“Keep things patched!”
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
That’s the mantra IT admins have engraved on the insides of their eyelids. Given how quickly exploits are found and, well, exploited in current software, admins need to respond as quickly as they can to offer updates when they’re published.
This is all well and good if you’re using Windows Server Update Services (WSUS) to push out Microsoft-authored patches across your organization. It’s a bit more of a problem when you’re dealing with third-party software or updates to applications that have been written or modified for in-house use.
As it happens, Microsoft has created a tool to help admins stay on top of this issue by allowing third-party software catalogs and updates to be published through System Center Configuration Manager (SCCM). Dubbed System Center Updates Publisher (SCUP), the tool is now currently in its 4.5 revision (dated 11/23/2009) with a new 2011 edition coming soon.
Microsoft SCUP requires a computer running WSUS 3.0 Administration Console (at least the SP1 revision), either SCCM 2007 or System Center Essentials 2007, and SQL Server 2005 Express SP2, SQL Server 2005 SP3 or SQL Server 2008 SP1. Almost any version of Windows -- server or client -- starting with Windows XP SP2 is okay as the OS.
System Center Updates Publisher allows you to perform four basic tasks:
- create a new software update definition
- import software update catalogs into SCUP
- export software update catalogs out of SCUP
- publish updates to an update server
Software catalogs can also be imported individually or in bulk, and you can designate locations to check automatically for updated catalogs as they’re provided by third parties. It’s also possible to specify dependencies for updates so that a given update cannot be published otherwise.
Updates have to be in one of three formats to be packaged and published through System Center Updates Publisher -- .EXE, .MSI or .MSP. The updates also have to be signed with a certificate that’s in the certificate store on the client or they won’t be accepted.
The most recent version of System Center Updates Publisher makes it possible to publish just the update, just the metadata associated with the update, or both together. This is useful if you want to stage publishing a given update and test for compliance without actually sending the update to the computers. If you’re dealing with an update provider where the updates are sometimes flaky or break compatibility, this feature can really come in handy.
A few other high-level Microsoft partners -- Dell, Hewlett-Packard, Intel and Citrix—have created and published their own update catalogs for both servers and clients. With them, you can obtain and publish updates for hardware and software created by those companies and currently in deployment in your organization. Note that these catalogs are updated regularly, so you may want to contact each respective company directly to learn how often they’re changed.
You can follow SearchWindowsServer.com on Twitter @WindowsTT.
ABOUT THE AUTHOR
Serdar Yegulalp has been writing about computers and information technology for more than 15 years for a variety of publications, including InformationWeek and Windows Magazine.