Using System Center Essentials as a patch management tool

There are plenty of third-party patch management applications on the market, but many of them tend to be expensive and really complicated to use. So although Microsoft didn't design System Center Essentials for deploying third-party patches, it would be beneficial to know how to use it for that purpose.

Keep in mind: Every software vendor has its own way of patching its products. The technique demonstrated in this tip has worked many times in the past. However, since every vendor does things differently, I don't guarantee that it will work in every situation.

System Center Essentials includes an application deployment feature that can also be used to deploy patches. The trick is to make sure that patches are deployed to the correct machines. For that, we can use computer groups.

The software creates computer groups for viewing a list of computers that have similar purposes. For example, System Center Essentials creates default groups for "All Computers," "All Clients" and "All Servers." But it does allow you to create custom computer groups, too.

To see how this ties in with patch management, let's pretend that you have an application that needs to be installed onto the computers in your network. If the ultimate goal is not only to install the application, but also to keep it patched, then you should create a computer group that represents the computers that you will install the application onto.

To do so, follow these steps:

• Select the Computers Node.
• Right click on the Computer Groups container.
• Choose the "New Group" command from the shortcut menu. You will now see a dialog box to use for creating new computer groups.
• Name the computer group after the application that it will be used to manage.
• Select the computers on which the application will be installed. (See Figure A.)

Figure A: Create a group named after your application. (Click on image for enlarged view.)

Managing the group's membership may eventually become a lot of work. Fortunately, there is a shortcut. In Figure A, there is an option to select computers from a managed computer group. By choosing this option, you can then select from various computer groups that System Center Essentials uses internally and manages automatically. (Figure B demonstrates this option.)

Figure B: Select from one of the managed computer groups. (Click on image for enlarged view.)

When you create the new computer group, it will be added to the list of computer groups. Right click on the computer group and you will be given the option of deploying a software package to the group members. You can use this option to initially deploy the application. It can also be used to deploy patches for the application since all of the group members should be using the application that is being patched.

Not every patch is going to come in a Windows installation package, but the software node contains a mechanism for creating installation packages around executable files. When you create a software package and approve it for deployment, you can set a deadline on the package. That way, the application can be deployed automatically if the user hasn't deployed the application by a certain date and time.

ABOUT THE AUTHOR:

Brien M. Posey, MCSE Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Exchange Server and has previously received Microsoft's MVP award for Windows Server and Internet Information Server (IIS). Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal website at http://www.brienposey.com.

Rate this Tip To rate tips, you must be a member of SearchEnterpriseDesktop.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Endpoint security management tools How to get -- and keep -- user support with security MDOP for Windows 7 available now Microsoft's Online Desktop Manager caters to small IT shops Monitoring user activity with network analyzers Using third-party technologies with Microsoft's NAP Understanding Microsoft's NAP's internal and external components Microsoft's NAP can ensure security compliance Top 5 registry keys for Windows XP Microsoft releases WSUS 3 SP2 with Win 7, R2 support Troubleshooting Microsoft WSUS connectivity issues Windows desktop security tips Improvements to offline file synchronization in Windows 7 How to get -- and keep -- user support with security Structuring patch management in seven steps Underlying causes of inconsistent patch management Monitoring user activity with network analyzers Microsoft's Patch Tuesday brings a bumper crop of security fixes Using third-party technologies with Microsoft's NAP Understanding Microsoft's NAP's internal and external components Microsoft's NAP can ensure security compliance Top 5 registry keys for Windows XP RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary system tray  (SearchEnterpriseDesktop.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.