Friday, November 21, 2008

Pointsec for PC: Using SCCM to Upgrade (Part 2)

In part one of this topic I talked about how to create a shrinking collection in Microsoft System Center Configuration Manager (formerly known as System Management Server). The collection will give you a list of every computer that is running Pointsec, but not the specific version that you want them to run. In other words, you now have a list of machines that need to be upgraded. In this post we'll talk about how to create your upgrade program and deploy it to that collection.

I'm not going to spend a whole lot of time talking about how you put your software onto the Configuration Manager server and create a software package for it. Honestly, that kind of work should be done by your Systems Administrator and it should be fairly basic for anyone that uses Configuration Manager with any frequency. Instead I'd like to talk about the program that you would create to run the update.

Navigate to your Pointsec package in Software Distribution -> Packages. Expand the package you've created for Pointsec and right-click on Programs. Select New -> Program from the menu. The New Program Wizard will appear.

Name this program Upgrade. If you're a fan of the movie Idiocracy you can name the program Upgrayedd with two D's for a double dose of his pimping. The command line for this program is going to be 'msiexec.exe /i "pointsec for pc.msi" REINSTALLMODE=vomus REINSTALL=ALL REBOOT=ReallySuppress /q". I like to run this program hidden, but that isn't completely necessary if you don't mind your users seeing what's going on.

As you click through the wizard, I like to make sure that the program can run whether or not a user is logged on, and that it runs with administrative rights. I also clear the check box to allow users to interact with the program.

Now that you've created the program, make sure you push it out to your Configuration Manager Distribution Points. Click on the program and select Distribute -> Software. Follow the wizard to push your program out to all of the necessary distribution points.

Got that done? OK. Let's advertise your program to the collection that we created in part 1. Right-click on the collection and select Distribute -> Software. Click next to start the Wizard and then select an existing software package. Select your Pointsec package and click next. Later in the Wizard it will ask what program you want to distribute. Select Upgrade or Upgrayedd for a double dose of his pimping. Click Next. I usually take the default name that the wizard provides. On the next screen it will ask if you want to distribute to subcollections. We didn't create a subcollection so your answer here will not matter. On the next screen, do not give the advertisement an expiration date.

It is the next screen where the magic happens. We want to create a mandatory assignment, that way all of our machines will be upgraded to the freshest version of Pointsec. Generally speaking, you should not tell Configuration Manager to ignore maintenance windows unless you really want to have a bad day. Click finish to advertise your program.

Now check back the next day and you should see that there are fewer computers in your shrinking collection. Sweet.

Hey, I wasn't planning to originally, but I've added a part 3 to this post that you might want to check out.

No comments: