How to: Deploy 3rd party updates published by Shavlik Patch using SCCM

Version 3

    Purpose

     

    This document contains basic steps required to publish 3rd party patches using Shavlik Patch and deploy them from SCCM.

     

    Instructions

     

    Deploying 3rd party patches with a Software Update Group:

     

         1. Publish the updates.  All of the 3rd party updates are downloaded to the SCCM server, the WSUS copies them to itself and the distributes them to distribution points.  So the updates are going to come from the WSUS server or one of the Distribution Points.

     

     

         2. If there are new categories:

             a. Synchronize (incremental) to get the new categories

             b. Check the categories in Manage Products so they are set to synchronized

     

    sup.JPG

     

         3. Synchronize to see the updates just published in All Software Updates (will automatically be a full sync if categories changed)

     

     

         4. Select the updates to deploy in All Software Updates

              a. Right-click and select Download

     

         5. In the wizard, select "Create a new deployment package", give it a name

             b. Browse to a folder on a server, e.g. \\vm-wsus-server\wsusdeploy

             c. Create a new subfolder and give it a descriptive name (the folder should be empty)

             d. Choose that subfolder and click 'Select Folder'

             e. Click Next

             f. Select the Distribution Point to use

             g. Click Summary

             h. Click Next

    Note: If the download fails, see %temp%\PatchDownloader.log; if you get 404 (not found) errors, the content location may be wrong.  In that case, revise the updates that failed, do an incremental sync, and try again.  This log will also help identify other issues like proxies blocking content downloads.

     

         6. Select the updates again in All Software Updates

              a. Right-click and choose 'Create Software Update Group'

              b. Give the group a name and click Create

      
         7. Click on 'Software Update Groups' in the navigator, then right-click on the group you just created and select Deploy which brings up a wizard:

             a. Give it a different name if you wish

             b. Click on 'Browse' next to Collection and choose a collection of machines to deploy to

             c. Click Next

             d. Change the Type of deployment to Available unless you want to force it on all machines in the collection

             e. Click Summary

             f. Click Next

             g. Click Close

             h. You can select the Software Update Group and click on the Deployment tab to verify the deployment happened.

     

    Deploying 3rd party patches without a Software Update Group:

     

         1. Complete steps 1-4 as above. ↑

     

         2. Right-click and select 'Deploy'

              a. Give it a different name if you wish

              b. Click on 'Browse' next to Collection and choose a collection of machines to deploy to

              c. Click Next

              d. Change the Type of deployment to Available unless you want to force it on all machines in the collection; click Next

              e. On Scheduling, User Experience, Alerts - just click Next

              f. On Download Settings - Check the radio button "Download software update from distribution point and install"; click Next

              g. On Deployment Package, select "Create a new deployment package", give it a name

              h. Browse to a folder on a server, e.g. \\vm-wsus-server\wsusdeploy

              i. Create a new subfolder and give it a descriptive name

              j. Choose that subfolder and click 'Select Folder'

              k. Click Next

              l. Select the Distribution Point to use

              m. On Language Selection, change languages if necessary

              n. Click Summary

              o. Click Next

        

         3. Verify that the 'Downloaded' and 'Deployable' and 'Deployed' columns in 'All Software Updates' says 'Yes'.  You can right-click on the column and make these visible.

     

    On the Client Machine:

     

         1. Open Control Panel | Configuration Manager and click on the Actions tab.   (or run 'control smscfgrc')

       

         2. Run 'Machine Policy Retrieval & Evaluation Cycle'  and wait a while.

       

         3. Run 'Software Updates Scan Cycle'  - see status in C:\Windows\WindowsUpdate.log

       

         4. Run 'Software Updates Deployment Evaluation Cycle' - see status in C:\Windows\WindowsUpdate.log

       

         5. From the Start menu, run 'Software Center'  (under Microsoft System Center 2010 \ Configuration Manager)

              a. Available Software tab should show available updates

              b. Check the update(s) you want to install and click 'Install Selected'

       

         6. You can look in these folders for logs and other deployment files to verify the deployment process is advancing.

              a. %programdata%\Shavlik\Installation\InstallationSandbox#<date-time>

              b. %windir%\SoftwareDistribution\Download\Install

     

    Additional Information

     

    'How to' and troubleshooting guides can be found here:

     

     

    Affected Product(s)

     

    Shavlik Patch