How I do Patch Management using ITMU

Posted Thursday, January 04, 2007 12:44 PM by jhuston

Of the different styles of managing patches, I use a method that creates targeted packages based on product or operating system being updated.  There is typically one package per month with the monthly packages being rolled up into a single large annual package after a couple of months.

Further, I use targeted collections that individual target systems based on what environment they are in and whether they are a workstation or a server.  This can generate a whopping number of collections and advertisements.  How do I do this and maintain my sanity?  Simple.  SMS automation.

For an overview of our environment, see the BMGF SMS Environment Backgrounder in the linked ZIP file.  This should give you a general idea of how I have things organized.

Take a look at our documented procedure for deploying patches and you'll see what we do (also in the ZIP).  This procedure references a few scripts (that do most of the heavy lifting) which are located in the linked ZIP file. 

 UPDATE

The documentation references a report used to locate recently added patches.  Here is that report.  Save the below as RecentPatches.mof and import it into your SMS site.

// *********************************************************************************
//
//		Created by SMS Export object wizard
//
//		Thursday, January 04, 2007 created
//
//		File Name: RecentPatches.mof
//
// Comments :
//
//
// *********************************************************************************


// ***** Class : SMS_Report *****
[SecurityVerbs(140551)]
instance of SMS_Report
{
	Category = "Software Update - Compliance";
	Comment = "List of patches available in the last 45 days";
	GraphXCol = 1;
	GraphYCol = 2;
	MachineDetail = FALSE;
	MachineSource = FALSE;
	Name = "Recently Added Patches";
	NumPrompts = 0;
	RefreshInterval = 0;
	
	SecurityKey = "";
	SQLQuery = "select distinct 
\n  aus.ID, aus.QNumbers, aus.Title, aus.Product, aus.Counts as 'Estimated Applicable Count', aus.InstalledCounts as 'Estimated Installed Count', aus.DateRevised, aus.RevisionNumber, aus.TimeAuthorized,
\n  case when aus.ID = 'None' then '' else 'http://www.microsoft.com/technet/security/bulletin/' + aus.ID + '.mspx' end as 'Bulletin',
\n  case when aus.QNumbers = 'None' then '' else
\n  'http://support.microsoft.com/kb/' + aus.Qnumbers end as 'KB'
\nfrom v_ApplicableUpdatesSummaryEx aus where
\n  aus.DateRevised > DateAdd(dd,-45,GetDate())
\n  and aus.Type = 'Microsoft Update'
\n--  and aus.Product not in ('Windows Server 2003, Datacenter Edition')
\norder by
\n  aus.DateRevised desc";
	StatusMessageDetailSource = FALSE;
};
// ***** End *****

 


        

        

            	
                                    
            
Filed under: , , , , 

        
    
    

    
    
            
                    
                    
Comments

                    

                
                    

			            

				            #
				            Page about ITMU and SMS Automation
			            

			            

			                Thursday, January 04, 2007 3:59 PM
			                by Jeff Huston at myITforum.com
			                
			                    
                            
                        
			
		                

		                    
I've posted a page up here that details how I do ITMU deployments. Take a look. Most of the nitty-gritty