Академический Документы
Профессиональный Документы
Культура Документы
Home / System Center / Configuration Manager / Software Update with SCCM PART 3 – Automatic
Deployment Rules
Posted by: Romain Serre in Configuration Manager March 8, 2014 9 Comments 962 Views
In this part I will create an Automatic Deployment Rule to update Windows Server
2012 R2. As a reminder, Automatic Deployment rule enables to create update package
automatically according to some criteria such as release date, classification or
language. The scheduler for creating update package can be fine-grained configured. It
Understand Microsoft Hyper Converged Solution
is possible for example to create update package automatically every second Tuesday
of each month. Once the package is created, it is automatically deployed to deployment
point and servers perform updates on their maintenance period. This update method
should not be used on complex environment as Hyper-V cluster or Exchange
infrastructure. These examples of environment need orchestrator to avoid downtime of
services.
1 of 10 2/22/2016 11:23 AM
Software Update with SCCM PART 3 – Automatic Deployment Rules http://www.tech-coffee.net/software-update-sccm-part-3-automatic-dep...
Backup
Cloud
Azure Stack
Microsoft Azure
Windows Azure Pack
So I create an Automatic Deployment Rule called « Baseline – W2012R2 » with the Patch Tuesday Security
template. The current configuration can be saved as a template at the end. Each time a package is created, SQL Server
SCCM create automatically a new Software Update group. If the other option is chosen, a unique Software Storage
Update Group is created and updates are added to it. That means each time an update package is QNAP
deployed, it will contain all updates even those that are already deployed. For Tuesday patching, I Software-Defined Storage
recommend to create new Software Update Group.
Synology
System Center
Configuration Manager
Data Protection Manager
Virtual Machine Manager
TechEd14
Windows Server
Hyper-V
Archives
Select Month
On deployment settings, specify if you want use Wake-on-LAN (useless on servers because at 99% of the
time there are always switch on). Next select the desire logs detail level and the behavior about license
agreements.
2 of 10 2/22/2016 11:23 AM
Software Update with SCCM PART 3 – Automatic Deployment Rules http://www.tech-coffee.net/software-update-sccm-part-3-automatic-dep...
On software updates screen, set the criteria for choosing the updates that will be added to update package.
In my example I choose updates that match these criteria:
On evaluation schedule, specify when run the rule to make an update package. On my example, I run the
rule every second Wednesday of each month (in France updates are available Wednesday because time
difference).
3 of 10 2/22/2016 11:23 AM
Software Update with SCCM PART 3 – Automatic Deployment Rules http://www.tech-coffee.net/software-update-sccm-part-3-automatic-dep...
On deployment schedule, specify the update package available time and the installation deadline. Mostly
these settings should be configured regarding company security policies.
On user experience screen, set the behavior on clients side. Specify notifications level to display on
Software Center, the behavior when the deadline is reached and you can suppress restart on specific
devices such as server.
4 of 10 2/22/2016 11:23 AM
Software Update with SCCM PART 3 – Automatic Deployment Rules http://www.tech-coffee.net/software-update-sccm-part-3-automatic-dep...
Alerts screen is really useful when Operation Manager monitor IT Infrastructure. It is possible to disable
monitoring on servers that will be updated and generates alerts if an update fails. Also a report can be
generated on Configuration Manager.
Downloads settings screen enables to configure clients’ behavior for downloading when there are on a slow
link (slow site boundaries in SCCM language). For this type of clients, you can specify a fallback distribution
point
On deployment package screen, you create your update package. It is necessary to specify a package
source: this is the path where update binaries are stored. A folder can’t be used for more than one package
5 of 10 2/22/2016 11:23 AM
Software Update with SCCM PART 3 – Automatic Deployment Rules http://www.tech-coffee.net/software-update-sccm-part-3-automatic-dep...
On distribution points screen, specify SCCM distribution points where the deployment package will be sent.
6 of 10 2/22/2016 11:23 AM
Software Update with SCCM PART 3 – Automatic Deployment Rules http://www.tech-coffee.net/software-update-sccm-part-3-automatic-dep...
To finish confirm settings. Note that you can Save as Template your Automatic Deployment rule.
Once your Automatic Deployment Rule is created, it appears in the menu. On the same line, you can see
the last error. Here the rule has run without error.
7 of 10 2/22/2016 11:23 AM
Software Update with SCCM PART 3 – Automatic Deployment Rules http://www.tech-coffee.net/software-update-sccm-part-3-automatic-dep...
After that Automatic Deployment Rule has run, the update package is created and is deployed.
Then Software Center on clients can install updates on maintenance period. Note that you can install
manually updates.
« »
Tagged with: AUTOMATIC DEPLOYMENT RULE SOFTWARE UPDATE POINT SUP
Previous: Next:
SCCM Software Update PART 2 – SCCM Software Update PART 4 –
Software Update Point configuration Create deployment packages manually
SCCM Software Update PART SCCM Software Update PART SCCM Software Update PART
5 – Best practices 4 – Create deployment 2 – Software Update Point
March 10, 2014 packages manually configuration
March 9, 2014 March 7, 2014
8 of 10 2/22/2016 11:23 AM
Software Update with SCCM PART 3 – Automatic Deployment Rules http://www.tech-coffee.net/software-update-sccm-part-3-automatic-dep...
santosh
December 3, 2014 at 12:45 pm
Romain Serre
December 3, 2014 at 5:26 pm
Steve Foster
February 23, 2015 at 10:48 pm
How Granular do you get? For example do you differentiate Itanium, x64, and x86 (for Legacy
OS’s)? Do you create one baseline for each OS? Also, what do your device collections look like? In
other words do you apply the baseline on a per-OS basis, or do you follow a lifecycle of, say, “Lab
–> test –> Production” on an OS by OS basis. Good article — appreciate it
Romain Serre
February 24, 2015 at 11:13 am
Hi Steve,
In automatic deployment rule you can add Itanium, X64 or X86 updates. This will be the target
Operating System that will download and install update regarding its architecture.
I create one baseline for all OS. As above, the target Operating System will download and install
update regarding its version. Next you can create a collection by environment (LAB, VAL, PROD).
Then you play with maintenance windows to apply patch in good order.
Steve Foster
February 24, 2015 at 3:48 pm
Andrew
July 15, 2015 at 4:31 am
If you have the sync schedule for the second Wednesday, sometimes that is before the second
Tuesday so what schedule doesn’t work well – don’t know what the best solution is. Run manually or
use a powershell script?
Romain Serre
July 15, 2015 at 7:43 am
Hi Andrew,
When it is this kind of month, I run the synchronization manually. I think this kind of
month where the second tuesday is after the second wednesday occurs one time per year.
Hubble
November 25, 2015 at 3:37 pm
Will the ADR only make the software available to the device collection based on the Maintenance
window set for that collection. For example, my ADR ran at 9am, and under Deployment Schedule
-> Software available time -> ASAP, but the Maitenance Window on the Collection is set for
9 of 10 2/22/2016 11:23 AM
Software Update with SCCM PART 3 – Automatic Deployment Rules http://www.tech-coffee.net/software-update-sccm-part-3-automatic-dep...
5pm-6pm. Will i see the software in Software center after 9am, or at 5pm?
Romain Serre
November 26, 2015 at 9:23 am
Hi,
From my understanding of maintenance window, it affects only the machine reboot and
the time when the deployment occurs. So in your case, the Automatic Deployment Rule
run at 9AM. SCCM and WSUS checks if there are new available updates related to your
filter and update the Software Update Group. Then the Software Update Group is
distributed to distribution point. Next machines download new updates. To finish, servers
apply updates in the time of the maintenance window and reboot in the time of the
maintenance window (even if you configure ASAP).
Cheers, Romain.
10 of 10 2/22/2016 11:23 AM