Hi,
I would like to just have some clarification on deployment scheduling. I created a deployment but I do not want it to run/install until 2/7/2015. So I have set the assignment schedule on the deployment for 2/7/2015. But I see the deployment start time has the date I created it. I am worried it will install on me right now because it says in monitoring that the program is received. Can you confirm that as long as I have the assignment schedule set, it will not install/run until then? TIA
I have a scenario where two collection of Windows 8.1 is made based on geographical location. One collection is for all the windows 8.1 machines in India and one collection is for all windows 8.1 machines in US. Now I have created one ADR to be deployed to the Collection for Machines in India with a schedule.
My requirement is that can i use the same ADR for those two collection with different schedule. Say I want ADR to be deployed in India at say 10:PM IST and for US collection at say 10:00 PM PST.
Can I use one ADR with two different schedule and can be deployed to two different collection. Any help will be greatly appreciated.
I have 2 questions:
1. What causes updates to become expired.
2. How do I re-activate an expired update?
Thanks!
Hello, I need some help getting this update into SCCM so that I can distribute it to the windows XP machines.
Currently the update is showing as if it is expired, thus I am not able to download or deploy it to the machines that need it. It shows in SCCM 2012 as if it is expired.
I ran Microsoft Baseline Security Analyzer 2.3 on the XP machine, and it does show that the machine is missing this important security update.
How do I get it re-activated in SCCM, and why did it expire to begin with?
Thanks.
I am currently testing in my environment and running pilot deployments at different sites and the way I am doing it is I create deadlines for my test workstations at each site on the Friday following Patch Tuesday at 6PM along with a restart. The problem with this though is that if a user takes their laptop home with them, or a workstation is powered down during the deadline, then the next time a workstation comes back online the system will get the notice to restart.
I know I can suppress restarts, but that will lower the compliance rate and I really do not want to use maintenance windows for workstations, because I want to reserve maintenance windows for servers only.
How do you SCCM MVPs and other SCCM gurus go about doing something like this?
Thanks
I know that Microsoft has made the MsMpSvc service tamper proof as per this article:
Then I read this forum post here about using PSExec to temporarily disable it:
But, I want to know if there is ANYWAY possible to automate this process using a script, PowerShell preferably?
Thanks
Hi Guy's
Need a solution to the issue, the SCCM 2012 clients under a secondary site { Secondary site with SUP\WSUS } are downloading 200Mb + data at port 8530. This seems quite abnormal.
Need to know answer of below
1- Actual size of catalog what clients should download or path where on WSUS is stored
2- How to restrict a huge sized download between WSUS and CM 2012 client
This is not the case where clients are directly reporting to Primary size.
Regards
Sushain Kapoor
Regards Sushain KApoor
Hi,
SCCM 2012 very helpfully makes it possible to search for items in an update group that have been superseded. However, the superseding items can be any item in the database, not just items from the given update group.
Does anyone know of an automated way to find and remove items that have been superseded by another item in the same update group?
I'm struggling to get at this information using the PowerShell cmdlets.
Thanks.
Hi,
I'm using SCUP 2011 to publish updates into SCCM 2012. In 4.5 we used to use scupsync.exe to automate this, I cannot find this in 2011, is it there?
I really need to get some ADR rules up and running for 3rd party updates.
Thanks
Hi all,
I have SCCM2012 R2 with CU2 installed in my environment. We have the EndPoint Protection point setup (FEP). We still have some XP machines in our environment. We are in the process of replacing them but it will take some time...during which I need to protected them.
Will FEP still deploy antivirus updates to XP machines? One blog mentionned that AV updates for XP machines will keep going, another blog mentionned that the updates will stop after July 2015. Can someone shed some light on this?
Thanks,
Jesmat
Hi,
I have problem with patching few servers in DMZ. I have deployed SUG and at beginning of update process, it looks fine - all necessary updates are visible in Software Center. But... next all updates stuck on 0% and stay in that state few hours. After this time STATUS is changing on "Past Due - will be installed". :-(
I have checked boundaries. I have created IP range boundary which cover IP range for DMZ servers. Next I have assigned this boundary to boundary group where is configured closest DP.
In LocationServices.log I see servers is point on right DP.
What I can do next to fix it? Thank you for any advice.
I have read that I can create a non-deployed software update group that contains previous months patches and use that for reporting purposes to find out which systems do not have all the updates, but that is where my understanding falls short.
For some reason I am not getting how I can update new systems with all the updates before its existence in a domain, wrapped around my brain.
Can someone help me get this through my noggin please?
Thank you
Hi all,
I have the following problem: I recently have connected my Windows servers to our new SCCM 2012 environment. Now I'm deploying Windows Updates and SCEP Definition updates through SCCM 2012. This works well! Windows Updates are installing and the servers are reporting back their status to SCCM. SCEP Definition updates are being installed as well, but here, my servers are not reporting back to SCCM... they are all stated "Status Unknown".
I have checked the Endpointprotectoragent.log file, and there are no error messages, just the last messages say:
-start to send State Message with topic type = 2001, state id = 3, and error code = 0x00000000
-Skip sending state message due to same state message already exists.
Does somebody know how I could fix this?
Thanks a lot!!!
I am having issues where our SCUPdates are showing compliant, though this is incorrect.
We also have a patchmypc catalog and it works fine.
this only seems to apply to the included catalog from adobe.
I have set my installable/installed rules as follows (I think this might be my problem)
We have a SCCM 2012 sp1 CU3 site that consists of one Primary site with 10 secondary sites in different regions. The primary and all secondary sites are Software Update Points and Distribution Points. My site boundary groups use AD site boundaries to limit each region's clients to point to their own secondary server (DP) for content.
Today I got pulled-into a sev 1 issue where the network team says that many clients from different regions are pulling data over the WAN from the PRIMARY server on TCP port 8530, bringing the network to its knees. Looking at some of the clients registry settings: HKLM/SOFTWARE/POLICIES/MICROSOFT/WINDOWS/WUSERVER - that value is set to the PARENT Software Update Point instead of the regional secondary site.
Why would that happen? Is there any reason a client would talk to the parent SUP rather than the secondary? (ie- if a client fails to contact the secondary is it possible it would fail-over to the primary?)
Any help is greatly appreciated!
Thanks,
FP
Hi,
I sometime see on the "virus and spyware definitions created 2 days ago" and some times some days longer. If I look some days later the client is up to date. I have configure an ADR to get definitions 3 times per day, and also update the DP after SUP schedule.
What make the client to not have the latest definitions?
/SaiTech