Sunday, January 13, 2013

SCCM 2012 SP1 Software Update Point and Endpoint Protection Point

SCCM 2012 SP1 Software Update Point and Endpoint Protection Point


After this lap, SCCM 2012 should be able to push the following to all the targeted ‘Collections’
·       Push Operating System Update to the certain Collections accordingly automatically, for instance, all windows 8 updates will be pushed to Windows 8 ‘Collection’ container.
·       Will push Endpoint Protection to all systems, and push updates automatically.
·       Alerts will be generated if things go wrong.

Collections setup

Click on Assets and Complicance in the console, click on Device Collections and in the ribbon click on Create Device Collection.

Call the collection All Windows 7 Computers and limit it to All Systems

click next, choose Query Rule from the drop down menu and fill in a Query like so (edit query statement, criteria, show query language and replace the code with the below)

select *  from  SMS_R_System where SMS_R_System.OperatingSystemNameandVersion like "%Workstation 6.1%"

set the schedule as follows (it's a LAB)

click next through the wizard, the collection is now created.

Please change parameter of the Query rule as follow
Windows 7      "%Workstation 6.1%"
Windows 2008  "%server 6.1%"
Windows 8         "%Workstation 6.2%"
Windows 2012   "%server 6.2%"

Add SUP and Endpoint Protection Point Role

1.     Open ‘Configmgr’ -> ‘administration’->’site Configuration’ -> ‘Server and Site System Roles’ -> Right click the site server which you want to add the roles to -> ‘add site system roles’

2.     As I am using Win2012, so for WSUS setting as follow

3.     Auto sync

Configure Alerts for Collections

Next let's configure Alerts for a Collection, but first let's create a collection called All Windows 7 Computers (in a LAB this is fine for what we want to do, in Production you should create EndPoint Protection specific Collections).

Note:- You cannot configure alerts for User Collections.
In Assets and Compliance select Devices and choose Device Collections, select the All Windows 7 Computers collection (we have no computers in this collection yet but we will have soon), choose properties

Click on the Alerts tab and place a checkmark in View this collection in the Endpoint Protection Dashboard

click on Add and select all the options

click ok and leave the other Alert settings as they are

 Configure SUP to deliver Definition Updates

1.     ‘\Software Library\Overview\Software Updates\Automatic Deployment Rules’
And create a new ‘Automatic Deployment Rule’


S3 replication cross region to another account

preparation create the above buckets in two AWS accounts source: leo-functions destination: leo-functions-rep Create IAM role in source acco...