Hi,
How often do the clients contact the SUP to check the updates and how can I influence that?
Thanks
Florian
↧
Define Update cycle for clients
↧
How to download "Microsoft Security Bulletin MS16-039" using ADR for June Month
This update Microsoft Security Bulletin MS16-039 was first released in April and has been rereleased in June. As I run my ADR giving the criteria "date Released or revised as Last 1 month", I don't see this in my software update group.
Since it has been re-released by Microsoft, we need to apply them this month as well to make our systems compliant. Any idea how to get these updates downloaded to the Software update group?
Thanks
↧
↧
Missing Source Directory for Updates
Yesterday I downloaded the Critical and Important updates in the software library and then deployed them as I always do. Later I noticed the systems were not updating and when I looked to see if they had deployed out to the distribution site I found there was an error. The error is: The source directory \\xxxxxsccm\packagesource$\software update packages\all required updates\4d3ab8d3-ad70-4df8-bb99-3ac2800b994f for package DAV00013 does not exist. I found the culprit that is causing me the issue. It references KB3142024 which was downloaded and pushed out the previous month. I have downloaded it again but it is not showing up in the “All Required Updates” folder so am unable to push out the updates. I have removed the offending update from being deployed, downloaded it again, but it is not showing up where the remainder of the updates that need to be pushed out are located. What do I need to do to resolve that. I also found where the GUID is referenced in the SCCMContentLIB\Pkglib\DAV00013 ini file. Is it possible to delete that reference from there? Any assistance would be greatly appreciated.
Using SCCM2012 R2 for the platform.
Mark Reny
Infrastructure Support Technician
Dynamic Aviation
↧
Automating Software Update Deployment Creation - having issues
Hello,
We have a lot of device collections, and I've been tasked with deploying several (3) Software Update Groups to these collections.
I've been doing it manually via the GUI, and that works fine. However, it takes 5-10 minutes per deployment- ripe for automation.
The issue I'm having is that I can do it with a one-liner, but my scripting approach isn't working. Here are 2 versions of my code. The first:
$DeviceCollections = Import-Csv -Path C:\Scripts\Input\PatchDeviceCollections.csv
$DeviceCollections | ForEach-Object {Start-CMSoftwareUpdateDeployment -CollectionName $_ -SoftwareUpdateGroupName "Server 2003 - June 2016 Baseline" -AcceptEula -AllowUseMeteredNetwork $True -DeploymentType Required -DownloadFromMicrosoftUpdate $True -EnforcementDeadline 21:00 -EnforcementDeadlineDay 06/16/2016 -ProtectedType RemoteDistributionPoint -SendWakeupPacket $False -TimeBasedOn LocalTime -UserNotification DisplayAll -VerbosityLevel OnlySuccessAndErrorMessages}
and the other is:
ForEach ($Collection in $DeviceCollections)
{Start-CMSoftwareUpdateDeployment -CollectionName $DeviceCollections -SoftwareUpdateGroupName "Server 2003 - June 2016 Baseline" -AcceptEula -AllowUseMeteredNetwork $True -DeploymentType Required -DownloadFromMicrosoftUpdate $True -EnforcementDeadline
21:00 -EnforcementDeadlineDay 06/16/2016 -ProtectedType RemoteDistributionPoint -SendWakeupPacket $False -TimeBasedOn LocalTime -UserNotification DisplayAll -VerbosityLevel OnlySuccessAndErrorMessages
}
I'm using a variable with the names of my Device Collections (a set for patching, anyway). I know that's working because I can punch that line in, then type in the variable and get my list.
The issue is when I try to run this, I get this error:
Start-CMSoftwareUpdateDeployment : No object corresponds to the specified parameters.
At line:1 char:38
+ $DeviceCollections | ForEach-Object {Start-CMSoftwareUpdateDeployment -Collectio ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Microsoft.Confi...ploymentCommand:StartSoftwareUpdateDeploymentCommand)
[Start-CMSoftwareUpdateDeployment], ItemNotFoundException
+ FullyQualifiedErrorId : ItemNotFound,Microsoft.ConfigurationManagement.Cmdlets.Sum.Commands.StartSoftwareUpdateD
eploymentCommand
On my workstation, I ran this, got this error, and it still ended up looping through and creating them. When I put it on a server to run (it will take several hours), I get this error repeatedly, as if it's running through each one and failing, over and over:
WARNING: An update to the System Center 2012 Configuration Manager Cmdlet Library is available. Please go to'http://go.microsoft.com/fwlink/?LinkId=528947' to download the latest version. Running cmdlet version: 5.0.8231.1004
Latest cmdlet version: 5.0.8373.1189
Start-CMSoftwareUpdateDeployment : No object corresponds to the specified parameters.
At line:1 char:38
+ $DeviceCollections | ForEach-Object {Start-CMSoftwareUpdateDeployment -Collectio ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:String) [Start-CMSoftwareUpdateDeployment], ItemNotFoundException
+ FullyQualifiedErrorId : SessionStateException,Microsoft.ConfigurationManagement.Cmdlets.Sum.Commands.StartSoftwa
reUpdateDeploymentCommand
I'm trying to make this work, as it frees me up to do non-mind-numbing things.
Any ideas on what I can do to make this work?
Thanks.
↧
uninstall SCEP client
Hi,
how to uninstall SCEP client from client system using script in SCCM 2012 console?
↧
↧
Question about managing updates in multiple packages
Hi Everyone
Lets say i have an update "12345" downloaded in package A and B.
I then try to consolidate the packages by downloading update "12345" again to a new package C.
If i delete the package A & B, update "12345" will still be availble from package C right?
Thanks, DM.
↧
SCCM 2012 - Updates
Hi All,
I have few queries on software patching. I have SCCM 2012 R2 environment
1. I am trying to patch a group of servers. If i deploy the patches in Required mode in ASAP (ex: at 10 AM)schedule. I want to make sure the automatic restart happens at 12 AM. Is it possible to control the restart from SCCM console?
2. After i deploy patches, I would like to run MBSA report to make sure that there is no patch missed or machine in non compliant. Can i integrate MBSA report in SCCM
Regards, Pratap
↧
Problem with SCEP
Apologies if this is the wrong forum for a question about SCEP.
We have a new issue with SCEP in our environment where it is taking 30-60 seconds to finish scanning a single file downloaded from our SRS environment. Is there a way to exclude scanning downloads from local Intranet sites or sites in general?
Thank you.
↧
Collections with maintenance windows
I am trying to deploy the windows updates using ADR for two separate collections. I have setup maintenance windows for each and added both of them into a parent collection which has no maintenance window which is the collection i am targeting in ADR.
In ADR, I set the patch available and deadline times as "as soon as possible".
Is my set up correct?
It seemed not working well. The patches were not showing. I do not have access to those machines so which ssrs reports are the one I should check to determine the issues?
Thanks so mcuh!
JL
↧
↧
DCM configuration baseline
Hi,
We have implemented DCM in SCCM 2012 to check the compliance status of configuration baseline for windows server 2012 r2.
We have export the baseline configuration from SCM 3.0 and import the same into SCCM.
The following settings are not currently supported when generating SCAP content or DCM configuration packs:
- Accounts: Rename administrator account
- Accounts: Rename guest account
- Accounts: Administrator account status
- Accounts: Guest account status
- Network security: Force logoff when logon hours expire
Can anyone has vbscript or powershell script to discover the above configuration baseline settings.
Thanks,
Vijay
↧
Whit EndPoint Protection is port 25 is open or it is blocked?
My Customer have SCCM 2012 R2 SP1 Whit EndPoint Protection is it possible to block port 25 and exclude a list of files? If yes how to do that?
↧
A Report of all Security, Critical Updates & updates rollups installed in my primary site
Hi,
I Need a SQL query of (ASAP)
A Report of all Security, Critical Updates & updates rollups installed in between the period of 1st Apr 16 to June End 16. Which means that report will show up all the Security updates, Critical updates & Updates rollups from Apr 16 month to till date.
↧
System Center Endpoint Protection vs. McAfee VirusScan Enterprise
We're currently running McAfee VSE v8.8 in our enterprise, and are evaluating SCEP. My one issue, however, is finding an actual comparison of the two products; I'd even settle for a feature grid. Has anyone actually evaluated these two products before,
and could offer an opinion on one or the other?
↧
↧
Windows 10 In-Place Upgrade question
Hi,
I am following the guide located at https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager?f=255&MSPPError=-2147217396 to complete an in-place upgrade of Windows 10. All guides I see only discuss Windows 10 Enterprise edition upgrades. Please can you advise whether an In-Place upgrade of Windows 10 Professional is applicable using this solution?
Thanks,
Mehul
↧
WsusUtil.exe importing Custom Updates
Hi All,
I was just wondering how to import Custom Support Security updates for WS2003 in to SCCM environment using WsusUtil.exe. As WSUSUIMPORTTOOL.exe will not work in our current WSUS version installed, we need to use WsusUtil.exe. Any help would be much appreciated.
Thanks,
Girish
↧
PKI Certificate based communication in SCCM 2012 R2
Hi,
I am using SCCM 2012 R2 standalone primary site for Managing Windows updates for Servers only.
All servers are in trusted Forest/domain in which site server located and currently all communication from SCCM Agent to Site server are through http.
but I want to use PKI Based Certificate communication instead of self signed certificates based that happening between SCCM Agents and all site system roles/site server/all sccm features.
I am looking for the step by step process and the required certificate details.
Shailendra Dev
↧
Disabling USB and Integrated Webcams via SCCM or GPO - How?
Hello,
I guess my google-fu isn't as good as I thought. I've been tasked with finding out how much work it would take to disable webcams- both USB and integrated- in a secure area of one of our buildings. We have SCCM and can obviously use Group Policy Objects.
We are trying to see
1) is it possible?
and
2) what is the level of effort?
I have looked in GPO settings, and I am trying a few things, but I haven't been able to test yet, and my manager wants to determine if we can do it with a reasonable level of effort. If it takes too much effort, they may not want to do it.
(As a sidebar, I think they are trying to solve a people problem with technology, but I digress....)
Within the domain's Group Policy, I've created this setting:
Group Policy Management Editor:
Computer Configuration > Preferences > Control Panel Settings > Devices
Under Devices, I created 2 settings:
- Setting #1: Imaging Devices - Do Not Use this device, Device Class: Imaging Devices
- Setting #2: Universal Serial Bus controllers - Do Not Use this device, Device Class: Universal Serial Bus controllers
I left Mice and Keyboards enabled for obvious reasons. I have not tested this yet(again, messing around and trying to determine the level of effort).
I plan on creating a group to apply this to in AD.
I am admittedly an amateur at SCCM (though I'm learning). I've been poking around a bit, but haven't quite found what I'm looking for yet.
I would prefer doing this via SCCM, but at this point, I'm just trying to see how tough it will be.
Any feedback will be greatly appreciated.
Thanks.
-David
↧
↧
KB2687455 Office 2010 SP2 not showing as required in SCCM 2012 on some machines
Hi
I have a machine that has Office 2010 SP1 installed.
SCCM does not think this machine requires (KB2687455) Office 2010 Sp2.
However, if i do a MSBA scan, then this says it does need KB2687455.
Anyone have any ideas why SCCM is not picking this up?
Thanks
DM
↧
Activity Reports
Hi guys!
I am trying to look for a program that tracks computer usage. I would need what apps they use, how long they use them...you know, that kind of thing. Anyway, I stumbled across a Windows 10 feature that allows tracking for children: http://windows.microsoft.com/en-us/windows-10/monitor-child-device-activity
What I am concerned with is to set it up, you need to set up an email for the child. I am running about 1000 lab computers and I'd like to just get each computer to report without setting up an email for each of them.
Does anyone know how to get around having to use an email? Or is there a program (hopefully free) that would be a good alternative for what I need? Thanks guys!
↧
Third Party Updates (for non Microsoft Products) and Linux Updates deployment from SCCM 2012 R2
Hi ,
I want to know the what are the third party updates(Non Microsoft) that i can deploy from SCCM 2012 R2...?
and how can I deploy the updates for Linux Servers from SCCM 2012 R2?
Shailendra Dev
↧