Wednesday, July 3, 2013

ITMU 3 – deploying patches with SMS 2003 SP3


Courtesy link: http://www.gfisk.com/itmu-3-deploying-patches-with-sms-2003-sp3/
My Patch process using ITMU v3 and SMS 2003
I’m patching desktops only and my process accommodates a business requirement to patch machines but not force a reboot for 4 days. Due to this requirement I patch like so:
  1. Install patches use SMS Notification of the need to reboot. About 65-70% of users reboot within 1 business day.
  2. Notification Nag continues for 4 days from install
  3. Use ITMU to force a reboot at 5pm on the 4th day
Patching details
  1. Microsoft Updates Tool Sync- Downloads the latest Windows Update Catalog on Patch Tuesday
    • Advertisment schedule for every Tuesday @ 3pm and 11pm. 3pm for normal MS patch release and 11pm to catch when they are a little late.
    • Confirm ‘wsusscn2.cab’ has a current time stamp: \Program Files\Microsoft Updates Inventory Tool\PkgSource
  2. Microsoft Updates Tool- Distributes the above Windows Update Catalog to clients and scans for status
    • Advertised to run daily at 4am
  3. Create Patch Packages - * See details below
    • I create per OS packages to limit download size for field/VPN and slow link clients
  1. Create Patch Advertisements- * See details below
    • Set to run daily
    • Download if no local
  2. Test - Wednesday through Friday
    • Did I screw anything up test – Local on 3 OS’es in my lab to ensure packages and advertisements are all functional
    • Real testing – deploy to field and office machines on all OS’es. I use IT and a set group of customers that use a variety of apps and connectivity scenarios.
  3. Deploy
    • Friday afternoon
    • Send out per OS Advertisements scheduled to run Sunday morning at 6am recurring daily
  4. Reboot - 3rd Wednesday
    • Update the patch packages to force a reboot for anyone who hasn’t
  5. Monitor Compliance
    • Using the above process I generally get 65-70% compliance by end fo day monday with another 30% pending reboot
    • After 4 days and the Wednesday forced reboot complaince is around 90%
    • Over the next week I monitor as field users and offline boxes connect and bring complaince above 95+%

Creating Patch Packages

Command line switches for Patchinstall.exe http://www.myitforum.com/articles/8/view.asp?id=8052
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)