Workstation Patch Process
Part 1: Download Updates From Microsoft
1. From the SCCM console, navigate to: Software Library-->Software Updates (expand this folder)-->All Software Updates.
2. Click the Home menu on the top left corner and Navigate to: Saved Searches-->Manage Searches for Current Node
3. Click on the update group you want—the best rule of thumb is just to click the update group that was used in the previous month, since the search criteria is already set. Click OK
The list will usually take some time to populate. Wait until the list is finished
4. Adjust the dates on the calendar to the month that corresponds to the updates you want to deploy (ie: it's April and you want to deploy March updates, adjust the calendar to 3/1-3/31. Review the list of updates and remove any irrelevant updates. Also, make sure they are no updates related to the servers (LanTeam takes care of all server-related updates)
5. Once list finishes populating, select all the updates in the range (CTRL + A). After you have selected all of the updates, right-click on the updates list and choose Create Software Update Group
6. Name the update group (ie: TC Workstation Microsoft Software Update Group). In the Description box, type your UNI and the date. Then click Create.
7. Click Software Update Groups. You should see the update group you created in Step 6. Once you locate the update group you created, double-click on it.
8. Select all of the updates in the group (CTRL + A), then right-click and select Download.
9. The Download Software Updates Wizard will appear. Choose Create A New Deployment Package. Name the package (ie: TC Workstation Software Deployment Package).
10. Under Package Source, type in the path of the distribution point where the package is located (\\msccmgrdp\WindowsPatching\TCWorkstation\(name of folder you created for this month's updates)
11. Click Next
12. Click Add, and select Distribution Point.
13. When you see the two checkboxes, choose MSCCMGRDP.INT.TC.COLUMBIA.EDU. Then, click OK.
14. Click Next
15. Make sure "Manually copy..." is selected. Then, click Next.
16. Select Download Software Updates From the Internet. Then, click Next.
17. Select English, then Next.
18. Click Next.
19. Updates will download. This will take some time to complete (depending on how many updates are downloading, you may have to come back later in the day before you can proceed).
*A summary box will appear once the updates are complete. Copy the output from this box and dump it into notepad. Save the file as the name of the month's patches you are working on, and the year (ie: "December 2019 patching output"). Save the output in the SCCM folder, located in the Service Desk Google Shared Drive.
Part 2: Deploy Updates
20. Once the download completes, Click Software Library, then Software Updates. Expand this folder and select the software update group you created in Step 6.
21. Click on Software Update Groups. Then, right-click on the software group you created and select Deploy.
22. The Deployment Wizard should appear. Name the deployment (ie:TC Workstation Microsoft Updates-December 2019). Confirm that the correct software updated group is seen in the Software Update/Software Update Group box.
23. From the Collection box, click Browse. Select your collection from the menu that appears (when patching workstations, follow this collection order: Week 1: Client Desktop Maintenance Week 0, Week 2: Test TCIT Collection, Week 3: TC Workstation Patch Deployment). Once you have chosen the correct deployment collection, click Next.
24. Agree to license terms and click OK.
25. Make sure Type of Deployment is set to Required. Set Detail Level to Only Success and Error Messages. Click Next.
26. Set time to Local Client Time. Then, set when software updates should run. You can choose to run as soon as possible or schedule for a specific time. The SCCM patch management team should decide as a group on when to deploy the updates.
27. Click Next.
28. Make sure Deploy in Software Center and show all notifications. is selected.
The following screenshot applies to Steps 29-32
29. Under Suppress Restart, select both Workstations and Servers (enough though we are concentrating on workstations, we want to also select servers for the restart suppression just in case any servers have accidentally ended up in the workstation collection).
30. Check the box next to Software Updates Deployment Updon Re-evalutation.
31. Check "Commit changes at deadline..." Click Next.
32. Click Next.
33. Now you will see the "Alerts" screen. For a typical patch deployment, we will keep all of these settings as default (no alerts selected). Click Next
34. From the Deployment Package screen, choose Select a Deployment Package. Click Browse and choose the package you created using the steps above. Once you've selected the package, click Next.
35. Under Download Location, select Download software updates from a location on my network, then browse to the folder where the updates were downloaded. Then, click Next.
The following screenshot applies to Steps 36-38
36. Under Deployment Options, select Download Software Updates from Distribution Point and Install.
37. Select Download and install software updates from the distribution points in site default boundary group
38. Check the box next to "If Software updates are not available on the distribution point in current, neighbor or site boundary groups, download content from Microsoft Updates"
39. Click OK.
40. Click Next.
41. Once the status on the next page completes, click Next.
42. Once the Deployment wizard completes, copy the deployment output and dump it into the same output doc you created in Step 19.
*****Update deployment to another collection (example: you have already tested week 0 and are ready to move onto “Test TCIT Collection”)
Software library—>overview—>software updates—>software update groups
On bottom, click deployment. From here, you can edit deployment to new collection. Schedule collection as needed.
The collections are: Week 0 Test Collection, TCIT Test Collection, TC Workstation Patch Deployment