Sorry this doesn't answer your question, but WSUS is your friend, you can push SP's as well as the updates required afterward (I pushed SP3 for XP to 350 systems, for example, and my total involved time was oh....one minute, including opening the MMC). Patching with WSUS takes about 1/10th the time patching with SMS does. We use WSUS for MS patching and SMS for 3rd party updates. Like SMS, WSUS can use BITS throttling. WSUS is free and can run on desktop hardware.
I found SMS to be the really really hard way to patch MS systems, although I realize there may be reasons you aren't using WSUS. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 -----Original Message----- From: Ziots, Edward [mailto:[email protected]] Sent: Tuesday, August 18, 2009 7:29 AM To: NT System Admin Issues Subject: RE: Patching question I don't use SMS here Chris, But I have the same issue and I setup a batch script that updates to SP2, and then runs the post SP2 hotfixes accordingly, along with the TCP Chimmney disabling and DST fixes again and then reboots the machine (I do use Qchain.exe at the end to make sure everything applies as I want it) then re-scan with shavlik and server is patched up to the required levels. I have done about 100 Servers this way without an issue. You could probably push a quick scheduled task to run the batch file on a central server against your target servers, and then have it reboot afterwards. The service pack + patches should take about 1 hr depending on the speed of the system and available resources. This has been the average for me, and my maintenance windows are probably a lot like yours. Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + [email protected] Phone:401-639-3505 -----Original Message----- From: Christopher Bodnar [mailto:[email protected]] Sent: Tuesday, August 18, 2009 10:18 AM To: NT System Admin Issues Subject: Patching question This is not really an SMS question, more of a generic patching question. We have SMS 2003, and use it to patch systems. I recently found out we have a large number of systems still at W2K3 PS1. Easy enough to push out SP2 to them. The problem then, is how to automate the application of any post SP2 patches. I can think of a few ways, but none of them great. For example, I can create one monster post SP2 package in SMS and have the SP2 package be a pre-requisite. The problems with that are the size of the package itself and how to get a list of post SP2 updates to include in the post sp2 package. I've also thought of doing this as a manual process and having us run Windows update after the SP2 package is applied. The problem with this is our change window is small, and the amount of staff to cover doing this. I'm sure some of you must have run into this issue before. Any ideas? Thanks, Chris ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
