As part of the Community Evaluation Community the 8th live meeting about System Center Configuration Manager 2012 was scheduled for today. The main subject was Software Update Management in SCCM 2012.
At TechEd in Berlin and during the Live Meeting Microsoft showed the key investments they made regarding Software Updates. For the Configuration Manager Administrator as well as for the End User life regarding Software Updates is getting better. Since the beta1 of SCCM 2012 was released a lot of enhancements were made in the Management of Software Updates.
Jason Githens from Microsoft presented the following subjects.
Configuration of Software Updates in SCCM 2012
- Superseded update support
- Superseded updates: publisher (MS) can expire update
- Not automatically expire superseded updates
- You can Change settings at Software Update Point (automatically manage superseded updates or allow to deploy automatically superseded updates (time limited)
- Software Update Management (SUM) Admin role with RBA
- SUM admin can do specific actions (role) on a specific set of objects (scope)
- You can assign a SUM admin rights to only just the server collection or collection with only workstations to manage their updates.
- Client agent settings
- You can change Client Settings on Collections, so you can create different client settings for for instance Software Update Settings. All Client Agent Settings can be managed for groups of devices.
- Migrating from CM07
- Migrating all the work you put into CM SUM objects
- Reuse templates or searches already built
- Preserve existing update lists or deployments
- Persist
- Update List is Update groups without deployment
- Deployments are migrated via Collection Migation and are migrated to Update groups and deployments packages
- Software Update Point (SUP) configurations for products and classifications must be the same on CM07 and CM12
- Migrating all the work you put into CM SUM objects
Deployment
- Simplified update groups (aggregation of update list)
- Improved search to find updates
- Update groups replace lists and deployments
- New updates added to groups automatically deployed
- Groups can be used for compliance or deployed (you can create an update group that is not being deployed but used for compliance)
- Use criteria search
- Every updates has statistics about the updates (installed/(not) required/unknown) Same as WSUS
- Create from Search a Software Update Group
- Edit Memberships
- Create Deployment package
- The statistics are out of the box in console monitoring, nice feature!
- Automated deployments
- Automatic approval of selected updates
- Scheduled or manually run
- Useful for both Patch Tuesday and Forefront Endpoint Protection
- Updates created by rules are interactive (rules are
- Deployments van be enabled/disabled
- Deployment van be added / removed from groups
- Updates van be added / removed from groups
Procedure: Creating a deployment rule process:
- Right click and Create automatic deployment rule
- General Settings
- Select a deployment template or fill in a name / collection / Add or create new Update Group.
- Assign a collection to the Deployment Rule. If you use RBA you may only see Scoped collections
- Note:
Create new SUG for Patch Tuesday every time
Add to an existing SUG for forefront- Deployment settings
- Send wake up packets
- Configure logging Verbosity Level (Normal / Minimal)
- Software Updates
- Select updates, you can select updates by creating filters bases on items like type, products, severity, dates, vendors, etc etc.
- Evaluation schedule (rule run after SUP sync) (every 2ndTuesday of month)
- Deployment schedule
- Client local time
- Specific time available time, for instance 4h after the deployment rule runs
- Deadline deployment, for instance 7 days after the deployment started
- User experience (show or disable notifications)
- Alerts (compliance alerts 90& before date)
- Download settings (standard client download settings)
- Deployment package
Select or create new Software Update Package- Download location (internet / network)
- Languages
- Running rule will create a Software Update Group and you can deploy it to a collection
End user experience
- Uses the new software center user interface for installing or scheduling installation of updates
- End user has better control of own experience
- Install /schedule updates
- End user can use non business hours to install updates , the period (hours) is configurable
Maintenance
- In console views and monitoring
- Key compliance and deployment views
- Detailed state of all deployments and assets (without using reporting)
- Monitoring in the console
- State monitoring of deployments
- Every state and their assets are grouped in tabs
- Error codes are interpreted
- Better interpreting like in SCOM
- Software update synchronization status monitoring
- Alerts for key software update issues
- In console alerts. The alerts regarding deployments or assets are available in the console on the deployments or assets.
- Reporting
- Extensive update state available in out-of-box reports
- Reporting in de Console
- Also available via SRS
- Content library and clean up
- Clean up via Maintenance task
- Software updates stored in the content lib
- Maintenance task deletes expired update and content
- Single instance storage for Software Updates
Trouble shooting
In the last part of the live meeting the most important log files regarding Software Updates where described.
Server side troubleshooting logs
Log | Types of issues |
SUPsetup.log | Installation of SUP Site Role |
WCM.log, WSUSCtrl.log | Configuration of WSUS Server/SUP |
WsyncMgr.log | SMS/WSUS Updates Synchronization issues |
Objreplmgr.log | Policy issues for updates Assignments / CI Version Info Policies |
RuleEngine.log | Auto Deployment Rules |
Client side troubleshooting logs
Log | Types of issues |
UpdatesDeployment.log | Deployments, SDK, UX |
UpdatesHandler.log | Updates, Download |
ScanAgent.log | Online / Offline scans, WSUS location requirements |
WUAHandler.log | Update status (missing/installed – verbose logging), WU integration |
%windir%WindowsUpdate.log | Scanning / Installation of Updates |
Next CEP meeing is about “Mobile Device Management”.