Handling of pending reboot, exclusive updates for patch management with SCCM 2012

Hello,
Planning to use SCCM 2012, I would like to understand how smart is SCCM 2012 when dealing with specific patch management situation.
Assuming I have the following:
- A given server to be patched is missing a lot of updates, several being mutually exclusive. This typical case will require several reboot / patching to properly obtain a server fully up to date.
- A given server to be patched is in pending reboot state because the local admin installed new software and has not restarted the server yet as requested
- Those servers have configured maintenance windows of 2 hours during each night. I scheduled a deployment of missing patches authorizing restart.
--> when the maintenance window will be reached:
- will the server first be restarted to clean the pending reboot ?
- will the the server be patched / restarted several times as required to fully meet the updates to be deployed.
Another scenario on workstation side:
- can I enforce deployment of updates at a given time, do not automatically restart the workstation during patch deployment, but after deployment schedule a mandatory restart with a countdown if there is a pending reboot... From end-user perspective, it
would have the following behavior. For instance:
- patches are automatically installed on Monday at 10 AM
- as soon as deployment is done, warning message is displayed to ask users to reboot
- then user has up to 48h to restart his computer by himself. If he does not do it, it will be automatically done after countdown expires.
--> Can such a scenario be managed by SCCM 2012 ?
Regards.

Hi,
I have a related question about deploying Microsoft Security Updates to workstations via SCCM 2012.  Is there a way to deploy the MS updates to workstations and only suppress reboots for machines with users logged on or locked?  There seems to
be only 2 different options for reboots, Suppress them all or don't suppress them at all.  We would like SCCM to reboot the machines that are logged off, but suppress the reboot for those that are logged on, while at the same time, provide the user with
a notification that their machine needs to be rebooted (at their convenience). 
We've tried applying the Domain GPO "No auto-restart with logged on users for scheduled automatic updates installations" (Enabled) and "Configure Automatic Updates" (Disabled), but the logged on/locked machines still receive the restart countdown with no
option to postpone or delay.
This is a show stopper for us since we have an environment where we are absolutely not allowed to reboot a logged on machine.
For a little background, we are coming from SMS 2003 and the Distribute Software Updates (ITMU) way of deploying MS Updates, where we could always set the program to run "Only when no user is logged on".
Please tell me there is a way to achieve our desired result.
Thanks,
Dan 

Similar Messages

  • Update an APPX App with SCCM 2012 R2

    Hi,
    When I update an APPX app, the app has to be closed to successfully update the app with SCCM. With a package, you can force the installation to kill the application, or ask the user to close the application. With SCCM and APPX apps, it's not possible. The
    update will just fail when the app is still opened. I couldn't find an option like "Run script X before the update" so I can force the app to close or ask the user to close the app.
    Is there a possibility to force the app to close or ask the user to close it before the update process starts? Or do I have to create a package for this instead of using the "Application" possibilities in SCCM?
    Thank you.
    Regards,
    JPvR

    You could also look at creating a small PowerShell script around the AppX package to give yourself some more "scripting" options to close the app first. To add the AppX package you can use the
    Add-AppxPackage cmdlet.
    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

  • Solaris 10 - Tools for Patch Management Automation

    Hi,
    What are the best tools (both Sun and third party) for patch management automation for a company using Solaris 10 with zones?
    What are the pros / cons and cost of these tools? Which ones are the most widely used / the most recommended?
    Current objectives for automation are to eliminate the current manual processes and to reduce planned and unplanned downtime.
    Thanks!

    I don't think you would want to fully automate it. You need to be able to test patches first on a test system to ensure they don't conflict with established applications and cause problems. You wouldn't want to install patches that relate to applications you don't have, or for upgrades you do not have or don't plan on having. That said, the smpatch utility can connect with Sun Solve, find patches, and download them, even install them if desired. You could easily script the process and run via cron to make it automated. I just don't think that's a good idea without having someone make decisions on what SHOULD be patched at any given time. The SMC facility also has a function that mimics smpatch, although you could not automate that. Also, smpatch can only be run from the global zone, and patches will percolate down to non-global zones automatically - smpatch will not run in a non-global zone (unless there's been changes made recently that I'm not aware).
    There's also the problem where some patches require reboot while others do not. If the patch kills the system, what mechanism do you have in place for someone to know what patch was applied that killed the system, if the process is automated and a number of patches were applied?

  • Why do we use Unserialized V3 update for Inventory Management?

    Hello Experts,
    I have question on LO Cockpit extractor.
    Why do we use Unserialized V3 update for Inventory Management (2LIS_03_BF) ?
    Are there any reasons behind?
    thanks a lot
    Padma

    Hi,
    V3 gives you good performance and you use it when the order of data is not important they way it was posted in OLTP, this method is used.
    Cheers,
    Kedar

  • Update for Extension Manager failed install

    Adobe Updater has an Update for Extension Manager 6.0.5 that has failed to install on both my computers multiple times. Has any experienced this? Is this update essential?

    Run the Creative Suite Cleaner Tool, try again.
    Mylenium

  • Deploy UDI Windows 10 with SCCM 2012 R2 and MDT 2013 Update 1

    Hi,
    Trying use "User-Driven Installation"  with
    SCCM 2012
    R2 CU4 and MDT
    2013 Update 1 for deploy Windows
    10.
    Created MDT Task Sequences with
    template "Client Task sequence"
    and Deployment Method "User-Driven Installation".
    When I try to deploy I have error like:
    Failed to run the last action: Error in the task sequence. Execution of task sequence failed.
    The operation cannot be completed because other resources are dependent on this resource. (Error: 00001389; Source: Windows)
    ZTI deployment failed, Return Code = 5001 InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
    Unable to create WebService class InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
    Command line returned 5001 InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
    Process completed with exit code 5001 TSManager 22.04.2015 11:36:57 1160 (0x0488)
    Part smsts.log
    !--------------------------------------------------------------------------------------------! TSManager 22.04.2015 11:36:57 1160 (0x0488)
    Expand a string: WinPEandFullOS TSManager 22.04.2015 11:36:57 1160 (0x0488)
    Executing command line: smsswd.exe /run: cscript "%deployroot%\scripts\ztierrormsg.wsf" TSManager 22.04.2015 11:36:57 1160 (0x0488)
    [ smsswd.exe ] InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
    PackageID = '' InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
    BaseVar = '', ContinueOnError='' InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
    ProgramName = 'cscript "C:\_SMSTaskSequence\WDPackage\scripts\ztierrormsg.wsf"' InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
    SwdAction = '0001' InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
    Set command line: Run command line InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
    Working dir 'not set' InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
    Executing command line: Run command line InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
    Process completed with exit code 5001 InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
    Microsoft (R) Windows Script Host Version 5.12 InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
    Copyright (C) Microsoft Corporation. All rights reserved. InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
    InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
    Microsoft Deployment Toolkit version: 6.3.8216.1000 InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
    The task sequencer log is located at X:\WINDOWS\TEMP\SMSTSLog\SMSTS.LOG. For task sequence failures, please consult this log. InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
    ZTI deployment failed, Return Code = 5001 InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
    Unable to create WebService class InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
    Command line returned 5001 InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
    Process completed with exit code 5001 TSManager 22.04.2015 11:36:57 1160 (0x0488)
    !--------------------------------------------------------------------------------------------! TSManager 22.04.2015 11:36:57 1160 (0x0488)
    Failed to run the action: Error in the task sequence.
    The operation cannot be completed because other resources are dependent on this resource. (Error: 00001389; Source: Windows) TSManager 22.04.2015 11:36:57 1160 (0x0488)
    MP server http://sccm.domain.com. Ports 80,443. CRL=false. TSManager 22.04.2015 11:36:57 1160 (0x0488)
    Setting authenticator TSManager 22.04.2015 11:36:57 1160 (0x0488)
    Set authenticator in transport TSManager 22.04.2015 11:36:57 1160 (0x0488)
    Sending StatusMessage TSManager 22.04.2015 11:36:57 1160 (0x0488)
    Setting message signatures. TSManager 22.04.2015 11:36:57 1160 (0x0488)
    Setting the authenticator. TSManager 22.04.2015 11:36:57 1160 (0x0488)
    CLibSMSMessageWinHttpTransport::Send: URL: sccm.domain.com:80 CCM_POST /ccm_system/request TSManager 22.04.2015 11:36:57 1160 (0x0488)
    Request was successful. TSManager 22.04.2015 11:36:57 1160 (0x0488)
    Set a global environment variable _SMSTSLastActionRetCode=5001 TSManager 22.04.2015 11:36:57 1160 (0x0488)
    Set a global environment variable _SMSTSLastActionSucceeded=false TSManager 22.04.2015 11:36:57 1160 (0x0488)
    Clear local default environment TSManager 22.04.2015 11:36:57 1160 (0x0488)
    Let the parent group (Gather Logs and StateStore on Failure) decides whether to continue execution TSManager 22.04.2015 11:36:57 1160 (0x0488)
    The execution of the group (Gather Logs and StateStore on Failure) has failed and the execution has been aborted. An action failed.
    Operation aborted (Error: 80004004; Source: Windows) TSManager 22.04.2015 11:36:57 1160 (0x0488)
    Failed to run the last action: Error in the task sequence. Execution of task sequence failed.
    The operation cannot be completed because other resources are dependent on this resource. (Error: 00001389; Source: Windows) TSManager 22.04.2015 11:36:57 1160 (0x0488)
    MP server http://sccm.domain.com. Ports 80,443. CRL=false. TSManager 22.04.2015 11:36:57 1160 (0x0488)
    Setting authenticator TSManager 22.04.2015 11:36:57 1160 (0x0488)
    Set authenticator in transport TSManager 22.04.2015 11:36:57 1160 (0x0488)
    Sending StatusMessage TSManager 22.04.2015 11:36:57 1160 (0x0488)
    Setting message signatures. TSManager 22.04.2015 11:36:57 1160 (0x0488)
    Setting the authenticator. TSManager 22.04.2015 11:36:57 1160 (0x0488)
    CLibSMSMessageWinHttpTransport::Send: URL: sccm.domain.com:80 CCM_POST /ccm_system/request TSManager 22.04.2015 11:36:57 1160 (0x0488)
    Request was successful. TSManager 22.04.2015 11:36:57 1160 (0x0488)
    Executing command line: X:\WINDOWS\system32\cmd.exe /k TSBootShell 22.04.2015 11:37:31 696 (0x02B8)
    The command completed successfully. TSBootShell 22.04.2015 11:37:31 696 (0x02B8)
    Successfully launched command shell. TSBootShell 22.04.2015 11:37:31 696 (0x02B8)

    MDT Updates for Windows 10 Technical Preview Build 10041
    Если Вам помог чей-либо ответ, пожалуйста, не забывайте жать на кнопку "Предложить как ответ" или "Пометить как ответ".
    http://zalozny.com.ua

  • How to process Fisacl year change for Investment Management with Project?

    How to process Fisacl year change for Investment Management with Project as measure

    hi
    check this menu path
    Accounting  --> Investment Management  --> Programs  --> Periodic Processing  --> Fiscal Year Change

  • How to reduce configuration cache file Quota size located in ( C:\Windows\ccmcache ) for all client from SCCM 2012 server

    How to reduce configuration cache file Quota size located in ( C:\Windows\ccmcache ) for all client from SCCM 2012 server
    Thanks in Advance
    NTRao

    Hi,
    There are numerous ways to change the cache size.
    You could deploy a vbscript to a collection of the devices.
    On Error Resume Next
    Dim UIResManager
    Dim Cache
    Dim CacheSize
    CacheSize=20000
    Set UIResManager = createobject("UIResource.UIResourceMgr")
    Set Cache=UIResManager.GetCacheInfo()
    Cache.TotalSize=CacheSize
    Or you could use a configuration item.
    http://blog.coretech.dk/heh/configuration-items-and-baselines-using-scripts-powershell-example/
    You can also use the right click tools by Now Micro on a collection, if all the servers are on this would be the easiest / quickest way.
    http://www.nowmicro.com/recast/right-click-tools/
    http://www.david-obrien.net/2013/02/how-to-configure-the-configmgr-client/
    select SMS_R_SYSTEM.ResourceID, SMS_R_SYSTEM.ResourceType, SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup, SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.OperatingSystemNameandVersion like '%6.2%'
    https://msdn.microsoft.com/en-us/library/windows/desktop/ms724832%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396

  • How to prompt for OU during OSD Task with SCCM 2012 R2?

    How to prompt for OU during OSD Task with SCCM 2012 R2?

    Hi,
    Here is an example on how to do it using a Variable prompt in Configuration Manager, It works the same way in SCCM 2007,
    http://www.the-d-spot.org/wordpress/2013/04/01/dynamically-join-computer-to-ad-ou-during-osd-with-sccm/
    Regards,
    Jörgen
    -- My System Center blog ccmexec.com -- Twitter
    @ccmexec

  • Is MDT must have for OS deployment in SCCM 2012

    I know that existing MDT could be integrated to a new SCCM.
    Is MDT must have for OS deployment in SCCM 2012 or SCCM has its own engine for OS deployment?
    --- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis

    Thanks for the answers.
    one more question...
    I am going to start SCCM deployment in test environment.
    For OS deployment part:
    if MDT is planned for integration with SCCM should I configure OS deployment in SCCM before adding MDT.
    Or in this scenario OS deployment in SCCM could not be touched.
    After all previous answers I understand that OS deployment module is part of SCCM installation and is independent from MDT.
    --- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis

  • What client settings for BIOS or MEBx do I need preconfigure for Out Of Band Management in SCCM 2012?

    Hi,
    On the Client:
    What BIOS or MEBx setting do I need preconfigure for Out Of Band Management in SCCM 2012?  
    Or can I remotly configure BIOS or MEBx settings from SCCM 2012 or Intel SCS?
    /SaiTech

    Thanks,
    Now I see, with Intel SCS add-on for SCCM 2012 it will be the most simple solution. Even better than to have Intel scs standalone, that was an complex setup on dhcp and so on...
    Just one thing more, When you configure AD for AMT you have to set a OU. but if you have computers in two ou, I cant see how I can configure that?
    /SaiTech

  • [svn:cairngorm3:] 14751: Bugfix for history management with navigation interceptors

    Revision: 14751
    Revision: 14751
    Author:   [email protected]
    Date:     2010-03-14 12:20:05 -0700 (Sun, 14 Mar 2010)
    Log Message:
    Bugfix for history management with navigation interceptors
    Modified Paths:
        cairngorm3/trunk/libraries/Integration/pom.xml
        cairngorm3/trunk/libraries/Navigation/src/com/adobe/cairngorm/navigation/core/NavigationM essageProcessor.as
        cairngorm3/trunk/libraries/NavigationTest/src/NavigatorSample1.mxml
        cairngorm3/trunk/libraries/NavigationTest/src/sample1/Sample1Context.mxml
        cairngorm3/trunk/libraries/NavigationTest/src/sample1/presentation/NavigationBar.mxml

    Alex,
    On the mac, I've been attempting to check out the Navigation project but I keep getting prompted for credentials.  This is using Subclipse within Flex Builder3 on the Mac.
    Jeff

  • Cannot publish Flash Updates Verification of file signature failed for file SCUP 2011, SCCM 2012 R2 and WSUS all on same Windows Server 2012 machine

    I am attempting to distribute Adobe Flash updates using SCUP 2011, SCCM 2012 R2, WSUS ver4 and Windows Server 2012.  Everything installs without error.  I have acquired a certificate for SCUP signing from the internal Enterprise CA.  I have
    verified the signing certificate has a 1024 bit key.  I have imported the certificate into the server's Trusted Publishers and Trusted Root CA stores for the computer.  When I attempt to publish a Flash update with Full content I receive the following
    error:
    2015-02-13 23:00:48.724 UTC Error Scup2011.21 Publisher.PublishPackage PublishPackage(): Operation Failed with Error: Verification of file signature failed for file:
    \\SCCM\UpdateServicesPackages\a2aa8ca4-3b96-4ad2-a508-67a6acbd78a4\3f82680a-9028-4048-ba53-85a4b4acfa12_1.cab
    I have redone the certificates three times with no luck.  I can import metadata, but any attempt to download content results in the verification error.
    TIA

    Hi Joyce,
    This is embarrassing, I used that very post as my guide when deploying my certificate templates, but failed to change the bit length to 2048.  Thank you for being my second set of eyes.
    I changed my certificate key bit length to 2048, deleted the old cert from all certificate stores, acquired the a new signing cert, verified the key length was 2048, exported the new cert to pfx and cer files, imported into my Trusted publishers
    and Trusted Root Authorities stores, reconfigured SCUP to use the new pfx file, rebooted the server and attempted to re-publish the updates with the following results:
    2015-02-16 13:35:44.006 UTC Error Scup2011.4 Publisher.PublishPackage PublishPackage(): Operation Failed with Error: Verification of file signature failed for file:
    \\SCCM\UpdateServicesPackages\a2aa8ca4-3b96-4ad2-a508-67a6acbd78a4\3f82680a-9028-4048-ba53-85a4b4acfa12_1.cab.
    Is there a chance this content was already created and signed with the old cert, so installing the new cert has no effect?  In ConfigMgr software updates I see 4 Flash updates, all marked Metadata Only (because they were originally published as "Automatic." 
    No Flash updates in the ConfigMgr console are marked as downloaded.  I can't find any documentation on how the process of using SCUP for downloading content for an update marked Metadata Only actually works. 
    Comments and suggestions welcome.

  • What is the best approach for patch management

    Hi,
    I'm new about patch management. I would like to ask you how manage patch on few Solaris 10 servers using command line.
    I would like to know:
    1. Using only command line how to download latest patches
    2. There are some dependencies how to check this and install only those patches which meets dependecy requirements?
    3. Is there possiblity to atomate this?
    4. Is it possible to have one patch server and others servers will download and install this patches?
    5. What if some patches are not installed?
    6. How to find out which patches are necessary and which patches don't have to be installed? Or maybe or patches to be installed?
    7. Could you please describe your approach for managing patches? Or maybe you can recommend some books/web page/articles that can help me to understand patch management.
    Thanks in advance,
    Daniel

    smpatch is the command line tool to manage solaris patching. first you need to register yours system - this can be done using sconadm, detailed here:
    http://sunsolve.sun.com/search/document.do?assetkey=1-9-82688-1
    smpatch analyze will list all required patches and resolve dependencies. smpatch download will download all the required patches, and smpatch update will apply them. You can set up a Local Patch Server to download patches, then your clients will download the patches they require from it. This is detailed in chapter 6 of the update connection admin guide

  • Adobe Reader Update for MacBook Pro with Retina Display

    I recently purchased the new MacBook Pro with Retina Display and noticed when I downloaded Adobe Reader that it had not yet been updated to support the new Retina Display. If I remember correctly, it was announced that Adobe Photshop has been updated to support the new display. Will there also be an update for Reader any time soon?

    Hi,
    Reader and Acrobat XI will support Retina display for both the user interface and document rendering with the September update.
    For now, the UI is Retina capable but the document content is still rendered at a lower resolution.
    Few more weeks to go
    Best,
    Luc

Maybe you are looking for