Part 6 - Setting up Software Update Point

BEFORE YOU BEGIN

SOFTWARE UPDATE POINT

In my previous blog post Part 5 we completed the configuration of discovery methods and boundaries. In Part 6 I will be setting up the Software Update Point role in Microsoft Endpoint Configuration Manager and I will give you a walk-through of my maintenance configuration for SQL and WSUS.

Since I've already prepared the Windows Server Update Services (WSUS), let's get started with configuring the software update point role in Microsoft Endpoint Configuration Manager.

Software Update Point Role

Step 1. Type "Configuration" in the search line next to the start button, and click "Configuration Manager Console"

Step 2. Navigate to "Administration" and expand the "Site Configuration", now select "Servers and Site System Roles", right-click on your site server name and select "Add Site System Roles"

Step 3. Click "Next"

Step 4. Click "Next"

Step 5. Select "Software update point" from the role list and click "Next"

Step 6. Click "Next"

Step 7. Click "Next"

Step 8. Select "Synchronize from Microsoft Update" and click "Next"

Step 9. Select "Enable Synchronization on a schedule", configure it to every 1 day and click "Next"

Step 10. Set "Supersedence behavior" to 1 month or keep the default value (3 months) and click "Next"

Step 11. Select all maintenance options and click "Next"

Step 12. Click "Next"

Step 13. Select "Download full files for all approved updates" and click "Next"

Step 14. Do not select any "Classifications" at this point, click "Next"

Step 15. Do not select any "Products" at this point, click "Next"

Step 16. Select the desired languages and click "Next"

Step 17. Click "Next" and then click "Close" when the setup is complete.

Step 18. Go to the Microsoft Endpoint Configuration Manager log location and review the SUPSetup.log

You should see a line in the log that says: Installation was successful.

Step 19. In the console go to "Software Library" and expand "Software Updates", select "All Software Updates" which should be empty at this point. Now click on "Synchronize Software Updates"

Step 20. Click "Yes"

Step 21. Go to the Microsoft Endpoint Configuration Manager log location and review the wsyncmgr.log

You should see a line in the log that says: Sync succeeded.

Classifications & Products

We are now finally ready for the classifications and products configuration.

Step 1. Navigate to "Administration" and expand the "Site Configuration", select "Sites", right-click on your site name, expand the "Configure Site Components" and select "Software Update Point"

Step 2. Select the "Classifications" tab and select the ones you need.

Step 3. Select the "Products" tab and select the ones you need.

Step 4. In the console go to "Software Library" and expand "Software Updates", select "All Software Updates" which should still be empty at this point. Now, click on "Synchronize Software Updates"

Step 5. Click "Yes"

Step 6. Go to the Microsoft Endpoint Configuration Manager log location and review the wsyncmgr.log

You should see a line in the log that says: sync: Starting WSUS synchronization

This WILL take a while to finish, so go grab a coffee, go for a walk or go to bed (I'll let you decide...)😎

Step 7. Okay, so almost 5 hours later and it is finally done!

You should see a line in the log that says: Done synchronizing WSUS Server

Step 8. You should now see the software updates in the console. Fantastic 🤩

SQL & WSUS MAINTENANCE

Now that the software update point for this LAB has been configured and synchronized, let's continue with the SQL and WSUS maintenance which is important in order to prevent the whole house of cards from collapsing in the future - We have all been there at one point, right ?

Prerequisites

• Download WSUS Script & Scheduled Task here

• Download SQL Script here

SQL Maintenance

Step 1. Type "SQL Server Management" in the search line next to the start button, and click "Microsoft SQL Server Management Studio 18"

Step 2. Click "Connect"

Step 3. Click "File" -> "Open" -> "File..." or "Ctrl+O". Now, select the MaintenanceSolution.sql script previously downloaded from Ola Hallengren's website.

Step 4. Modify the configuration or keep the defaults and click "Execute"

Step 5. You should see a line in the messages pane that says: Commands completed successfully.

Step 6. Expand the "SQL Server Agent", right-click on "Jobs" and select "Manage Schedules"

Step 7. Click "New..."

Step 8. Configure the new job schedule to fit your needs or use my configuration in the below print screen and click "OK"

Step 9. Expand the "Jobs", right-click "IndexOptimize - USER_DATABASES" and select "Properties"

Step 10. On the "Steps" page, click "New..."

Step 11. Give the step a name, add a command that the step should run once a week and click "OK"

You can use my command below or find inspiration at Ola Hallengren's website here

Step 12. On the "Schedules" page, click "New...", select the job schedule previously created in step 8 and click "OK" twice.

Step 13. Open the "Job Activity Monitor", right-click on "IndexOptimize - USER_DATABASES" and select "Start Job at Step..."

Step 14. Click "Close" when it's done.

Step 15. Right-click on "IndexOptimize - USER_DATABASES" again and now select "View history"

Step 16. Expand the log and review the details.

You should see that the last messages says: The step succeeded.

WSUS Maintenance

Step 1. Download the WSUSCleanupTask.ps1 and WSUSCleanupTask.xml from my GitHub repository and place it somewhere on your WSUS server.

Important - Before proceeding with step 2, you need to modify the WSUSCleanupTask.ps1 configuration.

Step 2. Type "Task Scheduler" in the search line next to the start button, and click "Task Scheduler"

Step 3. Click "Import Task..." from the "Actions" pane and import the WSUSCleanupTask.xml previously downloaded from my GitHub repository. Make the necessary changes so it will fit your environment e.g. when should it run and where is the script located? Click "OK" when finish.

Step 4. Select the "General" tab and make sure that the configuration is correct for your environment.

Step 5. Select the "Triggers" tab and make sure that the configuration is correct for your environment.

Step 6. Select the "Actions" tab and make sure that the configuration is correct for your environment.

Step 7. Select the "Conditions" tab and make sure that the configuration is correct for your environment.

Step 8. Select the "Settings" tab and make sure that the configuration is correct for your environment.

Step 9. Run the scheduled task and look for any issues in the "History" tab.

Step 10. If the scheduled task ran successfully, you should see a CleanupReport.html in the location that you defined earlier in the WSUSCleanupTask.ps1 configuration and if you open the report, you can see which job was performed by the script.

This should conclude setting up the Software Update Point role in Microsoft Endpoint Configuration Manager and the maintenance configuration for SQL and WSUS.

Now, Part 7 was actually on the drawing board, but I've decided that Part 6 will be the last one in this blog series. I will continue to blog about Endpoint Management in the 2021 section, this has been an awesome and a long blog series but I know that it has helped others and that makes it all worthwhile to me 🤓

If you have any questions regarding this topic, feel free to reach out to me. I am most active on Twitter!