In this post we will see deploying software updates using configuration manager 2012. Software updates in System Center 2012 Configuration Manager provides a set of tools and resources that can help manage the complex task of tracking and applying software updates to client computers in the enterprise.
In Part 1 we saw the installation of Active Directory Domain Services. In Part 2 we created the AD container and delegated the permissions on it. In Part 3 we installed pre-requisites for SCCM server. In Part 4 we installed SQL server, updated the service pack and cumulative update patch. In Part 5 we installed WSUS server role, Configured the firewall to add exceptions to allow the Client Push, Open the SQL ports 1433 and 4022. In Part 6 we installed the SCCM 2012. In Part 7 we saw how to configure Discovery and Boundaries. In Part 8 we installed few site system roles. In Part9 we created and configured custom client device settings, user device settings and deployed configuration manager client agent.
Before we deploy the software updates to our systems, we need to update the Intranet Microsoft update service location by creating a policy and linking it to our domain. We will create a separate policy named “Windows Update Policy”.
From the Domain Controller, Open Group Policy Management Console. Lets create a GPO and link it to Domain. The name of the policy is Windows Update Policy. Right Click the policy and edit.
From the Group Policy Management Editor, Navigate to Computer Configuration, Policies, Administrative templates, Windows Components, windows update.
Double click the setting “Specify Intranet Microsoft Update Service Location“. Click Enabled and in the options provide the Server name with HTTP as prefix for both intranet update service and intranet statistics server.
Note : During the configuration of WSUS if you had selected “Create a windows SUS 3.0 SP2 Website” then provide the name of SCCM server along with port number.
For example : http://Server.domain.com : 8530.
Click on the setting Configure Automatic Updates, Enable the setting by clicking on Enabled. Under Options choose Auto Download and Schedule the Install under configure automatic updating. Schedule the installation of updates Everyday at 14:00 (You can choose your own schedule time).
Now lets create a collection of computers to which we can deploy the updates. In our lab we have a single computer named CLIENT.PRAJWAL.LOCAL, we will create a Device collection and add all windows 7 computers to the device collection.
To create a Device Collection, Right Click Device Collections and Create Device Collection.
Click on Browse and Select All Systems as Limiting collection.
We will add a Query Rule to group the computers into a collection. Based on this Query the windows 7 computers will be added to the collection.
In the Query Rule Properties, Name the query as “Windows 7 Query“. Let the Resource class be System Resource. Click Edit Query Statement.
On the Select Attribute Window, click the Drop down list and select Operating System as Attribute Class and Attribute as Caption. Click OK. Choose the operator as “is like” and value as %windows 7%. click OK thrice and click Next.
The device collection has been created successfully. Click Close.
Lets configure the Software Update Point. Note that we have to select the Products for which the Updates will be downloaded. Under Sites, click Settings, Configure Site Components, Select Software Update point.
We will choose windows 7 here. Click OK.
To Synchronize the software updates, Click Software Updates from the bottom left pane, Right click All Software Updates and click Synchronize Software Updates“.
Click Yes to initiate site wide synchronization of software updates.
we can see the synchronization log by opening wsyncmgr.log located in C:Program FilesMicrosoft Configuration ManagerLogs.
Wait for few minutes, once synchronized you can see the updates. We will not deploy all the updates, we will now filter the updates by adding criteria. Click on Add criteria. Select Product, Expired, Bulletin ID and Superseded. click Add.
Choose the product as Windows 7, Bulletin ID as MS, Expired as NO, Superseded as NO.
We will save the search criteria by clicking “Save Current Search” at the top menu. Save is it with any name you wish. Click OK.
Now Select all the updates (hold Shift+page Down) , right click on the updates and click Create Software Update Group and name it as Windows 7 Software Update group.
We will download the updates and store it in a folder. Select all the Updates from Windows 7 Software Updates and Right Click and click download. In the Download Software Updates Wizard we will create a deployment package. A software update deployment package is the vehicle used to download software updates to a network shared folder, and copy the software update source files to the content library on site servers and on distribution points that are defined in the deployment.
Creating a Deployment Package – Provide a name to the deployment package. We will name it as Windows 7 Update Deployment Package. Now we need to store the updates in a folder so i have created a folder on other drive called Updates. we will use this folder to store all the updates. Inside the Updates folder we will create another folder called Win7 to store only windows updates. Click Next.
Click on Add and select your Distribution Point. Click Next.
Set the Distribution Priority as Medium. Click Next.
Choose Download Software Updates From Internet. click Next.
The wizard will now download the updates from internet. This will take some time depending on connection speed and the updates selected.
To deploy the software updates, click on Software Update Groups, right click Windows 7 Software Update Group and select Deploy.
To deploy the updates to a collection, click on Browse and select All windows 7 Computers. Click Next.
Choose the type of Deployment as Required and Detail Level as Normal. Click Next.
Select the time as UTC, Select the software available time as As soon as possible, installation deadline as As soon as possible. click Next.
Under device restart behavior, suppress the restart for workstations.
Click Generate an alert when following conditions are met. Enter the client compliance value as 90. click next.
Under Deployment Options select Download Software Updates from Distribution Points and install. click Next.
The Deploy software updates wizard has deployed the updates to the target. In our case it is targeted on a Collection “All windows 7 computers“. click close.
The updates have been downloaded and will be deployed to the collection.