process).
Choose to deploy to the test collection
Leave default "Required". After all updates should not be optional.
For the sake of testing we will choose Deadline to be "As soon as possible". You would not use this in production. Allow a week or so before forcing the installation. Users will be informed for a week that they should install the updates. When the deadline is reached the installation will commence.
Click Next
Click Next
Click Next
Choose to Create new deployment package, enter a name and a location for updates to be downloaded. We created these folders earlier.
Select the DPs which will host this deployment package
Click Next
Click Next to download the updates, add to the deployment package, distribute to the DP and deploy to the test collection
See the folder populating. Monitor progress via PATCHDOWNLOADER.LOG
On successful completion, click close to finish
When policy retrieval is initiated at the client the updates start to download and install
See installed software updates in the Software Center
As the deadline has already been reached the restart countdown commences.
Part 15 of the guide describes the implementation of a software updates solution. This section is for Microsoft updates only. Non-Microsoft updates are discussed in Part 16.
The process is divided into the following sections:
1. WSUS Role
2. Config Mgr Software Update Point
3. Updates Infrastructure and deploying updates
4. Client view
1. Add WSUS Role
Choose Role-based or feature-based
Choose local server
Choose WSUS role. You are prompted to add features that are required for WSUS.
Select to Add Features. Click Next to continue
Click Next
Click Next
Select required role services. Note that we need WSUS services and Database. We will not be using Windows Internal Database (SQL Server Embedded)
Choose location for WSUS updates. Note that this folder will only contain WSUS metadata and will not grow massive in size. (ConfigMgr will manage the download of the actual updates files to deployment packages). Choose a folder. Note that it must exist already.
Enter the database server name and click "Check Connection"
Click Install to continue installing WSUS
When installation has succeeded click Close to finish
Launch Administrative Tools
Double-click WSUS to continue the installation
Enter WSUS content location. Catalog information and EULA are downloaded here during synchronisation with Microsoft Updates. Note that Updates will not downloaded to this location. Updates will be downloaded to ConfigMgr Deployment packages.
WSUS has been installed. We do not need to configure it. Config Mgr will do that for us. Click Cancel to finish.
Verify that the database has been created.
2. Config Mgr Software Update Point
Right click Site Server and choose Add Site System Role
Verify server name and click Next
We do not need proxy server this time. Click Next
Choose Software Update Point
Choose 8530 and 8531 for client communications
Click Next
Choose to Synchronize with Microsoft Updates
Choose to enable sync on a schedule. Every 7 days is sufficient
Choose default supersedence behaviour
Choose your required classifications
Choose English only (or not as the case may be)
Verify your choices and click Next to continue
Software Update Point has been added. Click Close to finish.
Navigate to Software Library. Right click on Software Updates and click Synchronize Software Updates. This manually starts the first sync with Microsoft Update catalog.
Click Yes to verify
Verify sync via WSYNCMGR.LOG
3. Updates Infrastructure and deploying updates
Create a test collection
Add test resources to the collection
Prepare folder structure for Windows 7 and Office 2010
Note that the Deployment process involves Software Update Groups and Deployment Packages. Software Update Groups should be created monthly and are deployed to collections of devices. They will contain all the updates released that month and are simply a filtered list of downloaded updates (note that a SUG can contain a maximum of 1000 updates). The same deployment package can be used each month. The deployment package contains all the downloaded updates binaries.
See here for a possible software update strategy for your organization.
For the sake of demonstration we will just consider Windows 7 updates in this example.
Open Software Updates. On top right hand side of screen click Add Criteria (this is merely for filtered searching of updates)
Choose Product, Bulletin ID, Expired and Superseded and click Add
Click Search
You are now presented with a filtered list of Windows 7 updates which are not expired or superseded.
Save Search Criteria for future use (Save Current Search)
This launches the Deploy Software Updates Wizard
Enter suitable names for the Deployment and the Software Group. Select Deploy (as this is our first time we have no deployment template. We can create one as part of this initial process).
Leave default "Required". After all updates should not be optional.
For the sake of testing we will choose Deadline to be "As soon as possible". You would not use this in production. Allow a week or so before forcing the installation. Users will be informed for a week that they should install the updates. When the deadline is reached the installation will commence.
Click Next to download the updates, add to the deployment package, distribute to the DP and deploy to the test collection
4. Client view
See installed software updates in the Software Center
As the deadline has already been reached the restart countdown commences.
No comments:
Post a Comment