Archive

Posts Tagged ‘sms’

The Complete Guide To Deploy 3rd Party Update Via WSUS Infrastructure

07/04/2013 2 comments

One of the annoying things with non-Microsoft vendors is their large amount of update (for example Adobe Flash) and the lack of ability to manage it in your company’s computers

In this post I’m assuming that you already have WSUS infrastructure in your organization, and if not you should have it before trying to do the following steps. (I hope that someday I have the time to publish my WSUS best practice from my experience).

Don’t you want to see this thing on your computers?

scup3

scup4

Well, let’s start

  1. Local Update Publisher

Local Update Publisher (LUP), is a software that allow system administrators to publish their own update or 3rd party update   using WSUS Local Publishing.

You can download it here and install it on your WSUS server, there is an installation manual in this link.

  1. Certification

The most difficult issue in this the ExportImport of the WSUS Certification, the LUP WIKI don’t showing the way to do it right

The WSUS Server need to issue itself a certification, and this certification need to installed in all WSUS clients.

What you really need to remember is that the Exported Certification needs to be 2046 Bit, and you need to deploy it with group policy to computers in to places:

    • Trusted Root Certification Authorities.
    • Trusted Publishers.

 

  1. WSUS policy

One more Change that you need to do is on the WSUS GPO (or computer registry if you don’t manage it with policy)

In the GPO (computer configuration > policies > administrative templates > windows components > Windows Update) you should enable: “Allow signed updates from an internet Microsoft update service location”

The registry value that Present this policy is AcceptTrustedPublisherCerts in :  HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdate

Need to look like that: “AcceptTrustedPublisherCerts”=dword:00000001

  1. XML Import

The next step is to go 3rd-party  vendors site and search for distribution terms of their products (like: SCUP, SCCM, SMS,  etc.)

For example:

FLASH: http://www.adobe.com/licensing/distribution/strategies/sms.html

Acrobat Reader: http://www.adobe.com/devnet-docs/acrobatetk/tools/AdminGuide/sccm.html

Now what you have to do is to import the catalogue file into the LUP, select the versions you want to import and the LUP will download it from the site

123

Now approve the update to the group you want (like you do in WSUS)

You can also create an update by your own, I Didn’t try it yet…

scup5

Categories: Microsoft, Windows, WSUS Tags: , , , , , , , , , , , ,