ITMU 3 – deploying patches with SMS 2003 SP3

Patch process using ITMU v3 and SMS 2003
I’m patching end user clients only (no servers) only and this process accommodates a business requirement to patch machines but not force a reboot for 4 days.

  1. Install patches use SMS Notification of the need to reboot. About 65-70% of users reboot within 1 business day.
  2. Notification Nag continues for 4 days from install
  3. Use ITMU to force a reboot at 5pm on the 4th day

Patching details

  1. Microsoft Updates Tool Sync– Downloads the latest Windows Update Catalog on Patch Tuesday
    • Advertisment schedule for every Tuesday @ 3pm and 11pm. 3pm for normal MS patch release and 11pm to catch when they are a little late.
    • Confirm ‘wsusscn2.cab’ has a current time stamp: \Program Files\Microsoft Updates Inventory Tool\PkgSource
  2. Microsoft Updates Tool– Distributes the above Windows Update Catalog to clients and scans for status
    • Advertised to run daily at 4am
  3. Create Patch Packages – * See details below
    • Create per OS packages to limit download size for field/VPN and slow link clients
  4. Create Patch Advertisements– * See details below
    • Set to run daily
    • Download if not local
  5. Test – Wednesday through Friday
    • Did I screw anything up test – Local on 3 OS’es in my lab to ensure packages and advertisements are all functional
    • Real testing – deploy to field and office test group on all OS’es. I use IT and a set group of customers that use a variety of apps and connectivity scenarios
  6. Deploy
    • Friday afternoon
    • Send out per OS Advertisements scheduled to run Sunday morning at 6am recurring daily
  7. Reboot – 3rd Wednesday
    • Update the patch packages to force a reboot for anyone who hasn’t
  8. Monitor Compliance
    • Using the above process I generally get 65-70% compliance by end fo day monday with another 30% pending reboot
    • After 4 days and the Wednesday forced reboot complaince is around 90%
    • Over the next week I monitor as field users and offline boxes connect and bring complaince above 95+%

Creating Patch Packages – Command line switches for Patchinstall.exe http://www.myitforum.com/articles/8/view.asp?id=8052

print

2 thoughts on “ITMU 3 – deploying patches with SMS 2003 SP3

  1. Would you mind posting what your command line switches look like? I know you have the MyITForum link posted but just interested in what you are using. Thanks!

  2. Did you get an answer for the command line switches to use to accomplish patching forcing a reboot after 4 days?

Leave a Reply

Your email address will not be published. Required fields are marked *