THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER...
-
Upload
susanna-nash -
Category
Documents
-
view
221 -
download
2
Transcript of THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER...
![Page 1: THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER CONFIGURATION MANAGER 2012 R2 Jodie Gaver Jodie Gaver Working.](https://reader034.fdocuments.net/reader034/viewer/2022051316/5697bf8c1a28abf838c8b7c6/html5/thumbnails/1.jpg)
THIS PRESENTATION:
• WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES
• BEST PRACTICES
SYSTEM CENTER CONFIGURATION MANAGER 2012 R2
Jodie Gaver
- Working with Configuration Manager since 2010- MCTS: Administering and Deploying System Center 2012 Configuration Manager - Windows Server 2008 Active Directory Configuration- MCP
![Page 2: THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER CONFIGURATION MANAGER 2012 R2 Jodie Gaver Jodie Gaver Working.](https://reader034.fdocuments.net/reader034/viewer/2022051316/5697bf8c1a28abf838c8b7c6/html5/thumbnails/2.jpg)
Assuming Software Update Point Role and WSUS installed and functional
Role Installed on a Site Server Check Status of Role in Monitoring
![Page 3: THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER CONFIGURATION MANAGER 2012 R2 Jodie Gaver Jodie Gaver Working.](https://reader034.fdocuments.net/reader034/viewer/2022051316/5697bf8c1a28abf838c8b7c6/html5/thumbnails/3.jpg)
Check the Wsyncmgr.log on the Primary Site Server
![Page 4: THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER CONFIGURATION MANAGER 2012 R2 Jodie Gaver Jodie Gaver Working.](https://reader034.fdocuments.net/reader034/viewer/2022051316/5697bf8c1a28abf838c8b7c6/html5/thumbnails/4.jpg)
To set or check Software Update Component Properties
Choose to sync from the Internet or a WSUS Server
![Page 5: THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER CONFIGURATION MANAGER 2012 R2 Jodie Gaver Jodie Gaver Working.](https://reader034.fdocuments.net/reader034/viewer/2022051316/5697bf8c1a28abf838c8b7c6/html5/thumbnails/5.jpg)
Choose the Software Update Classifications you need
![Page 6: THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER CONFIGURATION MANAGER 2012 R2 Jodie Gaver Jodie Gaver Working.](https://reader034.fdocuments.net/reader034/viewer/2022051316/5697bf8c1a28abf838c8b7c6/html5/thumbnails/6.jpg)
Choose which Products you need
![Page 7: THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER CONFIGURATION MANAGER 2012 R2 Jodie Gaver Jodie Gaver Working.](https://reader034.fdocuments.net/reader034/viewer/2022051316/5697bf8c1a28abf838c8b7c6/html5/thumbnails/7.jpg)
Choose which Products you need
![Page 8: THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER CONFIGURATION MANAGER 2012 R2 Jodie Gaver Jodie Gaver Working.](https://reader034.fdocuments.net/reader034/viewer/2022051316/5697bf8c1a28abf838c8b7c6/html5/thumbnails/8.jpg)
Choose Supersedence Rules
* Changing this will force a full SUP sync
![Page 9: THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER CONFIGURATION MANAGER 2012 R2 Jodie Gaver Jodie Gaver Working.](https://reader034.fdocuments.net/reader034/viewer/2022051316/5697bf8c1a28abf838c8b7c6/html5/thumbnails/9.jpg)
Creating an ADR (Automatic Deployment Rule) for Windows Updates
Right-click on Automatic Deployment Rules -> Create Automatic Deployment Rule
1. Name the Rule2. Select “Patch Tuesday” for Windows Updates
*Definition Updates is for Endpoint3. Specify the target collection for deployment (Test)4. Create a new Software Update Group
![Page 10: THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER CONFIGURATION MANAGER 2012 R2 Jodie Gaver Jodie Gaver Working.](https://reader034.fdocuments.net/reader034/viewer/2022051316/5697bf8c1a28abf838c8b7c6/html5/thumbnails/10.jpg)
Leave the default to auto approve license agreements
![Page 11: THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER CONFIGURATION MANAGER 2012 R2 Jodie Gaver Jodie Gaver Working.](https://reader034.fdocuments.net/reader034/viewer/2022051316/5697bf8c1a28abf838c8b7c6/html5/thumbnails/11.jpg)
Filter and select criteria for the updates
![Page 12: THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER CONFIGURATION MANAGER 2012 R2 Jodie Gaver Jodie Gaver Working.](https://reader034.fdocuments.net/reader034/viewer/2022051316/5697bf8c1a28abf838c8b7c6/html5/thumbnails/12.jpg)
Time to “Preview” and see what updates will be included Check against double-reboot or other known issue updates
![Page 13: THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER CONFIGURATION MANAGER 2012 R2 Jodie Gaver Jodie Gaver Working.](https://reader034.fdocuments.net/reader034/viewer/2022051316/5697bf8c1a28abf838c8b7c6/html5/thumbnails/13.jpg)
Be careful on the Installation Deadline - Restarts
![Page 14: THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER CONFIGURATION MANAGER 2012 R2 Jodie Gaver Jodie Gaver Working.](https://reader034.fdocuments.net/reader034/viewer/2022051316/5697bf8c1a28abf838c8b7c6/html5/thumbnails/14.jpg)
What do you want the User to Experience? Or Not?
![Page 15: THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER CONFIGURATION MANAGER 2012 R2 Jodie Gaver Jodie Gaver Working.](https://reader034.fdocuments.net/reader034/viewer/2022051316/5697bf8c1a28abf838c8b7c6/html5/thumbnails/15.jpg)
Alert Preferences
![Page 16: THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER CONFIGURATION MANAGER 2012 R2 Jodie Gaver Jodie Gaver Working.](https://reader034.fdocuments.net/reader034/viewer/2022051316/5697bf8c1a28abf838c8b7c6/html5/thumbnails/16.jpg)
Software Update Download Behavior – Important for slow or unreliable networks
![Page 17: THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER CONFIGURATION MANAGER 2012 R2 Jodie Gaver Jodie Gaver Working.](https://reader034.fdocuments.net/reader034/viewer/2022051316/5697bf8c1a28abf838c8b7c6/html5/thumbnails/17.jpg)
Create a new Deployment Package
![Page 18: THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER CONFIGURATION MANAGER 2012 R2 Jodie Gaver Jodie Gaver Working.](https://reader034.fdocuments.net/reader034/viewer/2022051316/5697bf8c1a28abf838c8b7c6/html5/thumbnails/18.jpg)
Add a Distribution Point or Group
![Page 19: THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER CONFIGURATION MANAGER 2012 R2 Jodie Gaver Jodie Gaver Working.](https://reader034.fdocuments.net/reader034/viewer/2022051316/5697bf8c1a28abf838c8b7c6/html5/thumbnails/19.jpg)
Specify download location or to get updates from the Internet
![Page 20: THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER CONFIGURATION MANAGER 2012 R2 Jodie Gaver Jodie Gaver Working.](https://reader034.fdocuments.net/reader034/viewer/2022051316/5697bf8c1a28abf838c8b7c6/html5/thumbnails/20.jpg)
Confirm the Settings and choose if you would like to Save it as a Template
![Page 21: THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER CONFIGURATION MANAGER 2012 R2 Jodie Gaver Jodie Gaver Working.](https://reader034.fdocuments.net/reader034/viewer/2022051316/5697bf8c1a28abf838c8b7c6/html5/thumbnails/21.jpg)
Let’s confirm the ADR created the Deployment Package and that it’s on the DP If all Green -> Right-click on the ADR
and “Run Now”
![Page 22: THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER CONFIGURATION MANAGER 2012 R2 Jodie Gaver Jodie Gaver Working.](https://reader034.fdocuments.net/reader034/viewer/2022051316/5697bf8c1a28abf838c8b7c6/html5/thumbnails/22.jpg)
After running the ADR we can see there are new updates downloaded and deployed
Check the collection that the software updates have been deployed to via ADR & verify Updates are available
Looking good!
![Page 23: THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER CONFIGURATION MANAGER 2012 R2 Jodie Gaver Jodie Gaver Working.](https://reader034.fdocuments.net/reader034/viewer/2022051316/5697bf8c1a28abf838c8b7c6/html5/thumbnails/23.jpg)
The Updates are now showing in the Software Center with the 14 day deadline we set
![Page 24: THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER CONFIGURATION MANAGER 2012 R2 Jodie Gaver Jodie Gaver Working.](https://reader034.fdocuments.net/reader034/viewer/2022051316/5697bf8c1a28abf838c8b7c6/html5/thumbnails/24.jpg)
Best Practices for Software Updates – Windows Updates
• Create a new software update group each time an automatic deployment rule runs for “Patch Tuesday” and for general deployment.
• There is a limit of 1000 software updates for a software update deployment.
• When you create an automatic deployment rule, you specify whether to use an existing update group or create a new update group each time the rule runs.
• When you specify criteria in an automatic deployment rule that results in many software updates, and the rule runs on a recurring schedule, choose to create a new software update group each time the rule runs to prevent the deployment from surpassing the limit of 1000 software updates per deployment.
![Page 25: THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER CONFIGURATION MANAGER 2012 R2 Jodie Gaver Jodie Gaver Working.](https://reader034.fdocuments.net/reader034/viewer/2022051316/5697bf8c1a28abf838c8b7c6/html5/thumbnails/25.jpg)
Best Practices for Software Updates - Endpoint
• Use an existing software update group for automatic deployment rules for Endpoint Protection definition updates
• Always use an existing software update group when you use an automatic deployment rule to deploy Endpoint Protection definition updates on a frequent basis. Otherwise, you will end up with hundreds of software update groups over time.
• Generally, definition update publishers set definition updates to be expired when they are superseded by 4 newer updates. Therefore, the software update group that is created by the automatic deployment rule will never contain more than 4 definition updates for the publisher (1 active and 3 superseded).
![Page 26: THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER CONFIGURATION MANAGER 2012 R2 Jodie Gaver Jodie Gaver Working.](https://reader034.fdocuments.net/reader034/viewer/2022051316/5697bf8c1a28abf838c8b7c6/html5/thumbnails/26.jpg)
Best Practices for Software Updates
• Do not deploy software updates that require multiple reboots via task sequence
• Exclude updates that require multiple reboots from your operating system deployment collection if you are using the software update step in task sequences.
• Deploy these updates separately or add them to your images.
• If software updates that require multiple reboots are installed via task sequence installation will fail.
• See Microsoft KB2894518 for an updated list of software updates that require multiple reboots.
![Page 27: THIS PRESENTATION: WINDOWS UPDATES VIA AUTOMATIC DEPLOYMENT RULES BEST PRACTICES SYSTEM CENTER CONFIGURATION MANAGER 2012 R2 Jodie Gaver Jodie Gaver Working.](https://reader034.fdocuments.net/reader034/viewer/2022051316/5697bf8c1a28abf838c8b7c6/html5/thumbnails/27.jpg)
For questions or to subscribe:
www.thejodie.net
More on Best Practices for Configuration Manager 2012 Software Updates