Updates managed by SCCM 2012 R2

Similar Messages

• Handling of pending reboot, exclusive updates for patch management with SCCM 2012

  Hello,
  Planning to use SCCM 2012, I would like to understand how smart is SCCM 2012 when dealing with specific patch management situation.
  Assuming I have the following:
  - A given server to be patched is missing a lot of updates, several being mutually exclusive. This typical case will require several reboot / patching to properly obtain a server fully up to date.
  - A given server to be patched is in pending reboot state because the local admin installed new software and has not restarted the server yet as requested
  - Those servers have configured maintenance windows of 2 hours during each night. I scheduled a deployment of missing patches authorizing restart.
  --> when the maintenance window will be reached:
  - will the server first be restarted to clean the pending reboot ?
  - will the the server be patched / restarted several times as required to fully meet the updates to be deployed.
  Another scenario on workstation side:
  - can I enforce deployment of updates at a given time, do not automatically restart the workstation during patch deployment, but after deployment schedule a mandatory restart with a countdown if there is a pending reboot... From end-user perspective, it
  would have the following behavior. For instance:
  - patches are automatically installed on Monday at 10 AM
  - as soon as deployment is done, warning message is displayed to ask users to reboot
  - then user has up to 48h to restart his computer by himself. If he does not do it, it will be automatically done after countdown expires.
  --> Can such a scenario be managed by SCCM 2012 ?
  Regards.

  Hi,
  I have a related question about deploying Microsoft Security Updates to workstations via SCCM 2012.  Is there a way to deploy the MS updates to workstations and only suppress reboots for machines with users logged on or locked?  There seems to
  be only 2 different options for reboots, Suppress them all or don't suppress them at all.  We would like SCCM to reboot the machines that are logged off, but suppress the reboot for those that are logged on, while at the same time, provide the user with
  a notification that their machine needs to be rebooted (at their convenience). 
  We've tried applying the Domain GPO "No auto-restart with logged on users for scheduled automatic updates installations" (Enabled) and "Configure Automatic Updates" (Disabled), but the logged on/locked machines still receive the restart countdown with no
  option to postpone or delay.
  This is a show stopper for us since we have an environment where we are absolutely not allowed to reboot a logged on machine.
  For a little background, we are coming from SMS 2003 and the Distribute Software Updates (ITMU) way of deploying MS Updates, where we could always set the program to run "Only when no user is logged on".
  Please tell me there is a way to achieve our desired result.
  Thanks,
  Dan 

• How to find who modified Software Update deployment in sccm 2012

  Hi,
  How to find who modified(Date & Time) software update deployment in SCCM 2012 ?

  In the Console :
  Monitoring / System Status / Status Message Query
  Right Click : "Deployments Created, Modified, or Deleted" - Show Message and select your period.
  You'll have your information there.
  Benoit Lecours | Blog: System Center Dudes

• What client settings for BIOS or MEBx do I need preconfigure for Out Of Band Management in SCCM 2012?

  Hi,
  On the Client:
  What BIOS or MEBx setting do I need preconfigure for Out Of Band Management in SCCM 2012?  
  Or can I remotly configure BIOS or MEBx settings from SCCM 2012 or Intel SCS?
  /SaiTech

  Thanks,
  Now I see, with Intel SCS add-on for SCCM 2012 it will be the most simple solution. Even better than to have Intel scs standalone, that was an complex setup on dhcp and so on...
  Just one thing more, When you configure AD for AMT you have to set a OU. but if you have computers in two ou, I cant see how I can configure that?
  /SaiTech

• Windows 8.1 system with new Office 2013 install not pulling down any Office 2013 updates from my SCCM 2012 SP1 server

  Hi,
  I've just setup a new Windows 8.1 system and added to my SCCM 2012 SP1 server and all is good and it pulled down all the correct Windows updates and pulls down automatically the FEP updates that are distributed from SCCM 2012 daily. 
  I just installed Office 2013 on this system and have activated it as necessary.  The problem is that the system doesn't seem to be pulling down any of the Office 2013 updates that have distributed thru SCCM.  I have other systems with
  Office 2013 installed and they have pulled down Office 2013 updates in the past when I published them.
  If I look at the Office 2013 updates in the SCCM console software section, I can see that for example it shows that Office 2013 SP1 (x86) is needed by one system and installed on 8 other systems and shows as downloaded and deployed.
  I've restarted the new system multiple times and also tried to force a software update check from the Configuration Manager applet but nothing seems to happen.
  What can I check to try and determine what the problem is?
  Thanks in advance,
  Nick

  Yes, the 8.1 system is a member of collection where the update deployment is targeted.
  Are there any specific logs I should check in the client?  If I check the WindowsUpdate.log I can see messages about the machine pulling down the FEP updates but that's all it appears to be doing.
  in CCM\logs, focus on the updatehandler and updatedeployment, to begin with
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Unable to install Cumulative Update 2 for SCCM 2012 R2

  Hi,
  I am trying to install the CU2 update for SCCM 2012 R2 and I am getting the following error during prerequisite checks:
  Server update status: This update applies to product version 5.0.7958. The installed version on this computer is 5.0.7804.1000. This update is not applicable to this computer.
  Console update status: No serviceable configuration manager role was found on the local system.
  Can anyone provide me some guidance or thoughts on how to get to the correct version to install this update?
  Thank you

  You are running 
  ConfigMgr 2012 SP1 – 5.00.7804.1000 - build 7804
  The CU2 you are trying to apply is for SCCM 2012 R2.
  http://www.systemcenterdudes.com/sccm-2012-version-numbers/
  For SP1 the latest CU is CU5 : http://support.microsoft.com/kb/2978017/en-us
  Benoit Lecours | Blog: System Center Dudes

• Disable Automatically Deleted Updates Download on SCCM 2012 with WSUS

  Hi
  I have SCCM 2012 SP1 with WSUS integrated, both are on the same server, I created a structure where I downloaded the updates:
  D:\Wsus\HotfixWinX
  D:\Wsus = The folder where I installed the WSUS role
  HotfixWinX = The folder where I downloaded the hotfix
  When I run "Synchronize Software Updates" the updates downloaded with a time of old age are eliminated automatically, have reviewed the log wsyncmgr and I found this:
  My question is, how can I prevent updates and updates folders to be automatically deleted?
  Thank you.

  This is a fully automated process that only works for expired updates. Do keep in mind that after this specific message the updates still exist in the console. For a very good complete explanation, see:
  http://blogs.technet.com/b/configmgrteam/archive/2012/04/12/software-update-content-cleanup-in-system-center-2012-configuration-manager.aspx
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Windows 8.1 Mobile Device Management and SCCM 2012 R2 - 'Turn on' option missing

  I am trying to test a virtual desktop with SCCM 2012 R2 integrated with Intune. There is no Configuration Manager client on the workstation, the Intune subscription is configured and enabled for Windows enrolment, AD is synchronizing with Intune, DNS has
  the enrolment record added and resolves, the user can logon to Intune from the client using Internet Explorer and the client has had the registry key added with the DiscoveryService  configured to manage.microsoft.com. The problem is that on
  the 8.1 workstation in Workplace Settings the only option is 'Join' and the 'Turn-on' option is missing. How do I get it to appear?

  Yes I am using an activated version of 8.1 Enterprise, it is in a workgroup and I am logged in as a member of the local Administrator's group but not Administrator. I even joined the domain again and then removed it. Still there is only the 'Join'
  option and no 'Turn on' option. This is driving me nuts.

• Client manageability in SCCM 2012

  Hi All
  I am Planning to have test SCCM 2012 environment and for that i need few architecture suggestions. Kindly suggest me on the same so that i can implement an effective infrastructure design.
  Total Number of Clients to Support - 58000
  First Draft version of design consist of 1 Primary Site and 3 Seconadry Sites. Kindly confirm if 1 primary and 3 secondary site will be able to cater 58000 clients. As per my understanding secondary site supports 5000 clients and Primary sites can support
  25000 Clients.
  Also confirm that clients under secondary site will be considered as client of primary site (linit of 25000) or seperately counted (25k +5K).
  Regards
  Regards Suresh

  Kent's book talks about a limitation of 50 000 when using a local SQL server. 
  Kent's book does state this. 
  Note that the Technet article states the following (from the link supplied by John):
  Client group 1 includes Windows Server and client.
  Site type
  Configuration Manager version
  Client group 1
  Client group 2
  Client group 3
  Stand-alone primary site, with a local site database, or a remote site database
  System Center 2012 Configuration Manager with no service pack 1
  100,000
  50,000 4
  25,000
  System Center 2012 Configuration Manager with SP1
  100,000 2
  50,000 4
  25,000
  System Center 2012 R2 Configuration Manager
  100,000 2
  50,000 4
  25,000
  Child primary site with a local site database
  System Center 2012 Configuration Manager with no service pack 1
  50,000
  50,000 4
  25,000
  System Center 2012 Configuration Manager with SP1
  50,000 2
  50,000 4
  25,000
  System Center 2012 R2 Configuration Manager
  50,000 2
  50,000 4
  25,000
  Child primary site with a remote site database
  System Center 2012 Configuration Manager with no service pack 1
  100,000
  50,000 4
  25,000
  System Center 2012 Configuration Manager with SP1
  100,000 2, 3
  50,000 4
  25,000
  System Center 2012 R2 Configuration Manager
  100,000 2, 3
  50,000 4
  25,000
  Secondary site
  Any version 1
  5,000 5
  Cheers
  Paul | sccmentor.wordpress.com

• How to remove the parent-child software update point in sccm 2012 sp1

  I have a CAS , Primary site server(1) and secondary site servers (7). I have software update point installed on CAS, Primary server and Secondary site servers as well.
  I have a situation to reinstall the software update point which is in primary site server.
  So, How to reinstall the software update point in primary site server since this is located in the middle between CAS and secondary site servers.
  So, please suggest me, do I have to do anything special apart from the normal steps to uninstall and reinstall the SUP point on primary site server?
  I have referred few posts on how to remove SUP
  https://social.technet.microsoft.com/Forums/en-US/c7258aad-d968-427b-8826-4829916c14c9/remove-and-re-add-software-update-point-sccm-2012?forum=configmanagersdk
  and how to install SUP
  http://www.windows-noob.com/forums/index.php?/topic/4467-using-sccm-2012-in-a-lab-part-6-deploying-software-updates/

  Hi,
  >> please suggest me, do I have to do anything special apart from the normal steps to uninstall and reinstall the SUP point on primary site server?
  I just tried to reinstall the SUP on the Primary site(only one SUP on Primary site and there is a SUP on Secondary site). The SUP upstream data source of the Secondary site showed empty and greyed out. But the upstream data source resumed after a while.
  It seems nothing special needs to be done.
  Best Regards,
  Joyce
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Install offline update patches on SCCM 2012

  Dear every one,
  Could you help me how to install offline update patches for windows on SCCM 2012?
  Please show me some materials or any link to learn it
  I'm on my way to research and deploy it
  Thanks show much!!!

  Dear Arnavsharma,
  Yes, I mean to talk about MS updates.
  I have read your topic that you show, but my situation is difference
  the first purpose, I built SCCM 2012 to update Definitions for System center Endpoint Protection 2012 through Software update Point. It 's still working normally
  And now, I need to do more tasks with SCCM 2012. I need to deploy some specify offline MS update which locate in Server through SCCM.
  Because, this MS updates has been built reserved for my Company, so it's not available on Micsoft
  Could you help me ?

• Updates Publisher 2011 + SCCM 2012 - no signing certificate every time (Bug?)

  Hello everybody,
  I got a strange problem with the System Center Updates Publisher 2011 which I want to use with SCCM 2012 (SP1).
  Some weeks ago I was able to enable the publishing on the update server (SCUP + SCCM + WSUS are the same machine), to create a self signed certificate and to astablish the connection to the WSUS server.
  Some weeks later the SCUP seems to "forgot" the certificate and the option "Enable publishing to an update server" is disabled.
  If I try to reactivate this option then I can not create a new self signed certificate anymore.
  I get always the "... test connection succeeded. However, no signing certificate was detected ..." dialog.
  I also can not choose the existing certificate (.pfx) file ("No certificate information available").
  Is this a bug?
  Can I deinstall the SCUP completely and create a new certificate again?

  Did you open SCUP as administrator? But Yes, you can reinstall SCUP and create another cert or use the existing cert.
  Kent Agerlund | My blogs: blog.coretech.dk/kea and
  SCUG.dk/ | Twitter:
  @Agerlund | Linkedin: Kent Agerlund |
  Mastering ConfigMgr 2012 The Fundamentals

• Windows 8 Tablet Manage with SCCM 2012

  Hi,
  Does the SCCM 2012 R2 supports managing of Tablet Devices  Windows 8 installed.
  Is there any step-by-step guide or TechNet or MSDN articales ?
  Thanks,

  here's some step by step guides for you, that help you enroll and deploy settings and apps to Windows 8.x devices
  CM12 in a Lab -
  How can I manage modern devices using System Center 2012 R2 Configuration Manager ? - Part 5
  CM12 in a Lab -
  How can I manage modern devices using System Center 2012 R2 Configuration Manager ? - Part 6
  CM12 in a Lab -
  How can I manage modern devices using System Center 2012 R2 Configuration Manager ? - Part 7
  Step by Step Configuration Manager Guides >
  2012 Guides |
  2007 Guides | I'm on Twitter > ncbrady

• How to convert Unmanaged SCEP clients to Managed in SCCM 2012 SP1

  We recently started installing SCEP clients from the .exe and a preconfigured .xml file to client machines in a domain setting.  This was done from a USB drive, going from machine to machine, with a  .bat file.
  This was a stop-gap until we were able to install and configure SCCM 2012 SP1.
  PCs that already had the SCEP client (prior to SCCM coming into production) are showing up as unmanaged.  PCs that have had SCCM install SCEP all are listed as managed.
  I've searched, but have yet to find a definitive answer as to how get the manually installed SCEP clients to register as managed in SCCM.
  AD Domain with WIN 2008 R2 DC, SQL 2012 Standard, SCCM 2012 SP1

  Also, make sure the Endpoint Protection Point is installed properly on SCCM and the Client Setting for SCEP is enabled.
  Juke Chou
  TechNet Community Support

• Best Practice for Expired updates cleanup in SCCM 2012 SP1 R2

  Hello,
  I am looking for assistance in finding a best practice method for dealing with expired updates in SCCM SP1 R2. I have read a blog post: http://blogs.technet.com/b/configmgrteam/archive/2012/04/12/software-update-content-cleanup-in-system-center-2012-configuration-manager.aspx
  I have been led to believe there may be a better method, or a more up to date best practice process in dealing with expired updates.
  On one side I was hoping to keep a software update group intact, to have a history of what was deployed, but also wanting to keep things clean and avoid issues down the road as i used to in 2007 with expired updates.
  Any assistance would be greatly appreciated!
  Thanks,
  Sean

  The best idea is still to remove expired updates from software update groups. The process describes in that post is still how it works. That also means that if you don't remove the expired updates from your software update groups the expired updates will
  still show...
  To automatically remove the expired updates from a software update group, have a look at this script:
  http://www.scconfigmgr.com/2014/11/18/remove-expired-and-superseded-updates-from-a-software-update-group-with-powershell/
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude