ISE1.2 NAC Agent/Compliance and SCCM Software Updates

Similar Messages

• SCCM Software Updates (and SCUP) vs. Application Management for 3rd Party Application Patching

  Hi,
  We're getting ready to tackle the phenomena known as Java patching, and I was wondering if I could get your personal preference; SCCM Software Updates (and SCUP) vs. Application Management for 3rd Party Application Patching?
  I probably should give a little background on my environment; It's a university atmosphere, so unless it's policy, you have to ask nicely...can't tell people to do things they don't want to; multiple version of required versions of Java for what ever reason,
  which need to be identified, grouped together, and then upgrade as much as possible without breaking their old applications.
  I was thinking that Application Management probably made more sense where it is more robust, especially for removing multiple installs of Java on a single system, but Software Updates/SCUP looks like it was built for this type of patching, so I'm a bit confused
  why SCCM would have two components which essentially did the same thing.
  Your thoughts?
  Thanks,
  Bill

  For Java version management specifically you can already achieve a lot by using the Application Model in CM12.
  You can define supersedence between the different versions, just make sure to opt for uninstall of the older version when defining it.

• SCCM Software Update Report

  Hi
  How can I make a report by sccm from installation of updates security and critical Microsoft productions?
  Best Regards

  Duplicate post of
  http://social.technet.microsoft.com/Forums/systemcenter/en-US/bd4ab8df-c94d-4a6e-833a-d0916c65a1fc/sccm-software-update-report?forum=configmgrgeneral
  http://www.enhansoft.com/

• How to calculate the compliance for an software update deployment

  Hi All,
  I am trying to find as how do we calculate the compliance for an software update deployment.
  Scenario, We have about 4000 machine in the domain. but we have some stale records in the domain which is about 1200. The AD cleanup for the stale records is planned for sometime in March.
  So total number of machines in a collection (including the stale machines) are 5200.
  The current compliance of that deployment shows the following status:
  Complaint : 1156
  In Progress : 1724
  Error : 38
  Unknown : 2462
  And in the unknown, we have :
  Client check failed/Active: 2
  Client check failed/Inactive: 6
  Client check passed/Active: 732
  Client check passed/Inactive: 1722
  Can you please suggest in understanding the formula that should be followed to get the compliance.

  Your Compliancy, should be based solely off of the number of computers within CM12.
   There are no “if”, “and” or “but” able it.  This is the only way to truly and reliably provide numbers to management.
  Again it should be very simple calculation:
   (Total outstanding  Security SU, Total outstanding
   Critical SU, Total outstand Service packs, Total outstand Update Rollups, Total outstand Updates, Total outstand Definition Updates, Total outstand tools, Total outstand Feature packs) Vs Total applied SU (all Classifications)
  Or
  Total # of 100% patched PCs vs Total # of PCs as seen by CM12.
  If you use any other calculation then you MUST include a disclaimer that you are filtering out computers because they might be invalid. Or you MUST define exactly how you are calculating the number. Therefore any compliancy rate that your calculate maybe
  invalid too or at least it will change once you clean up AD.
  I will never hide low compliancy numbers to management, I will always show it to them.
   In many case I will ask to give a presentation to Management to explain why the numbers are so low.
   Provide them with a list of action items that need to be done in order to bring up the number to more reasonable level. I also set their expectation on what a reasonable level is.
  100% is unachievable; there is no exception to this!
  95-99% Very excellent but expect to spend lots of $$$s to obtain these percentages.
  90-95% is really, really, good; expect to spend $$s in this range.
  85-89% is good; expect to set strict procedures
  81-84 is ok but you could do better
  Below 80% is bad
  In your case, I would start by saying AD is dirty and need to be clean up, this has been schedule for March 2015. I would follow up this to say, in order to keep AD clean the follow procedures need to be define / updated / followed. You should also define
  exactly what you are doing to ensure that all computers are management by CM12.
  IMO these is no simple answer of this.
  Garth Jones | My blogs: Enhansoft and
  Old Blog site | Twitter:
  @GarthMJ

• SCCM Software Update's / ADR questions

  Hello Technet/SCCM community,
  after much scratching of the ol' noggin and lots of internet searches I have been left with a handful of questions regarding SCCM 2012 SP1 and its Software Update Point functionality with emphasis on Automatic Deployment Rules.
  1.When creating an ADR if one ADR's updates are the same as another ADR's updates how can we avoid storing/downloading duplicates? Can I store the updates in the same folder and will SCCM be smart enough to share the updates rather than having two copies?
  note: one way around the above would be to separate updates into different ADR's, here is my issue with this method: lets say I have one ADR for Win7 updates and one for Office2013/Silverlight etc. Now Im deploying multiple packages to machines causes a
  larger update window and possible multiple restarts. So lets say I suppress the restarts, well when users get around to it they will still see the updates being applied and per our policy we have one window to push these and when we wander from the norm users
  minds break. i.e. I don't want multiple ADR's deployed to the machines a month and I do not want to suppress restarts.
  2. Is there no way to only download the metadata of these updates? Currently updates for my environment are eating up 80 gigs of hard drive space. 40 gigs to the download location which then gets duplicated to the content library which sets me up for my
  next question: Why are these updates in both locations essentially doubling the HD space you need for updates. My content library grows gig for gig with my SUP updates store.
  3. Scenario: I deploy updates month 1, 100 updates are downloaded and deployed and update group entry is created. Next month I deploy again this time 50 updates are downloaded and deployed, update group 2 created. Questions: Now if I delete update group
  1 and do not have a date released or revised rule will the next deploy grab update group 1's updates again? In other words should I always leave the update groups in SCCM so it knows what updates have been deployed and wont download those updates again. And
  finally if I should leave the update groups can I still delete the updates from the folder freeing up space but still allowing SCCM to know whats been deployed?
  4. Does anyone have an essential Windows 7 workstation updates ADR build they can share. For Workstations I like to deploy everything they need in one ADR, Office 2013, Silverlight, SCEP, and WIN7. So far Ive never come close to the 1000 limit. Server ADR's
  are a different story.
  MichaelSpaulding

  I appreciate your clarification of an ADR, I understand what it does and doesn't do, I'm simply using the term ADR to cover the subjects I'm discussing. 
  This piece of your response answers my questions in full and is very helpful.
  "You can use the "Period of time for which all pending deployments with deadline in this time will also
  be installed" setting on the Software Updates tab to group deployments together that have slightly different deadline times; however, Office 2013 and SCEP updates generally don't require a reboot."
   I had previously set the deadline/restart window to "as soon as possible", I will utilize
  the above to resolve my issues with my ADR deployments and I will also use the below for how I group updates. 
  "I generally configure an ADR for all workstation OS updates, one for Office, one for Server updates,
  and one for SCEP. These all reference the exact same update package which I then change on a periodic basis like every 6-12 months. I also create new update groups month for each of these (except SCEP defs)."
  Thanks great stuff Jason:)
  MichaelSpaulding

• How to solve the error message "Could not activate cellular data network: PDP authentication failure"when using 3g or gPRS on safari with an iphone 4 and latest software updates

  Please can someone help me to solve the error message "Could not activate cellular data network: PDP authentication failure"when using 3G or GPRS on safari with an iphone 4GS and latest software updates. I have tried resetting the network and phone settings. I have restored the factory settings on itunes and still the problem persists.

  All iPhones sold in Japan are sold carrier locked and cannot be officially unlocked by the carrier. If you unlocked it, it was by unauthorized means (hacked), and support cannot be given to you in this forum.
  Hacked iPhones are subject to countermeasures by Apple, particularly when updating the firmware. It is likely permanently re-locked or permanently disabled.
  Message was edited by: modular747

• HT4061 got iph 4s; using windows 8; downloaded latest update and iphone software update center could not be contacted or is unavailable......??  disabled firewall, disconnected all other usb devices, still not restoring; any one have any suggestions?

  iph 4s, using windows 8; downloaded latest update 6 for iphone and iphone software update center could not be contacted or is not available; tried troubleshooting; removed other usb connections and restarted computer; still will not connect to iphone software update center; any suggestions?

  I noticed the Windows Firewall Entry in the diagnostics, so I did get that part squared away...
  Windows Firewall is on.
  iTunes is enabled in Windows Firewall.
  Connection attempt to Apple web site was successful.
  Connection attempt to browsing iTunes Store was successful.
  Connection attempt to purchasing from iTunes Store was successful.
  Connection attempt to iPhone activation server was successful.
  Connection attempt to firmware update server was successful.
  Connection attempt to Gracenote server was successful.
  Last successful iTunes Store access was 2013-11-07 17:52:33.
  Still unable to detect the iPhone though.

• I'm on a MacPro, Snow Leopard, 10.6.8 and did software update to safari 5.1.4. Now I can't open Microsoft Word or Skype. I've done repair permissions, restarted. How can I fix ASAP? Wish I could dump this and go back to 5.1.2! Help!

  I'm on a MacPro, Snow Leopard, 10.6.8 and did software update to safari 5.1.4. Now I can't open Microsoft Word or Skype. I've done repair permissions, restarted. How can I fix ASAP? Wish I could dump this and go back to 5.1.2! Help!

  Try this Safari5.1 from the installer package
  http://www.filefactory.com/file/cc9005d/n/Safari.pkg.zip
  The download worked better with Firefox not sure why. At the bottom of the page after the captcha>> slow down load is the Free link,  it took about 4 minutes to download on my test.

• Can anyone tell me where to download Englsih cersion of Bonjour and Apple Software Update. Currenely I   only obtain the Mandarin version and would like to install on my D: drive, rather than default to C. Thanks

  Can anyone tell me where to download English version of Bonjour and Apple Software Update. Currently I
  only obtain the Mandarin version aI am trying to install on my D:\ drive, rather than default to C:\.
  Thanks.

  This would be a better question for the iTunes forums.
  https://discussions.apple.com/community/itunes
  B-rock

• Is there a program or setting that looks for and installs software updates?

  Is there a program or setting that looks for and installs software updates?

  System Preferences > Apps Store
  Enable all those options.

• What are the differences between the Caching and the Software Update Services

  New to working with OS X Server and am confused about the differences between the Caching Service and the Software Update Service...it seems to me that they overlap in that i) the Caching Service updates OS X software, iOS software and any apps purchased from the app store while ii) the Software Update service updates OS X software.
  If the above is correct they why would one run both Services?  I would think that one would run the Caching Service and call it a day!
  And while on the subject, what about caching and pushing third party apps like MS Office?

  Linc Davis wrote:
  The simple answer is that you almost certainly don't need the Software Update service. Just use the Caching service. Neither one works with content that doesn't come from Apple.
  Appreciate the response but could you please explain the difference between the two as that is the one item that remains unanswered.
  Thanks,
  Joel

• In trying to update itunes to version 10.7 I get messages that older versions of "Bonjour" and "Apple Software update" cannot be removed and so the update fails. Itunes works well on my old ipod nano but not on my new ipod touch? Any ideas

  Any ideas as to how I can update an older version of iTunes to at least version 10.7 given the problems I'm having with "bonjour" and the "software update"?

  (1) Download the Windows Installer CleanUp utility installer file (msicuu2.exe) from the following Major Geeks page (use one of the links under the "DOWNLOAD LOCATIONS" thingy on the Major Geeks page):
  http://majorgeeks.com/download.php?det=4459
  (2) Doubleclick the msicuu2.exe file and follow the prompts to install the Windows Installer CleanUp utility. (If you're on a Windows Vista or Windows 7 system and you get aCode 800A0046 error message when doubleclicking the msicuu2.exe file, try instead right-clicking on the msicuu2.exe file and selecting "Run as administrator".)
  (3) In your Start menu click All Programs and then click Windows Install Clean Up. The Windows Installer CleanUp utility window appears, listing software that is currently installed on your computer.
  (4) In the list of programs that appears in CleanUp, select any Apple Software Updateentries and click "Remove", as per the following screenshot:
  Next, select any Bonjour entries and click "Remove", as per the following screenshot:
  (5) Quit out of CleanUp, restart the PC and try another iTunes install using an iTunesSetup.exe (or iTunes64Setup.exe) downloaded from the Apple Website:
  http://www.apple.com/itunes/download/
  Does it go through properly this time?

• As of today, ios 7 is available for Apple devices. I went to settings, then to general, and to software updates, but it says at iOS 6.1.3 my iPad 2 is up to date. How can I download https iOS  7?

  As of today, iOS 7 is available for Apple devices. I went to settings, then to general, and to software updates, but it says at iOS 6.1.3 my iPad 2 is up to date. How can I download https iOS  7?

  Well, now is probably not a good time to try it. The servers are overloaded, and if you look at most of the posts on this site right now, people are getting hung up at various points of their download and activation.
  You need to hook your device up to the computer you sync with and download it via iTunes, or keep checking your device until you see IOS 7 is available.
  But my advice would be to wait - otherwise you are just going to be frustrated, and unable to use your device....
  Cheers,
  GB

• How do I update my iPad2? I don't have iOS 5 but I want the latest and best software update. However, I've plugged into my computer but am unsuccessful. Please help?

  How do I update my iPad2? I don't have iOS 5 but I want the latest and best software update possible. However, I've plugged into my computer but am unsuccessful. Please help, what do I need to do?

  See below.
  http://support.apple.com/kb/HT4972

• HT4623 my iphone 5s is 3 weeks old and a software update put it in recovery and Ive tried restoring it and itunes said that it cannot be restored system error 40

  my iphone 5S is 3 weeks old and a software update put it into recovery mode and I tried to restore it and it can't be restored system error 40, ***?

  https://discussions.apple.com/thread/5347392
  a bit insensitive they named it 40 though