Posts Tagged ‘Patch Management’

You can expire third-party updates that have been invalidated by the product vendor or that have been superseded by other updates. Expired software updates cannot be deployed.

To expire an update:
  1. Within the Configuration Manager Software Library workspace, expand the Software Updates folder and click on Published Third-Party Updates.
  2. Select the updates that you want to expire.1
  3. Click Expire # updates (where # = the number of selected updates).

(more…)

Manually Publishing Third-Party Updates

You can manually publish one or more third-party updates. The updates can be published immediately or be scheduled for publication at some point in the future. The Microsoft Task Scheduler is used to schedule the publication. The publication always runs as a separate task, but can be monitored while it is running.

  1. Within the Configuration Manager Software Library workspace, expand the Software Updates folder and click on Shavlik Patch.1
  2. Enable the Selected check box for each update that you want to publish.
    The Selected check box will be disabled if the latest revision of the update has already been published or has recently been scheduled for publication.
    To locate the desired updates you can:

    1. Use a filter
    2. Use the Group by vendor check box
    3. Sort the columns by clicking in the column headers2 3
  3. Click Publish # updates (where # = the number of selected updates).
    The Publish Selected Updates dialog is displayed.4
  4. Specify when and how you want to publish the update(s).
    Now: The publishing process will begin as soon as you click OK.
    Once: Schedule the publication process to occur at some time in the future.
    Synchronize after publishing selected updates: If you want Configuration Manager to automatically synchronize itself with the WSUS database as part of this task, enable this check box. This will cause an incremental synchronization to be performed. If you do not enable this check box, the published update(s) will not be available until your regularly scheduled synchronization process occurs.
    Run as: Provide the credentials needed to add the publishing task to Microsoft Scheduler.
  5. Click OK.
    The Notice dialog is displayed.5
  6. During the publication process the Published column status will show Scheduled.6
  7. (Optional) Use the Configuration Manager Trace Log Tool to open the AutoPublish.log file and monitor the publication process.
    AutoPublish.log is written by all one-time or recurring scheduled jobs that publish to WSUS.7
  8. When the update is successfully published the Published column status will change to Yes the next time the grid is refreshed.
    Note that the check box in the Selected column will be disabled if the latest revision of an update has been published.
    You can sort the Published column to see the list of updates that have been published, or you can use the *Published filter.8

(more…)

The first time you use the Shavlik Patch add-in the Shavlik Patch Settings dialog will automatically be displayed. You must use this dialog to specify how to connect to your WSUS server and to your Protect Cloud account. You can return to this dialog at any time using the Settings button on the Home tab.

Before we start configuring the Shavlik Patch add-in we have to create the code signing certificate and configure our clients to Allow signed updates from an intranet Microsoft update service location via Group Policy.

Overview of Creating and Distributing Certificate

A code signing certificate is required when using Shavlik Patch with Configuration Manager and WSUS to publish third-party updates. In general, you must:

  1. Create a code signing certificate. You can do this using either an internal Certificate Authority (CA) or your WSUS server. In this series we’ll use an Certificate Authority (CA).
  2. If you use an internal CA to create the code signing certificate, you must import the certificate into WSUS, which you can do using Shavlik Patch.
  3. Export the certificate.
  4. Distribute the code signing certificate to the Trusted Publishers certificate store on all your WSUS servers and to your client machines.

(more…)

In this part we’ll install the Shavlik Patch Configuration Manager Add-in and take a look at what’s added to the Configuration Manager Console.

Installing the Shavlik Patch Configuration Manager Add-in
  1. Using a Web browser, go to: http://www.shavlik.com/downloads/patch/
  2. Click the Shavlik Patch box and download the Shavlik Patch for Configuration Manager 2012 setup file.
  3. Close System Center Configuration Manager Console if open.
  4. Begin the Shavlik Patch installation by double-clicking the file named shavlikpatchsetup.exe.
  5. Select the check box to accept the license agreement and then click Install.1
  6. After the files have been installed the Completed dialog is displayed. Click Finish.2

(more…)

Below you see the requirements for installing and using Shavlik Patch:

(more…)