READ GROUP POLICY CONFIGURATION ONLY YOU CAN ONLY GET WINDOWS UPDATE BUT NOT ENDPOINT UPDATE

 

This is about one branch of Software update under SCCM 2012, I will not mention all the standard procedures of Software Update installation since you can follow this beautiful article from:

http://www.windows-noob.com/forums/index.php?/topic/4467-using-sccm-2012-rc-in-a-lab-part-6-deploying-software-updates/

however I will talk about several things not listed on that article and without those minor changes you wont get your client `s Endpoint protection updated.

1. About WSUS and SCCM 2012 Sychronization,

I found it is impossible to get the updates downloaded into the specified location when you create update packages and after some research I found You can only download those from Microsoft directly other than any location you specified or local update server, in my case it is from a centralized location in education network. So it is funny you can sychronize from one server and still need download from Microsoft.

To chose what you need download and how to download them you need go to:

UPDATE CONFIGURAITON

SCCM Console -> Administration -> Sites-> Configure site components -> Software update point ->

To download update for Endpoint protection ONLY, I choose ->  Classification Tab -> Defination Update and Update, Product Tab -> ForeFront - > Forefront Endpoint Protection 2010,

this will allow you to have Forefront updates downloaded to your SCCM server, however I believe you need also choose windows 8.1 updates but it is not related here.

 

PROXY CONFIGURATION

So if you are using proxy to browsing internet, you need create a agent to download those updates. To do this, go to:

1. SCCM Console -> Administration -> Server and Site System Roles -> Software Update Point (Right Click)-> Proxy and Account Settings -> Check both

2. SCCM Console -> Administration -> Server and Site System Roles -> Site System (Right Click)-> Properties -> Proxy -> here to add your proxy and make sure they are correct.

 

COMPUTER ASSET CONFIGURATION

I am applying this Endpoint protection to all systems however If you want create certain type of OS collection, I will introduce a little here.

For example to create a Windows 8 Auto Incremental Collection you need go to :

Asset and Compliance -> Device Collection -> Create New Collection -> Direct Rule ->

Resource Class : System Resource

Atrribute Name : Operating system name and version

Value : Microsoft Windows NT Workstation 6.3

Enable auto encremental updates : yes

 

So you can have your windows 8.1 collection ready for apply windows 8.1 windows update only

 

 

 

GROUP POLICY CONFIGURATION:

Remeber: there should be no group policy configured for windows update at all, and configure it under client settings.

However, for Endpoint protection you need add the registry of Microsoft update option otherwise you can only get windows update and will not get endpoint update.

To configure windows update, make sure you clear all the settings for WSUS or anyother update solutions you used in GPO before. And let SCCM Client to handle it.

For Endpoint Protection, you need check the "Give me updates for other Microsoft products when i update Windows" under windows update settings, to do this through GPO (actually GPP)

Please read my other article :

http://www.itlei.com.au/index.php/microsoft/active-directory/auto-generate-from-title-17

to check if update is successful or if there are things going on the client, go to :

Client machine -> %SYSTEMROOT%\WindowUpdate.log

 

DEPLOYMENT PACKAGE CREATION:

Software Library-> Software Update -> Automatic Deployment Rules ->  Creat ...->

Software Update Tab -> Product : Forefront Endpoint Protection 2010, Update Classification: Defination update or Updates ,

Evaluation schedule Tab: (Depend on your needs, for me 7 days),

Deployment Schedule Tab : ASAP,

User Experience Tab: Hide in Software Center and all notifications ,

Deployment Package : Create package and make sure it is auto incremental

 

Hopefully those information can get you through. Cheers.

 

 

 

 

About Lei

I am an IT specialist with over 10 year experience - years on Automation, on-Premise or Azure.

I am happy to develop however never want be a full time developer. Only do what I have to do. If it has to be PowerShell,HTML, PHP, CSS, C#, VBS or JS, front end or backend, so be it, doesn't matter!

Spent years with Windows, SCCM, SharePoint, SQL and Exchange servers. For last several years, I have been actively working under On Premise > Azure environment.

THERE IS NO WAY BACK!!!

Current Certificates:
    Microsoft® Certified-
  • -Enterprise Administrator
  • -Database Administrator
  • -SharePoint Administrator
  • -Administering and Deploying SCCM 2012
Red Hat Certified Technician
ITIL V3 Foundation - Practitioner

Working on Azure Certificates now and hopefully they can stop upgrading their questions one day! GIVE ME A BREAK!

Contact Lei

Name *
Email *
Comments *

Traffic since 10/08/2016

Today13
Yesterday83
This week637
This month1933
Total416293

Visitor Info

  • IP: 54.221.73.186
  • Browser: Unknown
  • Browser Version:
  • Operating System: Unknown

Who Is Online

1
Online

2017-12-17

Login