unattended synchronization setup

[SMO6]

I've been following my MS book "SMS 2003" throughout my installation and configuration. I'm into Chp 13 now, Patch Management. If any of you have this book, I'm on pg 539 and I'm trying to follow the 8 step process. I guess what is throwing me off is the lack of illustrations that the rest of the book has to compliment the numbered instructions. Instead of typing out the 8 step process and my response to each, I'll just ask if any of you have this setup. Do you? If so, is there documentation available somewhere other than my book? Help!!

Thanks,

SmAu6

 

[Jpoandl]

You may want to check out this web site. It includes documentation, and videos on how this works:

http://www.microsoft.com/smserver/evaluation/capabilities/patch.asp

Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please check out

http://www.NJCOMPUTERNETWORKS.com

(Sales@njcomputernetworks.com)

 

[SMO6]

Thanks. I figured out how to download automatically while using the distribute software updates wizard. I just needed to give permissions to the DL directory.

On a similar subject: How can I manually update the SMS server's list of available patches and how can I set this to update itself on a schedule? I've noticed after patching some of my pre-production workstations that there are other updates still available through the Windows Update Util.

 

[Jpoandl]

On a similar subject: How can I manually update the SMS server's list of available patches and how can I set this to update itself on a schedule?"

The list of available patches will automatically get updated for you. When the clients run the SUS scan package (which you should set to run every day), SMS will detect which patches are applicable and which patches are already installed on every client. This information is then reported to the SMS site server's database.

When you run the SMS Distribute Software Updates Wizard, only security patches that are APPLICABLE in your environment will be available for you to configure and deploy. This minimizes confusion for the SMS administrator. To make this clear for you... an example might be... imagine that your SMS clients consist of only Windows XP OS's. In this scenerio, SUS will only show you patches needed on the XP machines. Although MS has patches applicable to Windows ME, Windows 2000, Windows 2003, etc, ONLY XP patches will be shown in the Distribute Software Updates Wizard. This way, the SMS administrator won't be bothered with "seeing" patches meant for operating systems that he/she doesn't have in thier environment.


"I've noticed after patching some of my pre-production workstations that there are other updates still available through the Windows Update Util."

Yes, this will be true. The reason is that SMS SUS uses a different patch database compared to Windows Update. Because the MS patch databases are different, there will be a discrepancy between the two. In fact, the Windows Update is more accurate and contains more patches. Therefore, even though you have every SUS package deployed and installed, you will still be missing a hand full of patches.

This is something that MS doesn't advertise for obvious reasons. Because of this problem, it is up to the administrator to create MANUAL packages to address the patches that can not be detected by SMS SUS. Thaaa... This sucks. I use the WISE installer to do this. The SMS Installer can be used as well. The administrator needs to download the patch manually and create a hidden package to deploy the patch. This is a little bit more work but its really not that hard. In every MS security patch KB article, it is specified whether or not SMS SUS can detect the patch. So as new security patches are released by MS, it is important for the SMS administrator to review the KB articles to determine whether or not the patches are SUSable.

The good new is that MS is working hard are modifying SMS SUS to use the Windows Update technology. So, in the future this problem should go away.

-hope this helps...


Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please check out

http://www.NJCOMPUTERNETWORKS.com

(Sales@njcomputernetworks.com)

 

[SMO6]

You rock! Thanks for your help. On a diff note... How long did it take you to get your MCSE for 2003 and how hard was it?

 

[Jpoandl]

It took me about 3 months. But I had the MCSE 2000 and the MCSE NT 4.0...so I had some base knowledge about MS networking products.

I don't think it is that hard to obtain. If you just want to pass the tests quickly (This is what I normally do..because you can't really learn the stuff until you get hands on.), I would recommend using th

http://www.TESTKING.Com

preparation tests. These are very good.

Also, visit sites like

http://www.mcsebraindumps.com

I think 6 to 8 months is realistic for a non-MCSE to get the cert. You just need time to study and focus on the exams.

Good luck...later

Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please check out

http://www.NJCOMPUTERNETWORKS.com

(Sales@njcomputernetworks.com)

 

[SMO6]

Hmmmm, I should just get that. I've been working with the windows platform since Win95/98. Have you gotten any Cisco certs? I've got the CCNA and I'm working on the CCSP. The MCNS was pretty difficult, I had to take it twice and I barely passed the second time. Just started CSVPN last week through smartcertify... Later!

 

[SMO6]

Back to business, where do I check this (from your previous posts): 'When the clients run the SUS scan package (which you should set to run every day), SMS will detect which patches are applicable and which patches are already installed on every client. This information is then reported to the SMS site server's database. '

Thanks.

SmAu6

 

[Jpoandl]

When you installed SUS, it should have created a few collections and packages.

There is a program called: "SUS blah blah (Expedited)" Scanwrapper.exe /cache /kick

This needs to be running frequently in your environment. The sus scan inventories the clients to find out whether patches are installed or not.

After this program has run on the client, you can view the patch status information several ways. To target a client, you can right click on a client and select Start Resource Explorer. Expand the HARDWARE Inventory. In the left hand pane, you will see SOFTWARE UPDATES. Highligh SOFTWARE UPDATES to see a list of Security Patches and the STATUS.

There are also several REPORTs that you can view in the REPORTS section of the SMS Administrator. Look for the ones that start with SOFTWARE UPDATES...

-hope this helps...



Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please check out

http://www.NJCOMPUTERNETWORKS.com

(Sales@njcomputernetworks.com)

 

[SMO6]

I always post stuff and then find out what the solution is for myself. Hopefully, my posts are helping others... Anyway...yea I figured out what SUS was and I do have all the packages and programs setup per my SMS 2003 book. I'm now releasing patches outside of pre-production. Fired one off just now but I dont think it has started yet. Couple of questions now:

1. How to speed up advertisement? Can the client be set to check more often? Can this be done system wide from the SMS console?
2. When using 'distribute software updates wizard' I found that a typical advertisement is not created. So, what queries/messages can I check to monitor status?

This has been a challenging and fun project. Now the fun really starts when tuning SMS' performance to meet my needs. Later! Out to lunch...

 

[Jpoandl]

You can go into the client agents section of the SMS Administrator site settings and ajust the time. You can set it so the clients check for advertisements more often.


Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please check out

http://www.NJCOMPUTERNETWORKS.com

(Sales@njcomputernetworks.com)