ITMU 3 – deploying patches with SMS 2003 SP3

Patch process using ITMU v3 and SMS 2003
I’m patching end user clients only (no servers) only and this process accommodates a business requirement to patch machines but not force a reboot for 4 days.

  1. Install patches use SMS Notification of the need to reboot. About 65-70% of users reboot within 1 business day.
  2. Notification Nag continues for 4 days from install
  3. Use ITMU to force a reboot at 5pm on the 4th day

Patching details

  1. Microsoft Updates Tool Sync– Downloads the latest Windows Update Catalog on Patch Tuesday
    • Advertisment schedule for every Tuesday @ 3pm and 11pm. 3pm for normal MS patch release and 11pm to catch when they are a little late.
    • Confirm ‘wsusscn2.cab’ has a current time stamp: \Program Files\Microsoft Updates Inventory Tool\PkgSource
  2. Microsoft Updates Tool– Distributes the above Windows Update Catalog to clients and scans for status
    • Advertised to run daily at 4am
  3. Create Patch Packages – * See details below
    • Create per OS packages to limit download size for field/VPN and slow link clients
  4. Create Patch Advertisements– * See details below
    • Set to run daily
    • Download if not local
  5. Test – Wednesday through Friday
    • Did I screw anything up test – Local on 3 OS’es in my lab to ensure packages and advertisements are all functional
    • Real testing – deploy to field and office test group on all OS’es. I use IT and a set group of customers that use a variety of apps and connectivity scenarios
  6. Deploy
    • Friday afternoon
    • Send out per OS Advertisements scheduled to run Sunday morning at 6am recurring daily
  7. Reboot – 3rd Wednesday
    • Update the patch packages to force a reboot for anyone who hasn’t
  8. Monitor Compliance
    • Using the above process I generally get 65-70% compliance by end fo day monday with another 30% pending reboot
    • After 4 days and the Wednesday forced reboot complaince is around 90%
    • Over the next week I monitor as field users and offline boxes connect and bring complaince above 95+%

Creating Patch Packages – Command line switches for Patchinstall.exe http://www.myitforum.com/articles/8/view.asp?id=8052

2 thoughts on “ITMU 3 – deploying patches with SMS 2003 SP3

  1. Did you get an answer for the command line switches to use to accomplish patching forcing a reboot after 4 days?

  2. Would you mind posting what your command line switches look like? I know you have the MyITForum link posted but just interested in what you are using. Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *