Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Integrating Systems Management Server 2003 into Patch Management Processes (part 1) - Extending SMS 2003 Functionality for Software Updates

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
8/6/2013 9:28:12 AM

Although no technology solution can automate a patch management process completely, a well-rounded patch management infrastructure can certainly help the patch management team by automating many of the routine tasks. SMS 2003 is an extremely flexible tool, and you can easily integrate it into patch management processes, including the Microsoft-recommended four-phase patch management process described earlier in this chapter. SMS 2003 was designed to be extensible to accommodate the changing patch management and software update needs of organizations.

1. Extending SMS 2003 Functionality for Software Updates

In response to customers’ patch management needs, Microsoft released the Software Update Services (SUS) feature pack for SMS 2.0. Much of the functionality of the feature pack has been updated and incorporated into SMS 2003, and new features have been added. You can download the Software Update Scanning Tools for SMS 2003 from Microsoft’s SMS Web site (http://www.microsoft.com/smserver/downloads/2003/default.asp) to extend the product’s functionality. You can also start the SMS Administrator Console, right-click the Software Updates node, select All Tasks, and then select the Download Inventory Scanning Programs option. Currently, two tools exist: the Security Update Inventory Tool, to scan for missing system software updates, and the Microsoft Office Inventory Tool for Updates, to scan for missing Microsoft Office software updates. Microsoft might add more, and ISVs can extend the functionality of SMS 2003 by writing their own. Once they’re installed and configured, you can use these tools with SMS 2003 to help automate parts of a patch management process.

Installing the Update Inventory Tools

Installing the Systems Management Server 2003 Software Update Scanning Tools is relatively simple. Once downloaded and unpacked, there should be two installation executables, called OfficePatch_XXX.exe and SecurityPatch_XXX.exe, where XXX is the language identifier for the executable. Each should be run in turn to install the extensions to SMS 2003. During installation the user will be asked to accept a license agreement; select an installation folder (by default, C:\Program Files\OfficePatch and C:\Program Files\SecurityPatch for the Microsoft Office Inventory Tool for Updates and the Security Update Inventory Tool, respectively); download and install the latest database or catalog of updates from Microsoft’s Web site; and create the collections, packages, and advertisements necessary for clients to distribute and run the inventory tools. You’re required to enter the name used to identify the package in a dialog box during installation, as shown in Figure 1.

Figure 1. Distribution Settings dialog box during inventory tool installation and setup.


You’re asked whether you wish to retrieve new versions of the database (Office or Security) of software updates automatically. If the answer is yes, you can enter the name of system on which to run the retrieval task. By default, the name is the local server’s name. A system that fetches database updates automatically must have Internet connectivity and will fetch updates only when a user with the correct permissions is logged on. As an alternative, you can periodically download and install the Security Patch Bulletin Catalog in MSSecure.XML for Security Updates and Microsoft Office Update Database in Invcif.exe for Office Updates and manually place them into the installation folders for the Security Update Inventory Tool and the Microsoft Office Inventory Tool for Updates, respectively.

Lastly, you’re asked for the name of an existing SMS client onto which the inventory tools can be installed and tested. Although a name must be supplied before installation can proceed, any name can be entered, including one for a system that doesn’t exist yet (this is useful when you’re building out an environment or when you’re unsure which system to use).

As part of the installation process, the inventory tools extend SMS 2003 by creating collections, packages, and advertisements. By default, both the Microsoft Office Inventory Tool for Updates and the Security Update Inventory Tool add three collections, a package with three programs, and two advertisements each. The three collections added are used to specify the IT assets in the production environment that will receive advertisements of the packages containing the inventory tools; to specify the IT assets in a preproduction environment that can be used for testing updates (this is the collection into which the SMS client computer named during installation of the update tools is placed); and to specify the host system, called a sync host, that will be responsible for collecting the catalogs of updates and other information from Microsoft’s Web site. Figure 2 shows collections added with the prefix MS Office Updates and MS Security Updates, as these were the names specified when prompted for a package name during installation of the inventory tools.

Figure 2. Collections added to SMS 2003 by the Microsoft Office Inventory Tool for Updates and the Security Update Inventory Tool.

The package created by each of the inventory tools installation programs contains three programs (as shown in Figure 3). The first two programs are used to deploy the update scanning tools to SMS clients. As the name suggests, the program marked Expedited is used to run the program in such a fashion that information from the client is made accessible to the SMS site server in an expedited manner. It’s not recommended that this be used on production systems for performance reasons, and its use should be limited to test environments. The third program is used to synchronize the database of available Security or Office software updates from Microsoft’s Web site with the local copy by downloading the latest revision of the database. Perhaps confusingly, the command executed by both the Office Update Inventory Tool’s Sync program and the Security Update Inventory Tool’s Sync program is called SyncXML.exe, but these are different programs and each can be found in the respective installation folder for each tool.

Figure 3. Packages added to SMS 2003 by the Microsoft Office Inventory Tool for Updates and the Security Update Inventory Tool.

Lastly, the inventory tools installation programs create two advertisements each (as shown in Figure 4). One advertisement is used to inform clients of the program’s availability to run the update inventory tools in the corresponding package, and the other is used to kick off the synchronization of the database of updates. The advertisements are installed with a default schedule that should be tuned to the organization’s needs.

Figure 4. Advertisements added to SMS 2003 by the Microsoft Office Inventory Tool for Updates and the Security Update Inventory Tool.

Testing the Update Inventory Tools

Once the inventory tools have been successfully installed onto the SMS site server, you should test them. You can do this in several ways. The simplest is to create a new advertisement for the expedited scan program in the Security or Office inventory package you wish to test, as shown in Figure 5.

Figure 5. Creating a new advertisement to test the installation of the inventory tools.


When selecting a collection to advertise the inventory tools package to, select the preproduction environment as it should be prepopulated with the name of the SMS client you specified during installation of the inventory tool you’re testing. If you specified a system that doesn’t exist during installation, if it has since been removed, or if you want to test the tools across more than one client, you can add systems manually to the collection for testing purposes and then remove them later. Do not specify a production collection in this dialog box, as the expedited program setting can cause problems when run on large numbers of hosts.

To check that a client picked up the advertisement and that the scan tools have run, you can use the Resource Explorer to check the Software Updates node under the Hardware node for an SMS client in the collection that that advertisement was made available to, as shown in Figure 6. Software Updates listed under the Hardware node, which are the results of the scan performed by the Update Inventory Tools, are stored as instances of a Windows Management Instrumentation (WMI) class called Win32_Patchstate. Instances of this class are collected and propagated to the SMS site server using the Hardware Inventory Client Agent, where they’re collated and processed to give site-level views of the information.

Figure 6. Resource Explorer view of the Software Updates node on an SMS client computer.
Other -----------------
- Microsoft Lync Server 2010 : Planning for Deploying External Services - Edge Server Preparation
- Microsoft Lync Server 2010 : Planning for Voice Deployment - Devices, Response Groups
- Sharepoint 2013 : Expanding My Tasks settings
- Sharepoint 2013 : Using SkyDrive Pro, Using the timeline feature for tasks, Mentioning a colleague feature
- Sharepoint 2013 : Adding a thumbnail to a video
- Exchange Server 2007 : Using OWA Mail Features (part 3)
- Exchange Server 2007 : Using OWA Mail Features (part 2)
- Exchange Server 2007 : Using OWA Mail Features (part 1)
- Windows Server 2012 Group Policies and Policy Management : Policy Management Tools (part 2)
- Windows Server 2012 Group Policies and Policy Management : Policy Management Tools (part 1)
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server