Configuration Manager with Jason Lewis
SCUP Catalogs Best Practices
Follow me on Twitter @JLewisMS
This configuration pack contains configuration items intended to manage your Exchange Server 2007 server roles. The settings contained in this configuration pack are based on the results of service engagements by the IT Operational Excellence Organization, a part of the Microsoft Services division.
The Microsoft Exchange Server 2007 Operational Configuration Pack includes configuration items for the following:
You can download here.
Here is the next screencast in my Desired Configuration Management (DCM) series. Today’s topic is “Authoring Active Directory Query Settings”.
If you would like to learn more about Active Directory Queries visit our TechNet site here.
To view this screencast in other formats visit: http://technet.microsoft.com/en-us/edge/dcm-authoring-active-directory-query-settings.aspx
Here is the next screencast in my Desired Configuration Management (DCM) series. Today’s topic is “Authoring Registry Key Objects”.
To view this screencast in other formats visit: http://technet.microsoft.com/en-us/edge/dcm-authoring-registry-key-objects.aspx
Here is the next screencast in my Desired Configuration Management (DCM) series. Today’s topic covers “Authoring File or Folder Objects”.
To view this screencast in other formats visit: http://technet.microsoft.com/en-us/edge/dcm-authoring-file-or-folder-objects.aspx
Here is the next screencast in my Desired Configuration Management (DCM) series. Today’s topic is “Authoring Assembly Objects”.
To view this screencast in other formats visit: http://technet.microsoft.com/en-us/edge/dcm-authoring-assembly-objects.aspx
Here is the second screencast in my DCM series. This one covers Configuration Item Types. Enjoy!
To view this screencast in other formats visit: http://technet.microsoft.com/en-us/edge/dcm-configuration-items-types.aspx
I’m proud to announce that our System Center Configuration Manager 2007 Toolkit V2 has went live on the Microsoft Download Center today. This release is a follow up to our original release back in 2007. With this V2 release we re-introduced the Delete Group Class, MP Troubleshooter, Preload Package and Send Schedule Tools from the SMS 2003 Toolkit. All four tools where frequently requested from our customers and we are happy to enable them for use with ConfigMgr 2007 with some added features (not present in SMS 2003 Toolkit version of tools). The release also includes an updated Security Configuration Wizard Template for ConfigMgr 2007 SP2 and Windows Server 2008 R2. Furthermore this release includes all the *original 2007 Toolkit tools along with the new ones in one easy to install MSI.
*All the original ConfigMgr 2007 Toolkit Tools are included in this release but are untouched except for a standardize version number (4.0.6221.1035). We grouped all the original tools along with the new ones into one MSI so that customers do not have to install two or more MSIs to get all the available toolkit tools for ConfigMgr 2007.
The following list provides specific information about each tool in the toolkit.
We have a guest blogger today. I would like to thank Curtis Sawin for writing this great article on how to automate creating and publishing updates via PowerShell.
…
In previous posts, we demonstrated how one can create and publish a Windows Installer Patch (MSP file) to WSUS for use by Configuration Manager (or SC Essentials). The next step is to automate this process.
In order to do this, one must use the WSUS APIs. There is no COM automation interface available, which excludes VBScript. PowerShell is excellent for leveraging such APIs. Below is some sample code that demonstrates how to leverage PowerShell to script the WSUS APIs. The full script can be downloaded from the TechNet Script Center Repository.
Notes
The code below is designed for simplicity and readability. Meaning, there’s no error handling, and hard-coded paths are used. It’s designed for demo purposes only. Another important item to note is that SCUP is not used at all in this process. Since SCUP is built entirely on the WSUS APIs, the below code leverages the WSUS APIs as well. This means two things:
· One does not need to install SCUP to run the below code. One needs to install either the WSUS admin console or run the code on a WSUS server to have the APIs available.
· Any update that is created and published using the WSUS APIs directly will not appear in the SCUP console.
When publishing custom updates to Configuration Manager, one must configure the Software Update Point component (see screen shot below) to sync your custom updates. Specifically, the vendor and product must be selected in the SUP component properties (Site Management >> [Site Name] >>Site Settings >> Component Configuration).
Overview
The basic process is as follows:
1. Define the MSP file to be published
2. Connect to the WSUS namespace
3. Create the catalog xml file in memory
4. Add the appropriate metadata (title, description, etc)
5. Save the catalog file to the file system
6. Publish the catalog and MSP file to WSUS
Details
Step 1 – Define the MSP file to be published
# Define MSP file
$pkgPath = "C:\demo1\sample1\sample1.msp"
Step 2 – Connect to the WSUS Namespace
Load the WSUS namespace and create a SoftwareDistributionPackage object.
# Load the WSUS Namespace and create SoftwareDistributionPackage object
[reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") | out-null
$sdp = new-object('microsoft.updateservices.administration.SoftwareDistributionPackage')
Step 3 – Create the catalog XML file in memory
$sdp.PopulatePackageFromWindowsInstallerPatch($pkgPath)
Create the basic catalog xml file by calling PopulatePackageFromWindowsInstallerPatch. This method does 90% of the work in this script. It generates the catalog xml file for you. At this point the XML file is in memory only.
Step 4 – Add the appropriate metadata (title, description, etc)
Next, one must create the required properties in order to publish to WSUS.
# Add properties
$sdp.Title = "Sample1"
$sdp.Description = "This is the 1st sample MSP update"
$sdp.VendorName = "MyCompany"
$sdp.PackageType = "1" # Update
$sdp.PackageUpdateClassification = "3" # Security Updates
$sdp.SecurityRating = "1" # Critical
$sdp.ProductNames.Add("MyProduct") | out-null
$sdp.AdditionalInformationUrls.Add("http://bing.com")
Couple notes here. First, if one were to use SCUP to create an update, the properties listed above are all highlighted as required in order to proceed through the wizard. Second, the PackageType, PackageUpdateClassification, and SecurityRating are enumerations, and the above code sets their integer values. Lastly, note the ProductNames and AdditionalInformationUrls properties. These properties are StringCollections. In order to create a product name or a single URL, one must add an item to the collection by using the Add method.
Next is the (relatively) tricky part. Each SoftwareDistributionPackage object contains at least one InstallableItem. Further, an InstallableItem element contains information about the update file, including the file name, file size, timestamp, URL location, and the file digest. This information is stored in the OriginalSourceFile property of the InstallableItem; and this property represents a FileForInstallableItem object (whew!). This means that one must create a new FileForInstallableItem object, set its properties, then set the OriginalSourceFile property with this object.
So what’s a file digest? Basically, it’s the hash value of the update file, represented in a specific format (SHA-1 using base 64 encoding). In order to get the hash value one must use the ComputeHash method of the SHA1CryptoServiceProvider class.
# Get hash value of MSP file
$pkg = (new-object("System.IO.FileInfo")($pkgPath))
$provider = New-Object System.Security.Cryptography.SHA1CryptoServiceProvider
$digest64 = [System.Convert]::ToBase64String($provider.ComputeHash($pkg.OpenRead()))
$instream.Close | out-null
# Define file properties of MSP
$FileItem = new-object('microsoft.updateservices.administration.FileForInstallableItem')
$FileItem.FileName = "sample1.msp"
$FileItem.OriginUri = "file://mycomputer/demo1/sample1/sample1.msp"
$FileItem.Digest = $digest64
$FileItem.Modified = $pkg.LastWriteTimeUtc
$FileItem.Size = $pkg.Length
$sdp.InstallableItems[0].OriginalSourceFile = $FileItem
Step 5 – Save the catalog file to the file system
At this point, the catalog XML file is fully populated. However, before one can publish it, the catalog file must be saved to the file system.
# create update catalog file
$sdpFilePath = "C:\demo1\sample1.xml"
$sdp.Save($sdpFilePath)
Step 6 – Publish the catalog and MSP files to WSUS
The only task left is to publish the update to WSUS. This can be done by connecting to the WSUS server, then publishing the update by using the PublishPackage method. The GetUpdateServer method is used to connect to the WSUS server, and the GetPublisher method creates an IPublisher instance that represents the update to be published. If the WSUS server is local, one does not need to provide any parameters to the GetUpdateServer method. Otherwise, one must provide the remote WSUS server.
# Get WSUS server and publish
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer();
$publisher = $wsus.GetPublisher($sdpFilePath)
$dir = $pkg.Directory
$publisher.PublishPackage($dir, $null)
Note that the PublishPackage method takes a directory as a parameter and it places everything in that directory into a cab file. So make sure that only relevant files (like your MSP file) are included in the directory. Anything else in this directory will get published to the WSUS server.
After your update is published to WSUS, it will appear in the Configuration Manager (or SC Essentials) console after the next update synchronization.
Summary
Publishing MSP files as custom updates is easy to do. It’s much easier than creating and publishing an update out of an MSI or an EXE, as one does not need to create the applicability rules. When the PopulatePackageFromWindowsInstallerPatch method is generated, the catalog file automatically gets updated with all MSI ProductCodes to which the MSP applies.
This automation can be especially helpful to IT organizations that would like to deploy 3rd party MSP files as updates, as it provides the ability to “one-click” the publishing of an MSP file to Configuration Manager. It’s even more beneficial to IT organizations that create their own MSP files that may do this task frequently.
Again, the full script can be downloaded from the TechNet Script Center Repository. Additionally, below are some links that also provide sample code:
Script Center - Publish an MSP Package into a WSUS Server
MSDN Library – Local Publishing of Updates and Applications
I would like to let everyone know that I will be attending the Microsoft Management Summit (MMS) next week (April 19-23) and I would love the meet with you if you are attended as well. If you would like to chat about SCUP, Configuration Packs or anything else Configuration Manager related email me through my contact form and we can find a time to meet. Along with my main lab proctoring duties I will also be leading a Community Lounge SCUP talk where I will be answering your questions. Stop by if you are attending MMS and would like to learn more about SCUP. Below is more information on the talk.
Please note new time for the SCUP Talk (2:30pm)
Topic: System Center Updates Publisher (SCUP) When: Tuesday, April 20th from 2:30pm-3:00pm Where: Influencers Lounge near MMS registration
This is my first screencast on a new series, Desired Configuration Management. We start off the new series with an introduction to DCM. Enjoy!
To view this screencast in other formats visit: http://technet.microsoft.com/en-us/edge/dcm-introduction.aspx