Because as I stated, I have 9 task sequences and growing (win7 prod, win 7 test, win7 build---then the same for XP and win7 x64) plus soon to be others, and I don't feel like making 9 or more extra deployments every month for patches.
On Feb 1, 2014, at 6:48 PM, "Jason Sandys" <[email protected]<mailto:[email protected]>> wrote: Why not just target the TS collection with your patches also? This has always been my recommendation. It’s just an additional deployment on your existing Software Update Group(s). J From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Miller, Todd Sent: Thursday, January 30, 2014 9:22 AM To: [email protected]<mailto:[email protected]> Subject: RE: [MDT-OSD] Collection membership during OSD Thanks for the suggestion. I am already doing that. It seems like the TS process evaluates the collection membership of the object at the very beginning of the Task Sequence – like maybe as early as the “checking dependencies” phase. Then whatever collections the computer is in at that moment is locked in. If you add the computer to a collection during the task sequence the new collection membership is completely ignored. A policy refresh might work, but the client doesn’t have the agent installed. It would be telling the TS engine to do a policy refresh. The TS and patching process works fine if the computer object is added to the collections before the TS starts – so maybe I will just stick with that. I’d like to keep as much of the process I can inside the task sequence since it is sort of self-documenting and is the first place anyone looks to see what is going on. At this point, I am willing to abandon Perfect for “good enough.” (the question will sit in the back of my head, distracting me for the next few weeks though) From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Schwan, Phil Sent: Wednesday, January 29, 2014 9:55 PM To: [email protected]<mailto:[email protected]> Subject: RE: [MDT-OSD] Collection membership during OSD Try triggering a software update scan cycle before running the Software Updates task: http://www.david-obrien.net/2013/01/23/trigger-software-updates-rescan-in-configuration-manager-2012-sp1/ I use this in my Build and Capture all the time. I have a Software Update deployment targeted to the All Unknown Systems collection, but I have to trigger a scan before running the Install Software Updates task for it to actually see and install the updates. -Phil _________________________________________________________________ Phil Schwan | Technical Specialist, Enterprise Windows Services Project Leadership Associates | 2000 Town Center, Suite 1900, Southfield, MI 48075 Lync: 312.756.1626 Mobile: 419.262.5133 www.projectleadership.net<http://www.projectleadership.net/> <image001.jpg>Lead with Strategy. Leverage Technology. Deliver Results. <image002.jpg><http://www.linkedin.com/in/philschwan><image003.jpg><https://twitter.com/philschwan> <image004.jpg><http://myitforum.com/myitforumwp/author/philschwan> From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Miller, Todd Sent: Wednesday, January 29, 2014 12:58 PM To: [email protected]<mailto:[email protected]> Subject: RE: [MDT-OSD] Collection membership during OSD So, my experiment has completed with some success. It is possible to add a computer to an OSD target collection AND a Patching target collection before the Task Sequence starts, and the computer will receive patches. If the computer is added to the Patch collection after the Task Sequence starts – like with a VBScript inside the Task Sequence, it will not receive patches. This is suboptimal. Is there a way to make the Task Sequence engine reevaluate its collection memberships while the sequence is running? It has to be something internal to the OSD Task Sequence engine since this evaluation takes place even before the computer gets the OS or SCCM agent installed. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Miller, Todd Sent: Wednesday, January 29, 2014 11:38 AM To: [email protected]<mailto:[email protected]> Subject: RE: [MDT-OSD] Collection membership during OSD With 2007 I had patches targeted to a parent collection and the OSD targeted at subcollections and that worked. So at least in 2007, it was not strictly required to have the patches targeted to the OSD collections directly. OSD Collections \----- Windows 7 x64 Production \----- Windows 7 x86 Production \----- Windows 7 x64 Test \----- Windows 7 x86 Test The OSD task sequence was advertised to “Windows 7 x64 Production” collection, while the patches were targeted at “OSD Collections” – and that worked fine. Now that there is no longer the ability to have subcollections – there is no top level collection to target patches to. I have 8-12 OSD collections so the thought of making a deployment each month for each of those 12 colleciton while possible, sounds like a real drag. I just hope my experiment to add the computer to both a OSD target collection and a Patch target collection works. I can add the computer to two collections during the pre-execution hook. If I have to do it prior to the TS starting, that is OK, but ideally I would be able to make a call to some process that forces the TS process to reevaluate collection memberships. The worst case scenario is that I have to target the patches to every OSD collection every month – that would really suck. I suppose it could be automated if I knew powershell a whole lot better. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Daniel Ratliff Sent: Wednesday, January 29, 2014 10:54 AM To: [email protected]<mailto:[email protected]> Subject: RE: [MDT-OSD] Collection membership during OSD If you are adding the machine in the same task sequence it most likely will not see the updated policy because the client is in provisioning mode from the get go. Any time we have needed patching during the TS, we have had to target the collection we were also targeting the TS to. Daniel Ratliff From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Miller, Todd Sent: Wednesday, January 29, 2014 11:46 AM To: [email protected]<mailto:[email protected]> Subject: RE: [MDT-OSD] Collection membership during OSD The OSD task sequence reboots lots of times between when the computer is added to the patch target collection at the very beginning of the OSD task sequence and the spot where Install Software Updates runs. The whole OS is laid down and installed and dozens of software applications are installed between when the computer is added to the collection and the step where Install Software Updates is called. It must reboot 4 or five times. I don’t think rebooting causes the OSD task sequence to rediscover what collections the computer is part of with regards to Software Updates. I have my experiment in place to add the computer to the OSD Task Sequence target collection AND the Patch target collection during pre-hook and I’ll see what happens. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Gary Delia Sent: Wednesday, January 29, 2014 10:30 AM To: [email protected]<mailto:[email protected]> Cc: [email protected]<mailto:[email protected]> Subject: Re: [MDT-OSD] Collection membership during OSD Group membership is calculated for users on login and for computer objects on startup. I would throw in a restart either after adding group membership or right before patching. Sent from my iPhone. Gary Delia S7 Technology Group LLC. (646).462.4569 On Jan 29, 2014, at 11:22 AM, "Miller, Todd" <[email protected]<mailto:[email protected]>> wrote: I am having trouble with patching during OSD, but I don’t think it is really a problem with patching. I think it is a problem with group membership and computing group membership during the OSD Task Sequence. In each TS, I direct member add the computer to the patch collection via Webservice early in the TS – before the WIM is applied. I have verified that the computer account has been added to the collection appropriately. Right clicking on the object in the console shows it is targeted for all the patches I am expecting. When the computer gets to the Install Software Updates task, no patches are detected as required and the process exits in less than a second. There is no error logged in the task sequence – just a no patches to install message. As an experiment, I changed the target of the patch deployment to the same collection as the OSD Task sequence. This made the machine patch correctly in the TS step. So I am curious about the mechanics of this and how/when the group membership is computed. Is there any method exposed that I can call to have the computer or SCCM recompute the group membership during the task sequence? I would like to add the computer to a collection that has the patches targeted rather than create a patch deployment for each of my 8 OSD collections. My next experiment will be to add the machine to both the patch target collection and the OSD collection prior to the Task Sequence launch, and then test to see if the patches apply normally or if the patch deployment must target directly the same collection as the OSD target collection. ________________________________ Notice: This UI Health Care e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank you. ________________________________ ________________________________ This message from S7 Technology Group LLC contains confidential information and is solely for the use of the recipient(s) named above. If you are not the intended recipient or an agent responsible for delivering this message to the intended recipient, you are hereby notified that you have received this message in error and that any review, disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by telephone at 646.434.0950 and destroy this message and any and all copies of this message (whether electronic or printed) including any attachments. ________________________________ Notice: This UI Health Care e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank you. ________________________________ The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information. ________________________________ Notice: This UI Health Care e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank you. ________________________________ ________________________________ Notice: This UI Health Care e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank you. ________________________________ ________________________________ PRIVILEGED AND CONFIDENTIAL. This email and any files transmitted with it are privileged and confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender. If you are not the named addressee you should not disseminate, distribute or copy this e-mail or any of its attachments. ________________________________ Notice: This UI Health Care e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank you. ________________________________ ________________________________ Notice: This UI Health Care e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank you. ________________________________
<<inline: image001.jpg>>
<<inline: image002.jpg>>
<<inline: image003.jpg>>
<<inline: image004.jpg>>
