How to add non requested security patch to MBSA package ?
Hell,
i'm using the SMS 2003 server to deploy security patches over our network. When is new security patch released, the SMS 2003 detects total number of computers whichs are affected and shows me the number.
Then I can create so called MBSA package with encapsulated requested security patch. But when the patch isn't requested the wizard for MBSA package don't allow me add non requested patch (for example if users adds this package manually).
I know, that it is not necessary because the patch isn't requsted , but what when i add some new computers?
So - the problem is - I see the package in MBSA packages with 0 requests and I can't add this patch to MBSA package by wizard.
i'm using the SMS 2003 server to deploy security patches over our network. When is new security patch released, the SMS 2003 detects total number of computers whichs are affected and shows me the number.
Then I can create so called MBSA package with encapsulated requested security patch. But when the patch isn't requested the wizard for MBSA package don't allow me add non requested patch (for example if users adds this package manually).
I know, that it is not necessary because the patch isn't requsted , but what when i add some new computers?
So - the problem is - I see the package in MBSA packages with 0 requests and I can't add this patch to MBSA package by wizard.
0 Comments
[ + ] Show comments
Answers (1)
Please log in to answer
Posted by:
sjames
19 years ago
You can use the "create client templates for reference computer desired state" setting in the wizard. This adds a /x to the command line which you can use to create an authorization list file. You'd therefore get the updated mssecure.cab and run this scan on a reference machine so that you get an updated authorization file before inventory is returned by your clients. The below should work:
1. run 'patchinstall.exe /x' on the reference machine
2. create a DSUW package on site server (this is kind of a dummy so don't worry about which patches you enable)
3. copy 'security_patchauthorize.xml from the ref machine (I think it creates this in the user's temp directory - Start-Run and type %temp%) and place it in the package directory created in step 2
4. rename security_patchauthorize.xml to "patchauthorize.xml"
5. start the DSUW again and select the dummy package and find the one you want to authorise
However, the easiest way in future is to upgrade to SP1. In SP1, when you run the sync component any new patch information is automatically injected into the database, allowing you to deploy immediately.
1. run 'patchinstall.exe /x' on the reference machine
2. create a DSUW package on site server (this is kind of a dummy so don't worry about which patches you enable)
3. copy 'security_patchauthorize.xml from the ref machine (I think it creates this in the user's temp directory - Start-Run and type %temp%) and place it in the package directory created in step 2
4. rename security_patchauthorize.xml to "patchauthorize.xml"
5. start the DSUW again and select the dummy package and find the one you want to authorise
However, the easiest way in future is to upgrade to SP1. In SP1, when you run the sync component any new patch information is automatically injected into the database, allowing you to deploy immediately.
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.
