Right... Today (SCCM1806) its minimum 2 manual processes (In my mind) you have to do before you can get new content to client. Both must be addressed. Proposed ADR only fix the last one. So why just automate 1 of 2 manual steps?
1. Syncing of 3-party catalog for updates (get metadata of updates). You must right-click on catalog and sync it before part 2.
2. Right-click on update, Publish Third-party content to client (get binary from source specified in metadata) = Here is the authors solution comes in, yes we need this as well, but what about step 1?
Normal WSUS-sync does not include 3party catalog sync, that's correct. Not even SCUP download new metadata automatically. SCUP can see that catalog(s) has been changed by fingerprinting but it never updates its own database. For me anyway... But you can make it to download and publish binaries automatically if it’s find "a number of clients" how needs the update by the Required-field in the SCCM database when you run import/update catalog in SCUP, as long you have connected SCUP to SCCM and set your published updates as automatic…
The "Schedule..." option IS to automatically update catalog metadata from 3-party in SCCM/WSUS. With "new/fresh" metadata you can match it with clients. So you can get number of clients how needs the update, or even know there is an update to begin with.
Today (SCCM1806) there is no option for this, you can smash the “Sync. Software Updates” button in SCCM how many times you like, and it won’t update 3-party metadata. The only option you have is to click on every separate 3-party catalog and click sync now.
And why a separate Sync-Schedule per catalog? Because not every catalog change as often as once every 24 hours. “HP clients, drivers and firmware” catalog is just fine running once a week or mouth. But “Adobe Flash” catalog would be nice to run a check every 24 hours.
Another thing is that 3-party catalogs import and publish all metadata into WSUS and if there’s a lot of catalogs with over 3000-6000 updates so will it be a strain on the WSUS database even if you only want 3 out of 3000-6000 possible updates, you will get them all. Paraphrasing “If you don’t want to publish all metadata into WSUS, then use SCUP.” – Microsoft
THEN use ADR to auto-approve and download the binary(s) within its rule base and publish it.
(This step is what the author is referring to in my mind. And what I'm proposing too, but you still need metadata to find updates/binaries you are trying to publish.)
Only using ADR solution will not get the new metadata from the 3-party catalog if you don’t expand its programmed role. Which in my opinion is a bad idea because it’s not ADR’s inherit role to solve.
Highlight – Expand 3-party catalog with Schedule 3-party sync, Use ADR to approve, download and distribute content.
- Why not include a "Schedule..." under right-click menu for just that catalog? So you can set different sync schema per 3-part catalog. ?
- why not add same mekanism that's in SCUP with automatic content deployment when required update is example "1>=" ?
We are looking into if we can utilize Intel AMT so that authenticate the PC on our network because of lacking support for 802.1x. For the time being We use same method as Cristopher.
Thanks for the feedback. We’re looking at moving the functionality of the Check Readiness step to the task sequence properties and this is one of the additions were considering. Please note this is not scheduled work yet.
Updated by bobmn for sangeev/OSD
Check out the new uninstall behavior in 1804 tp.