System Center Essentials is a systems management product containing several management tools all rolled into one application. It can be used as patch management software for Microsoft products, but it isn't really intended to manage third-party patches. However, with a little creativity, you can use its software deployment feature as an application patch management tool.
There are plenty of third-party patch management applications on the market, but many of them tend to be expensive and really complicated to use. So although Microsoft didn't design System Center Essentials for deploying third-party patches, it would be beneficial to know how to use it for that purpose.
Keep in mind: Every software vendor has its own way of patching its products. The technique demonstrated in this tip has worked many times in the past. However, since every vendor does things differently, I don't guarantee that it will work in every situation.
System Center Essentials includes an application deployment feature that can also be used to deploy patches. The trick is to make sure that patches are deployed to the correct machines. For that, we can use computer groups.
The software creates computer groups for viewing a list of computers that have similar purposes. For example, System Center Essentials creates default groups for "All Computers," "All Clients" and "All Servers." But it does allow you to create custom computer groups, too.
To see how this ties in with patch management, let's pretend that you have an application that needs to be installed onto the computers in your network. If the ultimate goal is not only to install the application, but also to keep it patched, then you should create a computer group that represents the computers that you will install the application onto.
To do so, follow these steps:
- Select the Computers Node.
- Right click on the Computer Groups container.
- Choose the "New Group" command from the shortcut menu. You will now see a dialog box to use for creating new computer groups.
- Name the computer group after the application that it will be used to manage.
- Select the computers on which the application will be installed. (See Figure A.)
Managing the group's membership may eventually become a lot of work. Fortunately, there is a shortcut. In Figure A, there is an option to select computers from a managed computer group. By choosing this option, you can then select from various computer groups that System Center Essentials uses internally and manages automatically. (Figure B demonstrates this option.)
When you create the new computer group, it will be added to the list of computer groups. Right click on the computer group and you will be given the option of deploying a software package to the group members. You can use this option to initially deploy the application. It can also be used to deploy patches for the application since all of the group members should be using the application that is being patched.
Not every patch is going to come in a Windows installation package, but the software node contains a mechanism for creating installation packages around executable files. When you create a software package and approve it for deployment, you can set a deadline on the package. That way, the application can be deployed automatically if the user hasn't deployed the application by a certain date and time.
ABOUT THE AUTHOR:
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies.