WindowsUpdate_Vista_Seven4.png' alt='Install Adobe Updates With Wsus Update' title='Install Adobe Updates With Wsus Update' />How To Deploy Software Updates Using SCCM 2.R2. How To Deploy Software Updates Using SCCM 2.Hi, I recently synchronized our WSUS server and it found and pulled down over 4GB of updates.I have started deploying some of these updates to a test.This article aims to demonstrate how to install WSUS Server 4.Windows Server 2012 quickly and easily.R2 In this post we will look at the steps on how to deploy software updates using SCCM 2.R2. Deploying the software updates for the computers is essential, the software updates are released by major software vendors to address security vulnerabilities in their existing products.To stay protected against cyber attacks and malicious threats it is very important that you keep the computers patched with latest software updates.Software updates in System Center 2.R2 Configuration Manager provides a set of tools and resources that can help manage the complex task of tracking and applying software updates to client computers in the enterprise.Talking about software updates, in SCCM 2.R2 there are few new features added which includes a new maintenance window dedicated for software updates installation.This lets you configure a general maintenance window and a different maintenance window for software updates.When a general maintenance window and software updates maintenance window are both configured, clients install software updates only during the software updates maintenance window.A new feature called Software updates preview lets you review the software updates before you create the deployment.In this post we will see the steps on how to deploy software updates using SCCM 2.R2, if you are looking for SCCM 2.R2 step by step guides click here.There are 2 ways to deploy software updates using SCCM 2.R2, Manual and Automatic.In Manual software updates deployment, a set of software updates is selected the Configuration Manager console and these updates are deployed to the target collection whereas Automatic software updates deployment is configured by using automatic deployment rules.This method is used for deploying monthly software updates and for managing definition updates.When the rule runs, the software updates that meet a specified criteria for example, all security software updates released in the last week are added to a software update group, the content files for the software updates are downloaded and copied to distribution points, and the software updates are deployed to client computers in the target collection.In this post we will see the steps to deploy the software updates manually and for automatic software updates deployment, there will be a separate post.To start with, install the Software Update Point role first.Launch the Configuration Manager Console, click on Administration, expand Overview, click Site Configuration, click on Sites.At the top ribbon click on Add Site System Roles.From the Add Site System Roles Wizard, click on Software Update Point and click Next.For WSUS Configuration, select WSUS is configured to use ports 8.Next. When you install WSUS, you can specify whether to use the default Internet Information Services IIS website or create a new custom WSUS website.As a best practice, select Create a Windows Server Update Services 3.Web site so that IIS hosts the WSUS 3.Configuration Manager site systems or other software applications.When you use a custom website for WSUS 3.WSUS configures port 8.HTTP and port 8. 53.HTTPS. You must specify these port settings when you create the software update point for the site.For WSUS Server Connection Account, click Use credentials to connect to the WSUS server, click on Set and choose the account.The account provides authenticated access from the site to WSUS server.Click Next. Click Synchronize from Microsoft Update and click Next.Click Enable synchronization on a schedule and let the schedule be set to default simple schedule.You may also click Alert when sync fails on any site in hierarchy.Click Next. For Supersedencebehavior, select Immediately expire a superseded software update.Click Next. Select Critical Updates, Definition Updates and Security Updates.Note that you can do this after installation of SUP.Click Next. Choose the products that you want to synchronize, in this step I have selected Windows.Forefront. Endpoint.Protection. 20. 10.Click Next. Choose the desired language, click Next.The Software Update Point role has been installed.Click Close. In the configuration manager console, click Software.Library, expand Overview, click Software.Updates, click All Software.Updates and at the top ribbon click Synchronize.Software. Updates.To see whats happening at the background, you need to have 2 files opened wsyncmgr.WCM. log file. Below is the screenshot of the wsyncmgr.WSUS is synchronizing the categories and updates.The synchronization is completed.The software updates can now be seen when you click All Software Updates option in CM Console.Note that the updates are yet to be downloaded.Out of all the updates we will not deploy all of them rather we will filter the updates by adding criteria.Click on Add criteria.Select Expired, Product, Superseded, Bulletin ID.Click Add. Choose the product as Windows 7, Bulletin ID as MS, Expired as NO, Superseded as NO.Now select all the updates hold Shiftpage Down, right click on the updates and click Create Software Update Group.Provide the name to the software update group as Windows 7 Update group.Click Create. Click on Software Update Group and you will find the software update group that was created in the previous step.Right click on the Windows 7 Update Group and click Deploy.On the Deploy Software Updates Wizard, provide a Deployment Name, description and choose the collection for which this software update deployment must be deployed.Click Next. Set the Type of deployment as Required and detail level can be set to Only success and error messages. Farm Frenzy Pizza Party Pizza Recipes there. Click Next. Configure the schedule for this deployment, set the Time based on to Client local time.Choose Software available time to specific time and set the Installation deadline to as soon as possible.Click Next. On the User Experience page, you can choose to suppress the restart for Server or Workstations.Click Next. For Deployment options, if a client is within a slow or unreliable network boundary then select Download software updates from distribution point and install.If the updates are not available with preferred DPs then select Download and install software updates from the fallback content source location.Click Next. Create a new deployment package by providing a name, location for the Packagesource and Sending priority.Click Next. Add the Distribution Point and click Next.For Download Location choose Download software updates from the Internet.Click Next. Choose the language and click Next.The wizard will now download the updates and deploy them to the collection as per the schedule defined.Click on Close to close the wizard.After few minutes we see that the updates are installed on one the client machines in the collection and there is a notification that system needs to be restarted.You can choose to restart the computer by choosing Restart now or you can choose Snooze and remind me again in hours.How to configure non admin accounts to install updates of non microsoft applications using Active Directory Well, you really do need to give the person doing this admin rights on each local PC.You might get by with power user rights depending on the software that needs updating, but its unlikely.Here is how I would approach this.Create user accounts on your domain for the people that are going to do this work, create a group called something like Local Admin Rights, add all the new accounts to the group.Using Active Directory Users and Computers, create a policy on the computers containers, and implement a restricted groups policy to force the domain group Local Admin Rights to be a member of each computers Administrators group.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
November 2017
Categories |