SCCM Patch Management Process with WSUS and SUP

I have recorded this video more than a year back and I don’t have audio explanation in this video. But this video covers end to end Software update or SCCM Patching Process for IT Admins. If you are new to SCCM and wanted to understand the SCCM patch management Process, then this video is your starting point.

Unlike other deployment types, software updates are all downloaded to the client cache. This is regardless of the maximum cache size setting on the client.

High-Level Process of SCCM Patch Management

  • Install WSUS
  • Install SUP & verify Installation log files
  • Software Update Component Configuration – Classifications/Products
  • Software Update Sync – Log file WsyncMgr.log
  • Selection of Patch/Software Update and Creation of Software Update Group
  • Deployment of Software Update Group
  • Client Side Experience Windows 10 device
  • What happened to WindowsUpdate.log? Event Logs ?
  • How to Speed up SCCM policy SCCM Patch Management Process?
  • Windows 10 SCCM Client side logs – Reboot required ? If yes reboot the Windows 10
  • Check the Default compliance reports to confirm the SCCM Patch management compliance percentage of your environment.

Software updates in SCCM provides a set of tools and resources that can help manage the complex task of tracking and applying patches to Windows client computers. An effective software update management process is necessary to maintain operational efficiency, overcome security issues, and maintain the stability of the network infrastructure. However, because of the changing nature of technology and the continual appearance of new security threats, effective software update management requires consistent and continual attention.

SCCM Patch Management

The SCCM Patch Management process is known as Software Updates in SCCM. In this Video, we will see, the components needed for SCCM software update, how to get SCCM synced Microsoft update for Patching, How to select and download a list of patches, How to deploy patches, How to troubleshoot on patching issues, Patching experience at client side, SCCM log files related to patching.

Resources

How to Deploy software updates with SCCM

How to Define SCCM CB Patching Process – Implementation Guide

SCCM Blog posts – https://howtomanagedevices.com/sccm/

SCCM Restore Recovery Guide

I recorded this video few years back. It was one of the first video where I started explaining things while I was showing the steps. SCCM restore process is changed with the release of SCCM CB. Now you have several options to recover SCCM primary server and CAS.

This video is part of the collection of Video tutorials which I made previously. This video tutorial will help to understand the process and that will in tern help to troubleshoot on SCCM CB restore or recovery issues in better way.

What is SCCM CD.Latest Folder

CD.Latest folder is important for SCCM restore or recovery of a standalone primary server. If you do not have the correct CD.Latest folder and its contents available, you cannot recover a site and it must be reinstalled.

The SCCM Installation should be done from CD.Latest folder in a scenario where your SCCM version is not a baseline version. The CD.Latest folder contains a folder named Redist which contains the redistributable files that setup downloads and uses. These files are matched to the version of Configuration Manager files found in that CD.Latest folder. When you run Setup from a CD.Latest folder, you must use files that are matched to that version of Setup. To do so you can either direct Setup to download new and current files from Microsoft, or direct Setup to use the files from the Redist folder included in the CD.Latest folder. This folder backup is important for a successful SCCM restore and recovery scenario.

Prerequisite of SCCM Restore

Hostname of the server Should be same Drive Letters should be same as the previous SCCM primary server Installation Path should be same as the previous Primary server Should have same OS patch level for the server Better to have the same IP to avoid opening up new Firewall ports All the prerequisite apps should be installed (ADK, WSUS etc..) SQL Databased is already restored (manually) – if you are using SQL DB based backup

SCCM Restore and Recover scenarios are explained in the video tutotial.
SCCM Restore – Recover Scenarios

Resources

I have some previous posts which explains about the entire SCCM restore and recovery processes in details. I would recommend reading those to get more details. https://www.anoopcnair.com/video-tutorials-sccm-configmgr-current-branch-backup-recovery/

More details about the importance of SCCM CD.Latest folder is explained in the following Microsoft documentation. https://docs.microsoft.com/en-us/sccm/core/servers/manage/the-cd.latest-folder

SCCM Related Posts – https://howtomanagedevices.com/sccm/

SCCM Upgrade Task Sequence Template

SCCM offers Windows 10 upgrade Task Sequence. Before starting about creating the Windows 10 upgrade task sequence. Let’s complete the prerequisite. The prerequisite is to create Windows 10 operating system upgrade package. SCCM Upgrade Task Sequence to upgrade template can be used to upgrade Windows 10 to the latest version.

SCCM Upgrade Task Sequence template is available out of box in the latest version of SCCM. Open SCCM CB console and navigate via  Software Library workspace, right-click the Operating System Upgrade Packages node, then select Add Operating System Upgrade Package.

Browse to the data source for the operating system upgrade package. Specify the operating system upgrade package. Provide the Windows 10 Enterprise x86 or x64 binary network share location. Select the Architecture of the Windows 10 and the base language.

On the next page, enter the name of the Windows 10 upgrade package. And that is it you are done.

Open SCCM console and navigate via Software Library workspace – right-click the Task Sequences node, and then select Create Task Sequence. On the Create a new task sequence page, select Upgrade an operating system from upgrade package and then click Next.

Enter the name of the Task sequence – Windows 10 Enterprise Upgrade. Upgrade the Windows operating system page of the wizard you need to select the Windows 10 upgrade package which we created as a first step. The wizard will list down all the available Windows 10 editions as part of Windows 10 upgrade package.

SCCM Upgrade Task Sequence

Windows Upgrade using SCCM Upgrade Task Sequence

Use task sequences in SCCM to automatically upgrade an OS on a destination computer. This upgrade can be from Windows 7 or later to Windows 10, or from Windows Server 2012 or later to Windows Server 2016. Create a task sequence that references the OS upgrade package and any other content to install, such as applications or software updates.

Resource

Setup Android Device Management – Intune

The above video tutorial is created one year back. And now Google announced that device admin won’t be supported for Android device management for upcoming versions of Android. Android Enterprise will be the only supported version for device management with Microsoft Intune.

The above video explains – Prerequisites of Android Enterprise, Intune portal admin configurations, Add Google play apps to Google Work, Android enterprise Device enrollment, Work profile creation and Removal of Android for work profile.

Prerequisite for Android Device Management

  • Devices with Android 5.0 Lollipop and later will only have work profile and Android Enterprise support as per Google (Android Device). This is nothing to do with Microsoft and Intune.
  • Some of the Android Enterprise settings are available only for Android 6.0 and later.
  • It’s important to understand Android Enterprise does NOT support all androiddevices in the market- list of supported devices –here.
  • Bind your Intune and Google for Work account from Intune portal. Because Azure Intune blade is not enlightened with this feature yet.
  • Create a Google account or use existing account to sign up for Android Enterprise with EMM provider. More details here
  • Add applications from Google Play to Google for Work store and then sync these apps to Intune (Android Device). You can click on Sync button in Intune console to initiate a new sync between Intune and Google store for work.
  • Sync the apps from Intune console – Admin > Mobile Device Management > Android for Work. After Sync the apps will be visible under – Intune console – Apps – Volume Purchased app
Android Device Management with Intune

Google state device admin will remain supported in Oreo now and through the next major release, Android P. Once Android Q is announced, Android Enterprise will be the only available solution for device management going forward.

Google finally announced device admin will not be supported in future for device managment. So I won’t suggest to use use normal Android Device managment with Intune.

Resource

How to Move SCCM Server to New Hardware

This video post will give a step step guide to migrate SCCM server from old VM to new VM. Moving SCCM server from one hardware to another is common scenario in enterprise world. There could be several reason for this kind of SCCM server VM migrations. Server OS upgrade is one of the most common scenario.

How to Migrate SCCM Server to New Hardware?

Yes, SCCM CB 1606 and later versions supports in place upgrade of server OS. However I’ve seen that most of our server teams don’t want to perform in place OS upgrade.

There is another option to move hardware. SCCM 1806 onwards, SCCM primary server passive server options are available. Arnab explained this primary server passive  option feature with a detailed blog post.

Step by Step Video Guide to Perform SCCM Server Hardware Migration. This is the post which you want to refer before performing any kind of SCCM/ConfigMgr server migration. Follow the steps one by one and make sure your SCCM server hardware migration is hassle free !Migrate SCCM Server to New VMs

SCCM Server Migration Prerequisites

It’s very important to follow these steps when we need to perform migration or server hardware changes of your SCCM server (Migrate SCCM Server). I’m not covering SQL migration in this post. In this scenario, SQL is on remote box. If the SQL is on the same box then things will be bit more easy. I’ve divided the migration process into 5 phases:-

  1. Pre SCCM Migration Activities  (Migrate SCCM Server)
  2. Start of SCCM Migration Activities – Downtime starts from here
  3. SCCM Installation activities on new server
  4. SCCM/ConfigMgr Recovery/Restore activities
  5. Post SCCM/ConfigMgr Repair/Recovery activities

More details https://www.anoopcnair.com/step-step-guide-perform-sccm-configmgr-server-hardware-migration/SCCM 2012 to SCCM CB Upgrade Unofficial Checklist here

SCCM Site-to-site communications (file-based and database replication) benefits from the proximity of being hosted in Azure. However, all client related traffic would be remote from site servers and site systems. If you use a fast and reliable network connection between Azure and your intranet with an unlimited data plan, hosting all your infrastructure in Azure is an option. Migrate SCCM Server to Azure VMs is also possible.

Resources:

The Complete Guide for SCCM Server Migration Part 2 – Database Migration – https://www.anoopcnair.com/the-complete-guide-for-sccm-server-migration-part-2-database-migration/ The Complete Guide for SCCM Server Migration Part 1 – SQL 2017 – https://www.anoopcnair.com/complete-guide-sccm-server-migration-part-1-sql-2017/

SCCM Related Latest Posts – https://howtomanagedevices.com/sccm/

Trace Changes in SCCM via Audit Messages

Who deleted the Collection? Who Modified the Collection? Who Deployed the application? SCCM Audit Reports?

The SCCM Audit Status messages will help you get answers for most of the accidental issues that happen in the SCCM environment. In this video, we will see how to trace who deleted or modified, or changed SCCM Settings.

SCCM Audit Status Messages Track Who Deleted Modified Changed Settings

How to Trace SCCM Deletions

SCCM Audit Status messages

The above video tutorial will provide more details about the details audit messages. How many default audit reports are available in SCCM? How many SCCM audit status messages are stored in SCCM etc.

SCCM Audit Trace Changes in SCCM via Audit Messages
Trace Changes in SCCM via Audit Messages

Report name Description ( SCCM audit ) Administration activity log – Displays a record of administrative changes made for administrative users, security roles, security scopes, and collections.

Administrative user’s security assignments Display administrative users, their associated security roles, and the security scopes associated with each security role for each user.

Objects secured by a single security scope Displays objects that an administrator assigned to only the specified security scope. This report does not display objects that an administrator associates with more than one security scope.

Security for a specific or multiple Configuration Manager objects Displays securable objects, the security scopes associated with the objects, and which administrative users have rights to the objects.  SCCM audit reports.

Security roles summary Displays security roles and the Configuration Manager administrators associated with each role.

SCCM audit: Security scopes summary Displays security scopes and the Configuration Manager administrative users and security groups associated with each scope.

Resources

Latest SCCM Related Posts – https://howtomanagedevices.com/sccm/

SCCM Health and Status Summarizers

SCCM Status Summarizers helps to troubleshoot on many issues. Following are the content of this video post where I explained about different ways to get SCCM health details via SCCM Status Summarizers. In this video you will also learn how to check SCCM components health with the help of status Summarizers.

SCCM Site & Compoenent Status

SCCM sites and Component Status summarizers group summaries of two kinds of data and those are software SCCM component health and physical system health.

What is SCCM Status Summarizers?
List of SCCM CB Status Summarizers
Health Details of a SCCM Site via WMI class
Health Details of SCCM Site via SQL Views

Summary class (SMS_SummarizerStatus) within WMI helps you to determine the SCCM health > This also helps to determine the status, of different aspects of SCCM Infrastructure. The SCCM status summarizers are getting input from status messages, states, and counts.

You can determine the overall health or status of a site, in SCCM, by inspecting the SMS_SummarizerSiteStatus object Status property. SCCM Health details are retrieved from SCCM Status Summarizers.  The Status property has three possible values:

ValueDescription
0The site is healthy.
1The site has warning conditions.
2The site has error conditions.

How to To determine SCCM health with  Status Summarizer

    1. Set up a connection to the SMS Provider. For more information, see About the SMS Provider in SCCM.

    1. Get the SMS_SummarizerSiteStatus object by using the Configuration Manager site code.

  1. Inspect the SMS_SummarizerSiteStatus object Status property to determine the site status

The deployment summarizers track the progress of deployed programs as they are advertised and run on the client computers. SCCM deployment status summaries count the different types of messages generated by advertisements.

Site system and package.application status summaries track the state changes instead of counting the error messages. For example, site system status summaries react to changes in free disk space on a site system. If the free space falls below the threshold you set, the site system’s status summary health indicator changes.

Resource

More Details about SCCM Health and Status Semmaries here

https://www.anoopcnair.com/sccm-status-summarizers-health-monitoring-details/

Latest SCCM Related posts – https://howtomanagedevices.com/sccm/