<p>SCCM SCUP Installation </p><p>SCUP Installation</p><p>Introduction </p><p>This section describes the purpose and audience of this guide. Any terminology or acronyms used in this document will be referenced in the Glossary of the Appendix section. </p><p>Purpose </p><p>This document specifies the SCUP patch management work instructions for the SCCM Delivery Team. </p><p>Scope </p><p>This work instruction applies to the SCCM Delivery Team. This work instruction does not cover tasks which are the responsibility of any other team. </p><p>Overview </p><p>This work instruction follows the steps for SCUP patch management as defined in the Software Management Process Description, see related documents list. </p><p>Intended Audience </p><p>These instructions are intended for SCCM Delivery Team in the normal execution of SCUP patch deployment. </p><p>SCUP requirements </p><p>1. Supported Operating Systems (Windows Vista, Windows 7, Windows Server 2008, Windows 2008 R2, Higher). </p><p>2. Windows Server Update Services (WSUS 2.0 SP2). </p><p>3. .NET Framework 4.0. </p><p>4. Trusted Signing Certificate. </p><p>1Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Installing and Configuring SCUP 2011 </p><p>Installing SCUP 2011 Screen Shot Steps Instructions</p><p>Download and install the WSUS hotfix </p><p>WSUS-KB2530678-x86 or </p><p>WSUS-KB2530678-x64.</p><p> http://support.microsoft.com/?kbid=2530678</p><p>Download and Install </p><p>SystemCenterUpdatesPublisher.msi </p><p> and click Next.</p><p> http://www.microsoft.com/downloads/en/det ails.aspx?FamilyID=083f45ca-1ede-4f7a-be74- 77854c3a9b01&displaylang=en</p><p>Click Next.</p><p>2Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Click Next.</p><p>Accept the license agreement </p><p> and click </p><p>Next.</p><p>Select the installation path </p><p> and click </p><p>OK.</p><p>3Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Click Next.</p><p>Click Finish.</p><p>Configure SCUP 2011 for publishing and ConfigMgr integration </p><p>Screen Shot Steps Instructions</p><p>Start System Center Updates publisher from the start menu -> From the Ribbon -> Options.</p><p>4Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>For installations with a local WSUS: Select Connect to a local update server. For installations with a remote WSUS: Select Connect to a remote update server and type: Name: CM01.LAB.Com Port: 8530</p><p>Click Test Connection and click OK in the dialog.</p><p>In Signing Certificate click Create and OK. Only select this option if you do not have an existing WSUS signing certificate. While WSUS will not generate self-signed certificates by default, it is possible to restore the legacy behavior by setting the following registry key: HKEY_LOCAL_MACHINE\Software\Micr osoft\Update Services\Server\Setup\ Create DWORD value: EnableSelfSignedCertificates = 1</p><p>5Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Click ConfigMgr Server.</p><p>Click OK.</p><p>Export the Certificate </p><p>Screen Shot Steps Instructions</p><p>Next you'll need to import the certificate into Trusted Publisher and Trusted Root Publishers.</p><p>Select Start -> Run -> type MMC</p><p>6Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Click Ctrl+M -> click Add to add a snap-in to the console. </p><p>Select Certificates -> click Add. </p><p>Select Computer account and click Next.</p><p>7Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Click Finish</p><p>Click Add and Close to return to the MMC with Certificate snap-in</p><p>Click OK.</p><p>Select Certificates, WSUS, Certificates.</p><p>Right click the WSUS Publisher Self- signed certificate -> select Copy.</p><p>8Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Select Certificates, Trusted Root certification Authorities, Certificates. Right click and select Paste.</p><p>Select Certificates, Trusted Publishers, Certificates. Right click and select Paste. Notice, the certificate must also be imported on the Configuration Manager server. If the server is on a remote host, export the certificate and import it on the Configuration Manager server. Next export the certificate so it can be deployed using a ConfigMgr. Package. Right click the certificate, select All Tasks, Export.</p><p>Click Next.</p><p>9Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Click Next.</p><p>Click Next.</p><p>I export the certificate to a folder containing Certutil.exe and Certadm.dll.</p><p>In this example the WSUS certificate is called SCUPCertificate2011.cer For more information about certutil.exe check </p><p> http://technet.microsoft.com/en- us/library/cc732443(WS.10).aspx Click Next.</p><p>10Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Click Finish.</p><p>Create the Group Policy </p><p>Screen Shot Steps Instructions</p><p>In this example I create a new group policy at the domain level. Open Group Policy Management console.</p><p>11Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Right click the Domain and select Create a GPO in this domain, and link it here</p><p>Type SCUPCertificate as the name and click OK.</p><p>Right click the SCUPCertificate policy and select Edit.</p><p>12Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Navigate to</p><p>Computer Configuration, Administrative Templates, Windows Components, Windows Update</p><p>Right click Allow signed content from intranet Microsoft update service location and select Edit.</p><p>Select Enabled, click OK and close the group policy.</p><p>Deploy SCUP Certificate using ConfigMgr </p><p>Screen Shot Steps Instructions</p><p>13Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Open the Configuration Manager console and navigate to the Software Library workspace.</p><p>Select Application Management, Packages and click Create Package on the Ribbon.</p><p>Create a new package with these settings and click Next</p><p>Name: SCUP 2011 Certificate</p><p>Source Files: </p><p>\\CM01.LAB.Com\Package Sources$\SCUP Certificate</p><p>14Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Select program for computers and click Next</p><p>Create a program with these settings and click Next.</p><p>Name: Install</p><p>Command line: certutil.exe – addstore TrustedPublisher SCUPCertificate2011.cer</p><p>Program can run: Whether or not a user is logged on</p><p>Click Next and finish the creation.</p><p>15Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Click Next.</p><p>Click Close.</p><p>Select the SCUP Certificate package and click Distribute Content on the Ribbon.</p><p>16Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Click Next.</p><p>Click Add and select the DP or DP Group. Click Next.</p><p>Click Next.</p><p>17Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Click Close.</p><p>Select the SCUP Certificate package and click Deploy on the Ribbon.</p><p>Select the Install SCUP Certificate program and deploy that to the All Desktop and Server Clients collection. Click Next.</p><p>18Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Click Next. </p><p>Configure the deployment purpose</p><p> to Required and click Next.</p><p>Schedule the application to be</p><p> available now and configure the</p><p> assignment to be mandatory As</p><p> soon as possible.</p><p>Click Next.</p><p>19Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Click Next.</p><p>Click Next.</p><p>Click Next.</p><p>20Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Click Close.</p><p>Ensure the deployment success status.</p><p>21Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Publish Updates</p><p>Importing Partner Catalogs </p><p>Screen Shot Steps Instructions</p><p>Select the Catalog workspace.</p><p>Select Add Catalogs. SCUP will </p><p> now detect any free partner </p><p> catalogs that are not already </p><p> added.</p><p>Select the Updates workspace and click Import.</p><p>22Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Select the catalogs and click Next. </p><p>During the import process, SCUP will prompt to accept the Certificate for each vendor.</p><p>Click Next.</p><p>Click Accept.</p><p>23Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Click Close.</p><p>Importing Custom Catalogs </p><p>Screen Shot Steps Instructions</p><p>Select the Catalog </p><p> workspace and click Add.</p><p>24Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Fill in the catalog information and click OK.</p><p>Alerts will automatically be raised whenever there is a change in one or more of the catalogs.</p><p>Click Import and select the</p><p> newly updated catalogs.</p><p>Publish Updates </p><p>Updates can be published with three different flags: 1. Full Content: This will download the binaries and make them available for a deployment in Configuration Manager. 2. Metadata only: Will only download metadata and is suitable when you only want to track compliance. 3. Automatic: Will only download metadata but might download the complete set of binaries if any configuration manager clients are requesting the update. This setting requires that you have configured the ConfigMgr Integration. This method will force SCUP to query Configuration manager for clients requesting the updates. If none are requesting an update only metadata will be published otherwise it will be full content. The automatic rule works very well together will publications. </p><p>25Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Working with Publications </p><p>Publications are a new feature in SCUP 2011. It allows you to logically group published updates. Publications can be created based on Vendors, periods or what-ever make sense in your environment. The main benefit of working with Publications is overview. You can easily see which updates you have published. In my example I will add all needed updates to a publication and finally publish that. I will create a publication based on Quarters (that make sense in my environment). </p><p>Screen Shot Steps Instructions</p><p>Open SCUP 2011, select the Updates workspace. Find the update(s) you want to publish and click Assign.</p><p>Select the publication type, in this example I’m using Full Content. Type a name for the Publication and click OK. In my example I’m typing 2016-03. Click OK. You can add multiple updates into the same publication.</p><p>26Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Navigate to the Publication workspace</p><p>Select the publication and click Publish.</p><p>Click Next.</p><p>27Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Click Next.</p><p>Click Close.</p><p>28Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>The updates will now be published to WSUS. You can monitor the activity by reading the Scup.log file found in the %temp% folder.</p><p>Updates will become available in Configuration Manager next time ConfigMgr. Synchronizes content with WSUS. In this example I have created an Update Group in Configuration Manager 2012 with updates that are now ready for deployment.</p><p>29Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Author Updates </p><p>Before you start author any update you will need to do some detective work. You need to figure out: 1. A way to download patch, either vendor site or local file server 2. A method to detect whether a given updates is required or not. 3. A method to detect that you successfully deployed the update. 4. Figure out the command line to do a silent installation. 5. Find the vendor website that contains information about the update. </p><p>In this example I will deploy Java 6 update 25 x86. I have already downloaded the update to a local file share. \\CM01.LAB.Com\Packages Sources$\JavaUpdate25\Jr3-6u25-windows-i586.exe </p><p>To detect if a previous version of java is installed I will query these registry keys: </p><p>1. Must exist: HKLM\Software\Java soft\Java Runtime Environment\1.6 2. Must not exist: HKLM\Software\Java soft\Java Runtime Environment\1.6.0_25 </p><p>To verify that the installation was successful I will query this registry key </p><p>1. Must exist: HKLM\Software\Java soft\Java Runtime Environment\1.6.0_25 </p><p>Screen Shot Steps Instructions</p><p>Open the SCUP 2011 console and navigate to the Updates workspace. Create folder by using the Ribbon. In this example my folder is called Oracle</p><p>Click Create, Software Update on the Ribbon</p><p>30Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>In Package Source click Browse and navigate to: jre-6u25-windows-i586.exe. In download URL (or UNC) type the UNC path to the file: \\sccm4\sccm_sources$\Software\JavaUpd25\ jre-6u25-windows-i586.exe Binary language (in my example is English) English Command line: /s "IEXPLORER=1 MOZILLA=1" /quiet Click Next.</p><p>In Language select: English </p><p>In Title type: SUN Java 6 Update 25 </p><p>In Description type something meaningful like what are being fixed by this update.</p><p>In Classification select: Security </p><p>In Vendor type: Oracle </p><p>In Product type: SUN Java </p><p>More Info URL type: http://www.oracle.com/technetwork/java/java se/6u25releasenotes-356444.html </p><p>Click Next.</p><p>31Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>On the Optional information page you can type the official Update information, is none is provided I suggest you invent a naming standard for the different vendors.</p><p>Bulletin ID:SUNJAVA6UPD25 </p><p>Article ID: QSUNJAVA6UPD25 </p><p>Support URL: http://www.oracle.com/technetwork/java/java se/overview/index.html Severity: None Specified Impact: Normal Restart Behavior: Can request reboot Click Next</p><p>On the prerequisites page click Next.</p><p>32Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>On the Supersedence page you can select </p><p> any older version that is being superseded </p><p> with this update. It requires that the older </p><p> update is also present in the catalog. In my</p><p> example, this is the first Java update in the </p><p> catalog, click Next.</p><p>On the Installable rules page you will type in </p><p> whatever information you have to detect a </p><p> previous installed version. </p><p>Click the Yellow star icon.</p><p>Rule Type select: Registry </p><p>Sub key type: Software\Java soft\Java </p><p>Runtime Environment\1.6 </p><p>This registry key is for a 32 bit application on a </p><p>64-bit system: Enabled </p><p>Click OK.</p><p>33Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Click the Yellow icon and create a new rule </p><p>Rule Type select: Registry </p><p>Sub key type: Software\Java soft\Java Runtime Environment\1.6.0_25 </p><p>This registry key is for a 32 bit application on a 64-bit </p><p> system: Enabled </p><p>Click OK.</p><p>Highlight the last rule and press Alt+G or click the Not icon. </p><p>Click Next.</p><p>On the Installed rules page you will type in whatever information you have to detect that this new update is successfully installed. Click the Yellow icon to create a new rule. Rule Type select: Registry Sub key type: Software\Java soft\Java Runtime Environment\1.6.0_25 This registry key is for a 32 bit application on a 64- bit system: Enabled Click OK. </p><p>34Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Click Next. </p><p>Click Next. </p><p>35Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Click Close. </p><p>Click Publish on the Ribbon, select Full </p><p>Content and click Next. </p><p>Click Next. </p><p>36Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Click Close. The update will now become available in System Center Essentials or Configuration Manager after the next software update synchronization process. </p><p>The installation progress, preparing – installing – installed. </p><p>Status : Installing </p><p>Status : Installed</p><p>Java 6 update 25 is installed. </p><p>37Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Using Rules to author updates </p><p>Rules are like templates, objects you create to ensure consistency and because you’re a mix of being smart and lazy. In this example I will create a rule that I can use every time I need to create a new Java Update 1.6.XX Screen Shot Steps Instructions</p><p>Open the SCUP 2011 console and navigate to the Rules workspace.</p><p>Click Create on the Ribbon and assign a name like SUN Java 1.6 X86 </p><p>Click the Yellow star icon and create a new rule. Rule Type select: Registry Sub key type: Software\Java soft\Java Runtime Environment\1.6 This registry key is for a 32 bit application on a 64-bit system: Enabled Click OK </p><p>38Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>Click the Yellow icon and create a new rule Rule Type select: Registry Sub key type: Software\Java soft\Java Runtime Environment\1.6.0_XX This registry key is for a 32 bit application on a 64-bit system: Enabled Click OK </p><p>Highlight the last rule and press Alt+G </p><p> or click the Not icon. </p><p>Click Next. </p><p>39Prepared By : N. Ramu Rao Document Version No : 1.00 SCCM SCUP Installation </p><p>You can now use the rule in when </p><p> authoring any update. In the rule </p><p> editor you can select Rule type: </p><p>Saved Rule. </p><p>Select the rule and click OK. </p><p>You can edit the rules, in this example I will change the Not rule from Software\Java soft\Java Runtime Environment\1.6.0_XX To Software\Java soft\Java Runtime Environment\1.6.0_26 By doing so, I have in a few easy steps, created a rule that can be used when installing the SUN Java Update 26 </p><p>40Prepared By : N. Ramu Rao Document Version No : 1.00</p>
File Typepdf
Upload Time-
Content LanguagesEnglish
Upload UserAnonymous/Not logged-in
File Pages40 Page
File Size-