Best ofmms2013 kb_managing_software_updates_part3


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Best ofmms2013 kb_managing_software_updates_part3

  1. 1. The new way handling of SoftwareUpdates explained in ConfigurationManager 2012 SP1
  2. 2. Microsoft NDA Confidential
  3. 3. Multiple SUPs per Site with cross-forest SUP supportSource top level SUP off of internal WSUS serversOptional client content download from WindowsUpdateWindows Embedded support3X delivery of definitions through software updates
  4. 4. • WSUS 3.0 SP2 WSUS-KB2720211 WSUS-KB2734608• You are allowed to put your WSUS db on the same SQL boxas where your CM db lives.• Use a custom Web site during WSUS 3.0 installation• Installing SP1 will reset custom ports to 80/433• Store Updates locally = License agreement
  5. 5. • Add multiple SUP’s per site (8 per Site)• You can add SUP’s cross-forest• NLB no longer required (but still supported through the SDKor PowerShell)• Clients will automatically fail over to additional SUPs in thesame forest if scan fails (same mechanism as MP)
  6. 6. Optional client content from WU/MU• Support for using Windows Update / Microsoft Update as anupdate content source for clients• Local content sources (distribution points) are still prioritized
  7. 7. • Architectural changes to improve SUP synch and client scansto support delivering Endpoint Protection definition updates3X per day (delta synchs and category scans)• Simplified out of box templates for : Endpoint Protection Auto Deployment Patch Tuesday
  8. 8. Publisher can expire orsupersede softwareupdatesConfigMgr 2007 didautomatically expiressuperseded updatesIn CM12, you controlsupersedence behavior
  9. 9. Keep your SUG’s LimitedKeep them under 1000 UpdatesDon’t split up productsKeep your SDP’s tightEnable delta replicationHigh priority for SDP’sMultiple deployments of the same SUGDetail view thru reporting
  10. 10. • Don’t split up SUG into products.• Split up per year and then per month !• Stay under 1000 updates per SUG
  11. 11. • Don’t split up all SDP per month.• Split up per year and save all updates in that SDP !• Enable “delta updates” for Distribution points• Do the work once, also for yearly maintenance.
  12. 12. • Pre-Production / Production• Create Templates• Set Required for workstations• Set your Alerting Target not too high !• Set Available for servers unless you work with workflowcontrol (SCORCH)• No Reboot = Not patched in most cases.
  13. 13. • Split up per year and then per month !• Split up deployments per collection as you want to knowcompliance per Month/Collection• What you see isn’t always what you get ! Look at yourdeployment rates. (monitoring pane)• Reporting is quite powerful.
  14. 14. Log Types of issuesSUPsetup.log Installation of SUP Site RoleWCM.log, WSUSCtrl.log Configuration of WSUS Server/SUPWSyncMgr.log SMS/WSUS Updates Synchronization IssuesObjreplmgr.log Policy Issues for Update Assignments/CI VersionInfo policiesRuleEngine.log Auto Deployment Rules
  15. 15. Log Types of issuesUpdatesDeployment.log Deployments, SDK, UXUpdatesHandler.log Updates, DownloadScanAgent.log Online/Offline scans, WSUS location requestsWUAHandler.log Update status(missing/installed – verboselogging), WU interactionUpdatesStore.log Update status(missing/installed)%windir%WindowsUpdate.log Scanning/Installation of updates