This is the second part of a two-part article on System Center Updates Publisher (SCUP) 2011. This part details how you can create a custom catalog for automating third-party product updates.
- How to create a PowerShell alias - Tue, Jul 29 2014
- System Center Updates Publisher – Create a SCUP catalog - Fri, May 23 2014
- System Center Updates Publisher – Third-party patch management - Wed, May 21 2014
Third-party SCUP catalogs
By default, only three vendor catalogs are pre-loaded into SCUP, albeit entirely for free:
Other OEMs, such as IBM or Samsung, seem reluctant to provide catalogs as of yet. Fujitsu, however, has a catalog for its Primergy servers.
Thankfully, you can find other third-party vendor packages available elsewhere, but ironically there are two companies that provide update catalogs for many popular third-party applications such as Oracle Java and 7-Zip. They are Shavlik (Shavlik Patch for Microsoft System Center) and PatchMyPC.
Custom software update catalogs
Perhaps the best thing about SCUP is the ability to create your own updates to deploy up to three file types:
This can ultimately allow you to deploy updates for drivers, applications, or even BIOSes, although the latter is not recommended if you use BitLocker.
If SCUP has an Achilles heel, it’s that the command line is restricted, by design, to avoid mistakes. Unfortunately, this adds an unwanted restriction: you can’t use the dash “-” or full stop “.” characters in the command string. Microsoft is planning a fix in a future update.
Create a SCUP catalog
Creating an update is simple enough and is very similar to creating packages within Configuration Manager. You start with a source folder, provide the filename and path, and then populate the mandatory fields for the version, description, and name. Microsoft recommends including all metadata as well as the mandatory information. Note that “Binary Language” is simply the target language and affects WSUS synchronizing.
The interesting part in the wizard is in the following three steps: prerequisite rules, updates, and supersedence rules. You can simply skip the prerequisite rules. They are obsolete and kept for flow only. Any rules you add here will be grouped into the “IsInstallable” logic. Best practice is to just use the rules in the Installable Rules section instead.
Note that you also get the facility to require certain updates to be installed, on the prerequisites step.
Create Software Update Wizard
The next step in the wizard is supersedence. This is where you can select what patches to install, in what order, prior to the main update.
The final stage includes two very similar steps: installable rules and installed rules.
- Installable rules determine if the update is applicable.
- Installed rules determine if the update was successful.
SCUP applicability rule (detectoid)
These last steps allow you to choose whether an update installs according to specific rules. You can make these rules as simple or as complex as you like, and you can include file or registry checks. Amusingly, Microsoft has invented a new word for these rules: detectoids. If you type WSUS into the search field, you will see a list of predefined detectoids that check language (even Welsh), OS version, and more (see screenshot).
Once you have completed the wizard, you simply need to publish the custom catalog and wait for your updates to appear in the ConfigMgr console’s Update node (see Figure 2: SCUP integration into Configuration Manager). You can then deploy them just as you would any other Windows update.
The key to SCUP is using up-to-date catalog files for any major software vendors you use in your business. Even using Adobe’s catalog alone, though, will reap rewards. Once you include hardware vendors such as HP and Dell, or even your own custom catalogs, the savings can be huge. At the very least, you can spend your time working on more profitable and far more interesting work than patching software.