myITforum.com Community Forum myITforum.com Community Forum

Home  Forums  Blogs  Live Support chat  Search Articles  Wiki  FAQ  Email Lists  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Photo Gallery  Member List  Search  Calendars  FAQ  Ticket List  Log Out

All Forums RSS Feed Subscription:


  


SMS and Security Updates

 
View related threads: (in this forum | in all forums)

Logged in as: Guest
  Printable Version
All Forums >> [Management Products] >> Microsoft Systems Management Server >> SMS 2003 >> SMS and Security Updates Page: [1]
Login
Message << Older Topic   Newer Topic >>
SMS and Security Updates - 5/10/2008 5:16:06 PM   
kandyman

 

Posts: 4
Score: 0
Joined: 5/10/2008
Status: offline 		Hi there,

I'm am not an SMS person, so apologies if this is a stupid question.

We're currently running SMS 2003 SP3 in our environment, and looking
to deploy some security updates throughout our infrastructure which
includes x64 and x86.  I've created update packages contained all
hotfixes required and advertised them to out test containers.  The
package installed successfully.  However, after rebooting the target
servers, I ran MBSA and Windows Update against these newly patched
servers and they show around 15 missing updates.  I'll looked into the
package to see if the updates are included, and they are, but it does
not seem to be installing ?  Any ideas why this could be ?  
Many thanks,
Post #: 1
RE: SMS and Security Updates - 5/10/2008 5:23:11 PM   
kpark

 

Posts: 7
Score: 0
Joined: 11/8/2007
Status: offline 		Hi i am quite advanced when it comes to Security patching but like every thing else it's best if your put on the right page a learn it yourself.

you want to look for Invertory Tool for Microsoft Updates (ITMU)
http://technet.microsoft.com/en-us/sms/bb676783.aspx

basically this is a tool that will prepare you sms console up so you can deploy and set up correctly your client report back their status of patch compliance

microsoft release a cab file every 2nd Tuesday of everymonth and your client will compare their compliance against the cab file

let me know how you get on, i can help you further with a documented procedure, but you need to setup your infrastructure first

< Message edited by kpark -- 5/10/2008 5:35:54 PM >

(in reply to kandyman)
Post #: 2
RE: SMS and Security Updates - 5/12/2008 8:54:41 AM   
kandyman

 

Posts: 4
Score: 0
Joined: 5/10/2008
Status: offline 		Hi,

Thanks for the response, the SMS infrastructure has already been setup, ITMU is installed and the current version is 2.5

I believe this is working, as when i go to create a new Software Update Distribution package, the wizard lists all the hotfixes/SP that have been requested by clients.

I've included the hotfixes requested at least once when create my new package, so they should be in the package.

I then created an advertisment for deploying this package, and it deployed to my test machinese successfully. However, when I run an MBSA 2.1 scan or Windows Update scan manually via web, it show approx 15 hotfixes missing, which are included in the package.  Any ideas why ?

(in reply to kpark)
Post #: 3
RE: SMS and Security Updates - 5/12/2008 9:24:41 AM   
phaustein


Posts: 859
Score: 32
Joined: 3/21/2005
From: Washington, DC
Status: offline 		What does the scanwrapper.log and patchinstall.log say? If the patches are applicable they should show in the logs with their status. Without knowing what is in the logs, I would lean toward the fact that the wsusscn2.cab hasn't been updated.  Do you and how often does the scan tool run on the clients?

_____________________________

Hope this helps.
Paul

(in reply to kandyman)
Post #: 4
RE: SMS and Security Updates - 5/12/2008 4:17:22 PM   
kandyman

 

Posts: 4
Score: 0
Joined: 5/10/2008
Status: offline 		phaustein,

I think you could be right in that the wssusscn2.cab is out of date. I've done an search on out SMS server and the file shows a modify date of 12/12/07.  Can you tell me how I can update these file properly ?  I have update this file for MBSA, but I've not used SMS before so any guidence would be much appreciated.

(in reply to phaustein)
Post #: 5
RE: SMS and Security Updates - 5/12/2008 4:49:07 PM   
phaustein


Posts: 859
Score: 32
Joined: 3/21/2005
From: Washington, DC
Status: offline 		You should have a package called "Microsoft Updates Tool" and it should have a program called "Microsoft Updates Tool (expedited)"  You would want to advertise this to your systems.  This will update the wsusscn2.cab on each system, plus it will scan and report compliance of the system.

Here is some articles and a video that you can review that may help you along.
http://technet.microsoft.com/en-us/sms/bb676783.aspx
http://www.microsoft.com/technet/sms/2003/downloads/tools/ITMUvideo.mspx

_____________________________

Hope this helps.
Paul

(in reply to kandyman)
Post #: 6
RE: SMS and Security Updates - 5/12/2008 8:04:57 PM   
kandyman

 

Posts: 4
Score: 0
Joined: 5/10/2008
Status: offline 		I think i'm making progress...our environment was setup by a contractor who has left with little hand over. :(  I've looked into our configuration further, and it seem like the contractor had configured ITMU to download the cab file from D:\IMTU.  I guess this explains why some hotfixes we missing since, we kept downloading the same cab file from D:. Doh!.   Thanks for the help, and i;ll keep you posted on our progress...i need to let the agents run a few night so i get a decent capture of requested hotfix. 

(in reply to phaustein)
Post #: 7
RE: SMS and Security Updates - 5/12/2008 8:12:57 PM   
mserafine

 

Posts: 1659
Score: 157
Joined: 4/7/2003
Status: offline 		Before the clients can receive the latest CAB file, it must be updated on the site server first. This can be automatically done by advertising the "Sync" program to the site server. Otherwise, you can manually download the latest CAB and copy it to the scan package yourself.

Then just update your distribution points with the updated scan tool package, and advertise the "expedited" program to your clients.

The clients' software update status is submitted to the site with hardware inventory, so if you don't advertise the "expedited" program (which forces a HINV cycle after the client is scanned), then you won't receive the updated patch status data until the client's next scheduled HINV cycle.

_____________________________

Mark Serafine | Microsoft Corporation

Management Technologies (SMS, MOM, System Center) Premier Field Engineer | Microsoft Premier Support

(in reply to phaustein)
Post #: 8
Page:   [1]
All Forums >> [Management Products] >> Microsoft Systems Management Server >> SMS 2003 >> SMS and Security Updates Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts



  
Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.359