Monday, November 10, 2008

Pointsec for PC: Using SCCM to Upgrade (Part 1)

This is going to be a two part update because it is long enough that I just don't want to put it all into a single posting. I'll make sure to put a link in for the 2nd part once I've written it. EDIT: Later on I added a part 3 to this series.

So here is the deal. When we first started testing Pointsec in our environment we were on version 6.1, and as time has gone on we have released clients with just about every version of software in between. As a result, even though we have more machines running 6.3.1 HFA4 than any other version, most of our clients are still not running HFA4. I needed a way to quickly identify these machines and hopefully upgrade them. I decided that using Microsoft System Center Configuration Manager (SCCM) was the way to go on this one.

For this particular job, I decided to use a collection that would shrink as the software was installed on the machines. I've seen several names for collections like this: negative collections, inverse collections, and subselect collection. In this first part of this topic, I'm going to discuss how I created the collection.

The first step in creating a shrinking collection is to create a query of the machines that are actually running the correct software. So I opened up my Configuration Manager Console and went down to queries. I created a new query called Pointsec 6.3.1 HFA4, and clicked the edit queries button. On the General tab, I set the output to be distinct (omit duplicate rows) by clicking the checkbox. Then I added a result by clicking the yellow star and selected only System.Name.
Next I moved over to the criteria tab and clicked the yellow star again. This time I want a simle value, Software Products - Product Name and I want it to be equal to "Pointsec PC." Right now this will give me any machine that has Pointsec on it.

Now click the yellow star again, and this time we will set Software Products - Product Version to be equal to "Version 6.3.1 HFA4". Click through the rest of the wizard or just say OK if you're modifying an existing query. Now if you click on the query, you should get a list of all the machines that have Pointsec for PC version 6.3.1 HFA4 installed.

The next step in this process is to create another query. This time we're going to look for all the machins that have Pointsec installed but that are not listed in our first query. Start the process of creating a new query. Once again we want to eliminate duplicate rows and return System.Name just as above. Move over to the criteria tab. The first criteria is going to be the same as above, Software Products - Product Name = "Pointsec PC." The second criteria is where the magic happens. The criterion type is going to be Subselected values. Set where to be System.Name and the operator to "is not in" and click the browse button. Find and select the first query that you created above. Finish the wizard and you've got a query of all the machines that are running Pointsec for PC, but not the latest version. These are the machines that need to be updated.

Now we can create a collection for them. Go up to collections, right-click and select New Collection. Give it a name and click Next. On this page, click the yellow query button and select Import Query Statement. You should be able to find the 2nd query that you created in the list. Now click through the rest of the wizard. Voila, you've now got a collection that you can advertise to. As the version of Pointsec is updated on these machines, they will disappear out of the collection and you're only viewing the list of work waiting to be done.

In the next installment, I'll talk about how to create an upgrade program for Pointsec and how to advertise that to your new shrinking collection.

No comments: