READ GROUP POLICY CONFIGURATION ONLY YOU CAN ONLY GET WINDOWS UPDATE BUT NOT ENDPOINT UPDATE
This is about one branch of Software update under SCCM 2012, I will not mention all the standard procedures of Software Update installation since you can follow this beautiful article from:
http://www.windows-noob.com/forums/index.php?/topic/4467-using-sccm-2012-rc-in-a-lab-part-6-deploying-software-updates/
however I will talk about several things not listed on that article and without those minor changes you wont get your client `s Endpoint protection updated.
1. About WSUS and SCCM 2012 Sychronization,
I found it is impossible to get the updates downloaded into the specified location when you create update packages and after some research I found You can only download those from Microsoft directly other than any location you specified or local update server, in my case it is from a centralized location in education network. So it is funny you can sychronize from one server and still need download from Microsoft.
To chose what you need download and how to download them you need go to:
UPDATE CONFIGURAITON
SCCM Console -> Administration -> Sites-> Configure site components -> Software update point ->
To download update for Endpoint protection ONLY, I choose -> Classification Tab -> Defination Update and Update, Product Tab -> ForeFront - > Forefront Endpoint Protection 2010,
this will allow you to have Forefront updates downloaded to your SCCM server, however I believe you need also choose windows 8.1 updates but it is not related here.
PROXY CONFIGURATION
So if you are using proxy to browsing internet, you need create a agent to download those updates. To do this, go to:
1. SCCM Console -> Administration -> Server and Site System Roles -> Software Update Point (Right Click)-> Proxy and Account Settings -> Check both
2. SCCM Console -> Administration -> Server and Site System Roles -> Site System (Right Click)-> Properties -> Proxy -> here to add your proxy and make sure they are correct.
COMPUTER ASSET CONFIGURATION
I am applying this Endpoint protection to all systems however If you want create certain type of OS collection, I will introduce a little here.
For example to create a Windows 8 Auto Incremental Collection you need go to :
Asset and Compliance -> Device Collection -> Create New Collection -> Direct Rule ->
Resource Class : System Resource
Atrribute Name : Operating system name and version
Value : Microsoft Windows NT Workstation 6.3
Enable auto encremental updates : yes
So you can have your windows 8.1 collection ready for apply windows 8.1 windows update only
GROUP POLICY CONFIGURATION:
Remeber: there should be no group policy configured for windows update at all, and configure it under client settings.
However, for Endpoint protection you need add the registry of Microsoft update option otherwise you can only get windows update and will not get endpoint update.
To configure windows update, make sure you clear all the settings for WSUS or anyother update solutions you used in GPO before. And let SCCM Client to handle it.
For Endpoint Protection, you need check the "Give me updates for other Microsoft products when i update Windows" under windows update settings, to do this through GPO (actually GPP)
Please read my other article :
http://www.itlei.com.au/index.php/microsoft/active-directory/auto-generate-from-title-17
to check if update is successful or if there are things going on the client, go to :
Client machine -> %SYSTEMROOT%\WindowUpdate.log
DEPLOYMENT PACKAGE CREATION:
Software Library-> Software Update -> Automatic Deployment Rules -> Creat ...->
Software Update Tab -> Product : Forefront Endpoint Protection 2010, Update Classification: Defination update or Updates ,
Evaluation schedule Tab: (Depend on your needs, for me 7 days),
Deployment Schedule Tab : ASAP,
User Experience Tab: Hide in Software Center and all notifications ,
Deployment Package : Create package and make sure it is auto incremental
Hopefully those information can get you through. Cheers.
No comments:
Post a Comment