Workstation Patch Process
Part 1: Download Updates From Microsoft
1. From the SCCM console, navigate to: Software Library-->Software Updates (expand this folder)-->All Software Updates.
2. Click the Home menu on the top left corner and Navigate to: Saved Searches-->Manage Searches for Current Node
3. Click on the update group you want—Lanteam has created this group already. Check with Lanteam to see which month of updates should be used for the current patch deployment. Click OK
The list will usually take some time to populate. Wait until the list is finished
4. Review the list of updates and remove any irrelevant updates.
Remove all of the server requirements so that the search does not include the server updates
5. Once list finishes populating, select all the updates in the range (CTRL + A). After you have selected all of the updates, right-click on the updates list and choose Create Software Update Group
6. Name the update group (ie: TC Workstation (include date range for the updates) Microsoft Software Update Group). In the Description box, type your name and the date. Then click Create.
7. Click Software Update Groups. You should see the update group you created in Step 6. Once you locate the update group you created, click on it.
8. Select all of the updates in the group, then right-click and select Download.
9. The Download Software Updates Wizard will appear. Choose Create A New Deployment Package. Name the package-use the same name as the one you used in Step 6 (ie: TC Workstation Software Deployment Package). Under Description, type your initials and the date
10. Under Package Source, type in the path of the distribution point where the package is located (\\msccmgrdp\WindowsPatching\TCWorkstation\(name of folder for current updates)
11. Click Next
12. Click Add
13. When you see the two checkboxes, choose the one with "DP" in the name (ie: msccmgrdp). Then, click OK.
14. Click Next
15. Make sure "Manually copy the content..." is selected. Then, click Next.
16. Select Download Software Updates From the Internet. Then, click Next.
17. Select English, then Next.
18. Click Next.
19. Updates will download. This will take some time to complete (depending on how many updates are downloading, you may have to come back later in the day before you can proceed).
Part 2: Deploy Updates
20. Once the download completes, Click Software Library, then Software Updates. Expand this folder and select the software update group you created in Step 6.
21. Click on Software Update Groups. Then, right-click on the software group you created and select Deploy.
22. The Deployment Wizard should appear. Name the deployment (ie: TC Workstation Microsoft Software Updates). Confirm that the correct software updated group is seen in the Software Update/Software Update Group box.
23. From the Collection box, click Browse. Select your collection from the menu that appears (ie: TC Workstation Patch Deployment). Click Next.
24. Agree to license terms and click OK.
25. Make sure Type of Deployment is set to Required. Set Detail Level to Only Success and Error Messages. Click Next.
26. Set time to Local Client Time. Then, set when software updates should run. You can choose to run as soon as possible or schedule for a specific time. The SCCM patch management team should decide as a group on when to deploy the updates.
27. Click Next.
28. Make sure Deploy in Software Center is selected. Also, select Show All Notifications.
The following screenshot applies to Steps 29-31
29. Under Suppress Restart, select both Workstations and Servers (enough though we are concentrating on workstations, we want to also select servers for the restart suppression just in case any servers have accidentally ended up in the workstation collection).
30. Check the box next to Software Updates Deployment Updon Re-evalutation.
31. Check "Commit changes at deadline..." Click Next.
32. Click Next.
The following screenshot applies to Steps 33-35
33. Under Deployment Options, select Download Software Updates from Distribution Point and Install.
34. Select Download and install software updates from the distribution points in site default boundary group
35. Check the box next to "If Software updates are not available on the distribution point in current, neighbor or site boundary groups, download content from Microsoft Updates"
36. Click Next.
37. Click Next.
38. Once the status on the next page completes, click Next.
*****Update deployment to another collection (example: you have already tested week 0 and are ready to move onto “Test TCIT Collection”)
Software library—>overview—>software updates—>software update groups
On bottom, click deployment. From here, you can edit deployment to new collection. Schedule collection as needed.
The collections are: Week 0 Test Collection, TCIT Test Collection, TC Workstation Patch Deployment