locked
Update a new installed machine with SCCM 2012 RRS feed

  • Question

  • Hi

    I'm using SCCM 2012 to deploy patch to my clients, but not commonly, we have to install client machines from the scratch and a great problem is patching those new machines.

    So, is there a way to send these patches that we have in our SCCM to these new machines? instead of using Windows Update (our bandwith is limited)

    I know that using image will be the best way to solve this, but for this moment we need to solve this in this way because not all the equipment have a PXE Nic, also the machines are not in our high speed lan...

    Thanks


    Doc MX

    Tuesday, September 11, 2012 9:06 PM

Answers

  • There are three basics:

    1. You need to have a Software Update Deployment, with a deadline in the past; I also suggest a Deployment where you "override Maintenance Windows".  That deployment would contain all of the patches that you want newly imaged machines to get.

    2. Create a collection; this collection will be the target for this deployment.  Have this collection update frequently; maybe every day? or even more frequent.  This collection contains a query similar to this:
    select SMS_R_SYSTEM.ResourceID
    from SMS_R_SYSTEM
    join sms_statusmessage on sms_r_system.Netbios_name0=sms_statusmessage.machinename
    where sms_statusmessage.messageid = '10800'
    and datediff (DD,sms_statusmessage.time, GetDate()) < 2
    and SMS_R_SYSTEM.OperatingSystemNameandVersion in ("Microsoft Windows NT Workstation 6.1")

    what that would do is show you machines, where within the last 2 days they have submitted a status messageid of 10800 (which means--I just installed the client, hello!) and it's Windows 7.

    3. You may also want to assign Custom Client Agent Settings to this collection as well; i.e., give it more frequent Software Update Scan and Software Update Deployment schedules, instead of every Friday--you have it scan and re-eval every hour; but only if the computers are in that collection.

    What should happen then... is as within a few minutes of the 10800 status message ID, a client shows up in that collection.  Upon policy refresh, it will deserve the custom client agent settings to frequently scan and frequently re-eval, and you have a deployment policy to that collection as well.  So within 5-15 minutes, it should start to get anything it is missing (that you have in the deployment).  2 days later, since the 10800 message is now 2 days old, that machine will drop out of that collection, and no longer deserve the frequent re-evals, nor that override Maint. Window Deployment.

    Anyway... that's the theory.  Try it and see how it works out.

    Caveats: because it is statusmesageid 10800; that "could" also come from troubleshooting where perhaps you are reinstalling a broken client.  Just something to keep in mind.


    Standardize. Simplify. Automate.


    • Edited by Sherry Kissinger Tuesday, September 11, 2012 10:46 PM
    • Marked as answer by DocMX Tuesday, September 18, 2012 4:26 PM
    Tuesday, September 11, 2012 10:46 PM

All replies

  • If you install the sccm client, you can patch those also with sccm.

    Tuesday, September 11, 2012 10:20 PM
  • Yes, this new machine is already a client in my SCCM, but how can I deploy all the patches to that machine inmediately withtout wait for the next patch update cycle (every friday).

    Doc MX

    Tuesday, September 11, 2012 10:24 PM
  • There are three basics:

    1. You need to have a Software Update Deployment, with a deadline in the past; I also suggest a Deployment where you "override Maintenance Windows".  That deployment would contain all of the patches that you want newly imaged machines to get.

    2. Create a collection; this collection will be the target for this deployment.  Have this collection update frequently; maybe every day? or even more frequent.  This collection contains a query similar to this:
    select SMS_R_SYSTEM.ResourceID
    from SMS_R_SYSTEM
    join sms_statusmessage on sms_r_system.Netbios_name0=sms_statusmessage.machinename
    where sms_statusmessage.messageid = '10800'
    and datediff (DD,sms_statusmessage.time, GetDate()) < 2
    and SMS_R_SYSTEM.OperatingSystemNameandVersion in ("Microsoft Windows NT Workstation 6.1")

    what that would do is show you machines, where within the last 2 days they have submitted a status messageid of 10800 (which means--I just installed the client, hello!) and it's Windows 7.

    3. You may also want to assign Custom Client Agent Settings to this collection as well; i.e., give it more frequent Software Update Scan and Software Update Deployment schedules, instead of every Friday--you have it scan and re-eval every hour; but only if the computers are in that collection.

    What should happen then... is as within a few minutes of the 10800 status message ID, a client shows up in that collection.  Upon policy refresh, it will deserve the custom client agent settings to frequently scan and frequently re-eval, and you have a deployment policy to that collection as well.  So within 5-15 minutes, it should start to get anything it is missing (that you have in the deployment).  2 days later, since the 10800 message is now 2 days old, that machine will drop out of that collection, and no longer deserve the frequent re-evals, nor that override Maint. Window Deployment.

    Anyway... that's the theory.  Try it and see how it works out.

    Caveats: because it is statusmesageid 10800; that "could" also come from troubleshooting where perhaps you are reinstalling a broken client.  Just something to keep in mind.


    Standardize. Simplify. Automate.


    • Edited by Sherry Kissinger Tuesday, September 11, 2012 10:46 PM
    • Marked as answer by DocMX Tuesday, September 18, 2012 4:26 PM
    Tuesday, September 11, 2012 10:46 PM
  • Hi

    1.- I tried to use a deadline in the past and the wizard never let me continue... sould I have to do with ADR?

    2.- The query runs spectacular thanks a lot, is there a place where to find more examples like yours?

    3.- I done a collection and assigned more frequently scan, I'll tell you the results.

    Thanks


    Doc MX

    Wednesday, September 12, 2012 8:18 PM
  • after you are done with the wizard; where you set the deadline to be "this minute"; in a few minutes it will be in the past.  :)  All I meant by that was that it has to have a deadline, and that deadline shouldn't be in the future--so that any machine that deserves that deployment knows to install whatever it is missing as soon as it can download the bits.

    finding more examples:  collection query examples are here, on the cm07 technet forum, and on myitforum.  It's not hard to find collection or sql queries--any good search engine will take you to one.  The problem is knowing what to ask in the search window.  :)


    Standardize. Simplify. Automate.

    Wednesday, September 12, 2012 10:46 PM
  • Hi

    With the 3 basics works very well, just I need to frine tunning for x32 bits.

    Thanks it works.


    Doc MX

    Tuesday, September 18, 2012 4:26 PM