WMUG Presents
System Center 2012 Configuration Manager
Software Updates Management
Presented by Robert Marshall MVP ConfigMgr
www.wmug.co.uk
What is Software Updates Management?
www.wmug.co.uk
• Deploy Microsoft and non-Microsoft Patches to your client estate
• Reduce your Security exposure
Infrastructure requirements for Software Updates Management
www.wmug.co.uk
• ConfigMgr Software Updates Role
• Access to the Internet for Microsoft Updates
• Windows Update Agent
• WSUS
Defining a Patching regime for your organisation
www.wmug.co.uk
• When to sync with Microsoft Updates?
• Define when you will patch
• Define what you will patch
• Patching out-of-cycle
Software Updates
Patch classifications and severity
www.wmug.co.uk
• Critical Updates, Definition Updates, Security Updates, Updates, Update Rollups, Feature Packs and Tools
Using the Search facilities in the ConfigMgr Console to refine your selections
www.wmug.co.uk
• Create your own searches and save them for re-use
Software Update Groups
www.wmug.co.uk
• Contains a list of Software Updates• Is essentially an authorization list
• Used to measure Compliance
• Used to build a Deployment Package
Deployment Packages
www.wmug.co.uk
• Contain the Software updates patch files for Clients to reference
• Sent to Distribution Points
Automatic Deployment Rules
www.wmug.co.uk
• Mostly used for EndPoint Protection Definition file deployment to Clients
• Useful for automating the monthly patch cycle to Test machines
• Be aware of the consequences of deploying patches directly to Production Clients
Software Updates Management Reporting
www.wmug.co.uk
• SQL Server Reporting Services
• Multiple categories of Report
Deploying Software Updates
www.wmug.co.uk
• Requires a Software Update Group, a Deployment Package, Collections and Clients
Understanding Supercedence and Expired Software Updates
www.wmug.co.uk
Controlling Software Updates installation behaviour
www.wmug.co.uk
• Maintenance Windows
• Scheduling
Software Updates Deployment Monitoring
www.wmug.co.uk
• In-console monitoring
• Reporting Services
• Deployment Monitoring Tool
Software Updates logging
www.wmug.co.uk
• Server-side logs
http://technet.microsoft.com/en-us/library/hh427342.aspx#BKMK_SUPLog
• Client-side logs (Client Operations section)
http://technet.microsoft.com/en-us/library/hh427342.aspx#BKMK_ClientOpLogs
• Technical Reference for Log Files in ConfigMgr - http://technet.microsoft.com/en-us/library/hh427342.aspx
Basic troubleshooting steps for Software Updates
www.wmug.co.uk
• Device Targeted?
• Functional Client?
• Maintenance Window blocking deployment?
• Scan engine failure … broken WUA?
Extending Patch Management to handle non-Microsoft patches
System Center Updates Publisher 2011 Guides
Kent Agerlund MVP – Coretech - http://bit.ly/l4JRZZ
Justin Chalfant – Patch My PC - http://bit.ly/YDV0y7
MMS 2013 – Managing Third Party Updates with ConfigMgr – Kent Agerlund and Lawrence Garvin
http://bit.ly/14BgVxU
www.wmug.co.uk
A tour of the Software Updates Windows Management Instrumentation namespace on the client
www.wmug.co.uk
• Tool of choice - WBEMTEST
• Namespace - ROOT\CCM\SOFTWAREUPDATES\UPDATESSTORE
• Query the CCM_UPDATESTATUS instances
Microsoft Forefront Endpoint Protection 2010 and Software Updates
EndPoint Protection Guides
• http://bit.ly/PWNyJ8
From Niall Brady at Windows-Noobs
http://www.windows-noob.com
www.wmug.co.uk
Thanks for watching
Slide deck is available for this session on the WMUG website in the Events section
www.wmug.co.uk
Register at WMUG.CO.UK and automatically receive Event announcements