Another question, though: If they are installed via AU, would this information still show up in Software Center? The notifications were displayed in Software Center and it was Software Center that actually performed the reboot (Event Viewer shows Ccmexec performing the reboot).
From: [email protected] [mailto:[email protected]] On Behalf Of Mote, Todd Sent: Monday, May 25, 2015 9:06 PM To: myITforum SMS List ([email protected]) Subject: [mssms] RE: Software Updates Applied to Servers Without Approval UX usually means ‘user experience’, but you’ve got some other key words in there like, ‘AU’ and ‘interactive’. Do these servers have Automatic Updates Group Policy applied anywhere? In c:\windows\ccm\logs you should be able to see stuff around the scan in updatesdeployment.log, scanagent.log, datatransferservice.log, updateshandler.log, updatesstore.log and wuahandler.log to see all of the updates. Also, in windowsupdate.log you should see more stuff like this: 2015-05-25 19:14:24:752 5272 14f4 COMAPI -- START -- COMAPI: Search [ClientId = CcmExec] 2015-05-25 19:14:24:752 5272 14f4 COMAPI --------- 2015-05-25 19:14:24:753 940 c14 Agent ************* 2015-05-25 19:14:24:753 940 c14 Agent ** START ** Agent: Finding updates [CallerId = CcmExec] 2015-05-25 19:14:24:753 940 c14 Agent ********* 2015-05-25 19:14:24:753 940 c14 Agent * Include potentially superseded updates 2015-05-25 19:14:24:753 940 c14 Agent * Online = No; Ignore download priority = Yes 2015-05-25 19:14:24:753 940 c14 Agent * Criteria = "((DeploymentAction=* AND Type='Software' AND CategoryIDs contains '84F5F325-30D7-41C4-81D1-87A0E6535B66') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains '704A0A4A-518F-4D69-9E03-10BA44198BD5') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains '6248B8B1-FFEB-DBD9-887A-2ACF53B09DFE') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains '1403F223-A63F-F572-82BA-C92391218055') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains '041E4F9F-3A3D-4F58-8B2F-5E6FE95C4591') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains 'B54E7D24-7ADD-428F-8B75-90A396FA584F') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains '0FA1201D-4330-4FA8-8AE9-B877473B6441'))" 2015-05-25 19:14:24:753 940 c14 Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed 2015-05-25 19:14:24:753 940 c14 Agent * Search Scope = {Machine} 2015-05-25 19:14:24:753 940 c14 Agent * Caller SID for Applicability: S-1-5-18 2015-05-25 19:14:24:758 5272 14f4 COMAPI <<-- SUBMITTED -- COMAPI: Search [ClientId = CcmExec] 2015-05-25 19:14:27:089 940 c14 Agent * Added update {BDB0E301-5660-4DB8-A396-F3C9C0C10776}.201 to search result 2015-05-25 19:14:27:090 940 c14 Agent * Added update {D391DE02-B9A1-4C5B-B8C1-7ECCA958ACDF}.203 to search result 2015-05-25 19:14:27:090 940 c14 Agent * Added update {92504704-BF09-4CE5-8436-90B6AE8A842A}.201 to search result 2015-05-25 19:14:27:090 940 c14 Agent * Added update {28904808-0DBB-4812-9A9A-7E9977ADE38A}.202 to search result 2015-05-25 19:14:27:090 940 c14 Agent * Added update {09257309-72A1-4622-B9DA-610B9E037E2E}.201 to search result 2015-05-25 19:14:27:090 940 c14 Agent * Added update {C822D00A-FEC3-4B65-8F63-6E6BEA292944}.203 to search result That 5th column in yours shows ‘AU’ which typically means Auto Update, and not ‘Agent’ like mine above which should be your sccm client doing stuff. Looks to me like they did what they were told, it just wasn’t SCCM. Maybe WSUS via Group Policy? Todd From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Gushue, William Sent: Monday, May 25, 2015 2:10 PM To: myITforum SMS List ([email protected]<mailto:[email protected]>) Subject: [mssms] Software Updates Applied to Servers Without Approval I configured a Software Update Group to deploy to a group of servers this past weekend. A number of other servers ended up installing the updates. I have: 1. Checked the collection (which I have since deleted) to ensure the correct servers were added. 2. Checked the Properties of the servers that received the updates (even though they shouldn’t have) and there were NO deployments in the Deployments tab. 3. Checked reports and they tell me the updates were required, but there was no check mark under “Approved” 4. Checked for Duplicate GUIDs and there are none that apply. 5. Checked the Windows Update log file and see the following: “2015-05-25 10:26:07:179 1224 5b5c AU AU received approval from UX for 43 updates 2015-05-25 10:26:07:179 1224 5b5c AU AU setting pending client directive to 'Progress Ux' 2015-05-25 10:26:07:303 1224 5b5c AU BeginInteractiveInstall invoked for Download 2015-05-25 10:26:07:303 1224 5b5c AU Auto-approving update for download, updateId = {0087DF01-B453-4F5E-B5B4-E61911BCF5A8}.200, ApprovalIsForUx=1, UpdateOwner=UX, HasDeadline=0, IsMinor=0” – which indicates something approved them, but I am not sure what “UX” means. Is there anywhere on the client itself where I can see something to the effect “I am supposed to apply these updates and it’s because I am in this collection”? I have been using PolicySpy and checking PolicyEvaluator and PolicyAgent but have yet to come across why these updates got approved for these systems. I am usually pretty good at tracking down my own mistakes, but this one has me stumped. Thanks. ________________________________ ******************************************************************** This e-mail message is privileged, confidential and subject to copyright. Any unauthorized use or disclosure is prohibited. Le contenu du présent courriel est privilégié, confidentiel et soumis à des droits d'auteur. Il est interdit de l'utiliser ou de le divulguer sans autorisation. ********************************************************************
