With 2007 I had patches targeted to a parent collection and the OSD targeted at
subcollections and that worked. So at least in 2007, it was not strictly
required to have the patches targeted to the OSD collections directly.
OSD Collections
\----- Windows 7 x64 Production
\----- Windows 7 x86 Production
\----- Windows 7 x64 Test
\----- Windows 7 x86 Test
The OSD task sequence was advertised to “Windows 7 x64 Production” collection,
while the patches were targeted at “OSD Collections” – and that worked fine.
Now that there is no longer the ability to have subcollections – there is no
top level collection to target patches to. I have 8-12 OSD collections so the
thought of making a deployment each month for each of those 12 colleciton while
possible, sounds like a real drag.
I just hope my experiment to add the computer to both a OSD target collection
and a Patch target collection works. I can add the computer to two collections
during the pre-execution hook. If I have to do it prior to the TS starting,
that is OK, but ideally I would be able to make a call to some process that
forces the TS process to reevaluate collection memberships.
The worst case scenario is that I have to target the patches to every OSD
collection every month – that would really suck. I suppose it could be
automated if I knew powershell a whole lot better.
From: [email protected] [mailto:[email protected]] On
Behalf Of Daniel Ratliff
Sent: Wednesday, January 29, 2014 10:54 AM
To: [email protected]
Subject: RE: [MDT-OSD] Collection membership during OSD
If you are adding the machine in the same task sequence it most likely will not
see the updated policy because the client is in provisioning mode from the get
go.
Any time we have needed patching during the TS, we have had to target the
collection we were also targeting the TS to.
Daniel Ratliff
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of Miller, Todd
Sent: Wednesday, January 29, 2014 11:46 AM
To: [email protected]<mailto:[email protected]>
Subject: RE: [MDT-OSD] Collection membership during OSD
The OSD task sequence reboots lots of times between when the computer is added
to the patch target collection at the very beginning of the OSD task sequence
and the spot where Install Software Updates runs. The whole OS is laid down
and installed and dozens of software applications are installed between when
the computer is added to the collection and the step where Install Software
Updates is called. It must reboot 4 or five times. I don’t think rebooting
causes the OSD task sequence to rediscover what collections the computer is
part of with regards to Software Updates.
I have my experiment in place to add the computer to the OSD Task Sequence
target collection AND the Patch target collection during pre-hook and I’ll see
what happens.
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of Gary Delia
Sent: Wednesday, January 29, 2014 10:30 AM
To: [email protected]<mailto:[email protected]>
Cc: [email protected]<mailto:[email protected]>
Subject: Re: [MDT-OSD] Collection membership during OSD
Group membership is calculated for users on login and for computer objects on
startup.
I would throw in a restart either after adding group membership or right before
patching.
Sent from my iPhone.
Gary Delia
S7 Technology Group LLC.
(646).462.4569
On Jan 29, 2014, at 11:22 AM, "Miller, Todd"
<[email protected]<mailto:[email protected]>> wrote:
I am having trouble with patching during OSD, but I don’t think it is really a
problem with patching. I think it is a problem with group membership and
computing group membership during the OSD Task Sequence.
In each TS, I direct member add the computer to the patch collection via
Webservice early in the TS – before the WIM is applied. I have verified that
the computer account has been added to the collection appropriately. Right
clicking on the object in the console shows it is targeted for all the patches
I am expecting.
When the computer gets to the Install Software Updates task, no patches are
detected as required and the process exits in less than a second. There is no
error logged in the task sequence – just a no patches to install message.
As an experiment, I changed the target of the patch deployment to the same
collection as the OSD Task sequence. This made the machine patch correctly in
the TS step. So I am curious about the mechanics of this and how/when the
group membership is computed.
Is there any method exposed that I can call to have the computer or SCCM
recompute the group membership during the task sequence? I would like to add
the computer to a collection that has the patches targeted rather than create a
patch deployment for each of my 8 OSD collections.
My next experiment will be to add the machine to both the patch target
collection and the OSD collection prior to the Task Sequence launch, and then
test to see if the patches apply normally or if the patch deployment must
target directly the same collection as the OSD target collection.
________________________________
Notice: This UI Health Care e-mail (including attachments) is covered by the
Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and
may be legally privileged. If you are not the intended recipient, you are
hereby notified that any retention, dissemination, distribution, or copying of
this communication is strictly prohibited. Please reply to the sender that you
have received the message in error, then delete it. Thank you.
________________________________
________________________________
This message from S7 Technology Group LLC contains confidential information and
is solely for the use of the recipient(s) named above. If you are not the
intended recipient or an agent responsible for delivering this message to the
intended recipient, you are hereby notified that you have received this message
in error and that any review, disclosure, copying, distribution or use of the
contents of this message is strictly prohibited. If you have received this
communication in error, please notify us immediately by telephone at
646.434.0950 and destroy this message and any and all copies of this message
(whether electronic or printed) including any attachments.
________________________________
Notice: This UI Health Care e-mail (including attachments) is covered by the
Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and
may be legally privileged. If you are not the intended recipient, you are
hereby notified that any retention, dissemination, distribution, or copying of
this communication is strictly prohibited. Please reply to the sender that you
have received the message in error, then delete it. Thank you.
________________________________
The information transmitted is intended only for the person or entity to which
it is addressed
and may contain CONFIDENTIAL material. If you receive this material/information
in error,
please contact the sender and delete or destroy the material/information.
________________________________
Notice: This UI Health Care e-mail (including attachments) is covered by the
Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and
may be legally privileged. If you are not the intended recipient, you are
hereby notified that any retention, dissemination, distribution, or copying of
this communication is strictly prohibited. Please reply to the sender that you
have received the message in error, then delete it. Thank you.
________________________________
