Re: Patch management and SMS 2003

From: Kim Oppalfens (kim_at_computacenter.nospam)
Date: 09/06/04 

Date: Mon, 6 Sep 2004 14:55:40 +0200

Inline
In article <uijU4EAlEHA.3520@TK2MSFTNGP11.phx.gbl>,
Peter.nospam@news.com says...
>
>
>
> Hi.
>
> What is "best practices" when implementing patch management using SMS 2003?
> E.g.
>
> -On the SMS 2003 siteserver i will install the SMS SUS Package?
Depends which "SUS package" you are referring to, if you really mean SUS
itself than the answer is no, it might even break some sms server
related stuff (since it runs iislockdown)

If you mean the scan engines than the answer is yes.

> -Can the physical update files be downloaded from an internal SUS server or
> does the updates needs to connect to Microsoft directly for XML downloads
> and patch downloads?
Sms currently can not get its updates from a SUS server.
Sms does not really have to connect to Microsoft "Directly" nothing is
stopping you from downloading the mssecure.cab manually from a different
location put the file on whatever medium you can come up with (flash;
disk; cd; dvd tape; thin air) and copy it to the correct location.

Same thing is possible for the updates.

>
> - How is people "really" doing this stuff?
Just as a general guideline try to come up with a strategy that allows
you to reuse your patch packages. This way you just create one package
and everytime a new patch is available you just add it to the same
package. This eleminates the need of having to recreate advertisements &
collection everytime a patch comes around. (The client is more than
intelligent enough not to install patches that are already installed).

Kim Oppalfens

>
>
> 

-- 
Check out the SMS Technical FAQ:
http://www.microsoft.com/technet/prodtechnol/sms/sms2003/techfaq/default
.mspx

Relevant Pages

  • Re: Patch management and SMS 2003
    ... Have you tried running the Distribute software updates wizard yet? ... This is how you authorize a patch in SMS 2003 (or sms 2.0 with sus ... If you run the wizard first time you will have to create a new package. ...
    (microsoft.public.sms.admin)
  • Re: Deploying SAP patch Through SMS 2003
    ... Thanks for replying, I sure specified the source of the package, which was ... the patch it self in my case. ... and even when i check the SMS ... >> reporting I have a report indicating the failure of the installation. ...
    (microsoft.public.sms.swdist)
  • Re: Microsoft Security Bulletin MS03-049 - Installation problems?
    ... I am applying patches using SUS Feature Pack for SMS. ... choose to install the patch, it will install, but the next day it will be ... code "NT1003" when registering to take the TICSA exam at www.2test.com. ...
    (NT-Bugtraq)
  • SMS 2003 vs SUS
    ... I have a client that has been actively using SUS server to deploy patches. ... We are installing SMS 2003 and they would prefer to use the SUS server for ... Is there a way to add all the updates into SMS that show up in SUS using ... patch installation status for all the machines. ...
    (microsoft.public.sms.admin)
  • Multilingual Setup
    ... can we install the US English SMS Server onto that localised OS? ... Security Patch package for the US/UK, ...
    (microsoft.public.sms.setup)