Unified physical and virtual IT management for midsized businesses
[Correction: The Vista SP1 package will be availabe via the Microsoft Update Catalog - I'll provide a link to the KB article detailing how to import Vista SP1 into Essentials once the article is live!]
Windows Vista SP1 will be released as an update on Microsoft Update (MU) Catalog. The patch is very large and there is a bug in Windows Server 2003 in the WinVerifyTrust API that will cause signing validation to fail.
What this means is that once you approve this update on a System Center Essentials 2007 server on a Windows Server 2003 server, every time the server sync’s from MU it will redownload the package, fail the cert validation, and so the download will fail. The problem will continue until you install the WinVerifyTrust patch on the System Center Essentials server. This patch is a hotfix (not a public GDR), so is not intended to be widely distributed. We recommend it only be installed on the System Center Essentials server itself.
You can obtain this hotfix here:
Windows Server Update Services cannot download large Windows update files in Windows Server 2003http://support.microsoft.com/kb/888303/en-us
System Center Essentials provides several ways to remotely manage computers, including:
Sometimes though what is wanted is just a remote command window without the overhead of opening a full remote desktop session.
The PsExec tool which is one of the SysInternals tools provides a way to open a remote command window without needing to install anything on the remote computer.
You can find out more about PsExec from: http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
With psExec installed you can open a remote command prompt by calling it as follows:
psExec \\computer cmd
psExec \\computer cmd
If you have psExec installed on your computer with the Essentials console you can create a task in Essentials to open a remote command window from within Essentials.
To create this task:
In the Computers workspace, with a computer selected there is now a "Remote Command Window" task that is available. Selecting this task will open a remote command window for the selected computer.
System Center Essentials 2007 SP1 supports WSUS 3.0 SP1 being upgraded to WSUS 3.0 SP2. Customers who are currently running Essentials 2007 SP1 can upgrade to WSUS 3.0 SP2. For how to download WSUS 3.0 SP2 and the improvements in WSUS 3.0 SP2, please see http://support.microsoft.com/kb/972455.
Q) I currently have Essentials 2007 SP1 installed on Windows Server 2003. Can I upgrade WSUS 3.0 SP1 to WSUS 3.0 SP2?
A) Yes. You can upgrade to WSUS 3.0 SP2, if you have installed Essentials 2007 SP1 on Windows Server 2003 (either 32-bit or 64-bit).
Q) I currently have Essentials 2007 SP1 installed on Windows Server 2008. Can I upgrade WSUS 3.0 SP1 to WSUS 3.0 SP2?
A) Yes. You can upgrade to WSUS 3.0 SP2, if you have installed Essentials 2007 SP1 on Windows Server 2008 (either 32-bit or 64-bit).
Q) I currently have Essentials 2007 SP1 installed on Windows Server 2003 with SQL Server 2005 Express Edition. Can I upgrade WSUS 3.0 SP1 to WSUS 3.0 SP2?
A) Yes. Essentials 2007 SP1 supports upgrading WSUS 3.0 SP1 to WSUS 3.0 SP2 with SQL Server 2005 Express Edition or SQL Server 2005 Standard Edition. This is supported regardless of whether the database is installed on the Essentials management server or installed on a remote computer.
Q) Can I install Essentials 2007 SP1 on a system on which WSUS 3.0 SP2 is already installed?
A) The Essentials product team is investigating this and will be updating this issue in an upcoming blog post
Q: Is Essentials 2007 SP1 supported with SQL Server 2008.
A) No, Essentials 2007 SP1 is not supported with SQL Server 2008. Essentials 2010 will support SQL Server 2008.
This announcement is to alert you that the next version of System Center Essentials Technology Adoption Program (TAP) is now accepting nominations.Do you want to be part of making the next generation of the System Center Essentials product great? If you are a responsible for managing the IT assets and services for a midsized business and have a passion for providing feedback, you could be a great candidate for our Technology Adoption Program (TAP). We view our TAP program as one of the most important investments we make as a product team. We are very selective in which customers we invite to participate and we intend is to partner very closely with you. Our goal is to develop a mutually beneficial and long term relationship with you to enable building the next version of the System Center Essentials product that is designed to meet your needs to the best of our abilities.
For more information and to nominate yourself for the TAP please click this link.Thank you! The System Center Essentials Team.
We've heard it from you! You've been using WSUS for years and you have been using different Windows Update settings for your clients and servers. Maybe you want your clients to automatically download and install approved updates, but your servers should only download and notify the administrator. Now you can with System Center Essentials 2010 using the same approach you used with WSUS! Check out this excerpt from the Essentials 2010 Operations Guide.
How to Create Custom Update Settings for Client and Server Computers in Essentials
System Center Essentials 2010 uses Group Policy to configure the Windows Update agent to receive updates from the Essentials management server. These settings apply to all computers managed by Essentials unless you create a new Group Policy object (GPO) to customize the update settings. This section provides information about the default Windows Update agent settings and instructions on creating a GPO to apply to a specific group of computers, such as clients or servers, with customized Windows Update settings.
Default Windows Update Agent Settings in Essentials 2010
The default Windows Update settings used by Essentials are shown in the following table.
Windows Update Setting
Configure automatic updates
Configure automatic updating
4 (auto-download and schedule the install)
Scheduled install day
0 (every day)
Scheduled install time
Specify intranet Microsoft Update Service location
Intranet update server
Intranet statistics server
Allow signed content from intranet Microsoft Update service locations
No auto-restart for scheduled Automatic Updates installations
These settings are included in the SCE Managed Computers <management groupname> group policy object.
To customize Windows Update settings using a Group Policy Object
1. Create an Active Directory Group Policy object (GPO) in the same domain as the computers to which you want to apply customized settings. For more information, see “Create a Group Policy Object” in the Microsoft TechNet Library (http://go.microsoft.com/fwlink/?LinkId=161344).
2. Change the security filtering of the GPO from Authenticated Users to the SCE Managed Computers <management group name> security group. For more information, see “Assign Security Group Filters to the GPO” in the Microsoft TechNet Library (http://go.microsoft.com/fwlink/?LinkId=161346).
3. Link the Group Policy object to the organization units (OU) containing the computers to which you want to apply the customized Windows Update Agent settings. For more information, see “Link the GPO to the Domain” in the Microsoft TechNet Library (http://go.microsoft.com/fwlink/?LinkId=161347).
4. Edit the Windows Update Agent settings in the GPO.
5. After the group policy refresh interval has elapsed (every 90 minutes by default, with a random offset of 0 to 30 minutes) the computers with customized Windows Update Agent settings will be configured.
6. If you want to revert back to the original Windows Update settings configured by Essentials 2010, you can delete the customized GPO you created in step 1.
7. If you uninstall Essentials 2010, be sure to delete any customized GPOs you have created.
Supported Customizations to Windows Update Agent Settings in Essentials 2010
The supported customizations to Windows Update settings used by Essentials 2010 are shown in the following table. For more information, see “Configure Automatic Updates by Using Group Policy” in the Microsoft TechNet Library (http://go.microsoft.com/fwlink/?LinkId=161349).
Supported Customizable Value
Configure Automatic Updates
Configure Automatic Updating
Scheduled Install Day
Scheduled Install Time
Intranet Update Server
Intranet Statistics Server
Enable client-side targeting
Reschedule Automatic Update scheduled installation
Automatic Update detection frequency
Must be less than 24 hours
Allow Automatic Update Immediate Installation
Delay Restart for Scheduled Installations
Re-prompt for Restart with Scheduled Installations
Allow non-Administrators to Receive Update Notifications
Remove Links and Access to Windows Update
Tell us what you think! Please give us feedback in our managed forums on configuring different update settings for managed computer.