LGarvin

I'm not aware that there is an Itanium edition of Flash. Preventing Flash from not installing on Itanium systems is trivial. Please review the provided Flash packages in the synchronized content for great examples of how do define rules for Flash updates. Either add two Processor Architecture rules in in an 'Any' block…

If you only deploy replica WSUS servers, and the local site does not need to be involved in deployment activities, and you enable Reporting Rollup and inventory only the upstream server for enterprise-wide reporting, and do not use any other functionality available in Patch Manager except publishing content to the upstream…

Screenshots don't really help if the image cuts off the most important part of the package. Why aren't you simply using the Adobe Reader update package provided by Adobe? What are you doing in PackageBoot (that's not shown here)? In fact, perhaps more to the point, what are you trying to modify about this *MSP* package?…

A couple of notes. On WS2012, the WSUS console is a "feature", and you'll find it listed under Features -> Role Administration Tools. (See below). Knowing unequivocally that installing WDS would not remove WSUS, nor can you remove a role using the "Add Roles and Features Wizard", it does beg the questions of WSUS…

The update is applicable to both system and per-user installs. In the case of a per-user install, the HKLM\Software key is missing, which means the file version cannot be evaluated, which results in a value of TRUE being returned for twoall three of those Applicability Rules and the update is "Needed". (An extended…

I have an "Altaro" WSUS group with only the systems I want to install on, so that should accomplish the same thing. And yet, your primary issue here is that systems that do not have the product installed are getting updated. The proper way to prevent that behavior is to configure the package so that it can never be…

I was able to do some additional research on this. I'm not entirely sure what happened in your environment, but I'm pretty certain it was not the expired instance of KB2798897 that was involved. On Jan 1, 2013, two instances of KB2798897 arrived on my system as EXPIRED updates. They were never live. (My weekly run of the…

I *STILL* had to add the code signing cert there into Trusted Root Certification Authorities as well. YES... the publishing certificate (the public key side -- the CER file) MUST be installed in both Trusted Root Certification Authorities and Trusted Publishers. And if the certificate is not self-signed, then the entire…

What i actually have noticed is that the tool for some reason pushed a self signed cert when i use this tool and attempt to pull in my code signing cert. Is your Enterprise CA certificate stored in the "WSUS" store of the WSUS Server? If so, delete the self-signed certificate from the "WSUS" store and do a Refresh Update…

Thanks Andrew. I fixed it.

Yeah.. those are inconsistent settings... but then, the "Can request reboot" is an informational only field, so it has no real impact on anything operationally. However, by definition, if Impact="Minor", then Reboot Behavior should be "Never requires reboot". But... your results are most interesting, nevertheless. I will…

The issue I see with the GPO approach is that users will no longer have control of their whitelist. Well.. that's a decision that you have to make. Do you want centralized control (which is the implication of your original question) or do you want the user's to have individual control. You can't have both. :-) Well,…

Another approach that might work for this restricted-use scenario is to create a PowerShell script that has a context defined with Admin permissions using the Connect-Swis -UserName userName -Password password syntax, and takes the name of the Application as a parameter to unmanage the application. The PowerShell script…

What is showing "65.169.102". That number makes no sense to me. But frankly, if you want the MSI Enterprise package to be installed everywhere, then publish the MSI Enterprise package only, and force deploy it to every node. The MSI Enterprise package will upgrade a per-user installation and convert it to an enterprise…

Generally speaking, yes; however, Chrome is a rather unique case. The HKLM\Software\[Wow6432Node\]Microsoft\Windows\CurrentVersion\App Paths key contains a set of subkeys for installed application on the system. In those subkeys are values relating to the installation location of the application. As you scan through those…

I attempted to pre-install SQL Express, but since it is not installed by PM, when the default ewdgs user is created, I ran into rights issue. Yes, there are some manual steps that must be performed when pre-installing an instance of SQL Server. I'm pretty sure they're documented. But perhaps the most significant thing I'm…

The WSUS server & SCCM 2012 are on the same server and are Server 2008R2. The patch manager application server is Server 2012R2 Is there something else I can try? Yes. You have another scenario that is also known and documented that you will need to account for, and this relates to scenarios in which Patch Manager is…

The question is not to move a LOCAL DB to a remote server - the DB is already remote. Yes, which is why I said to make necessary adjustments. :-) The link I provided provides the necessary Patch Manager steps that must be completed. You said your DBA was capable of doing the database move unassisted, so I didn't really…

I wanted to follow-up on this thread. I gave you bad information with the reference to Cirrus.RouteTable (which is actually part of the NCM dataset, not NPM). I see that you've had a long conversation with Tim, and that he's cleaned up the mess I almost created. My apologies for the incorrect information.

And you did this on both systems... the one running DameWare and the one you're trying to connect to? Beyond that, this is something for support to look into, as suggested in the thread last October. Generally speaking, the idea that no "link-local"or "site-local" cloud is available is probably an accurate indication,…

A couple of possibilities: Is the Altaro product a 32-bit application or a 64-bit application. Is the test system an x86 or x64 system? For testing purposes, one useful technique is to remove one rule at a time from the package to see if the results change; or an alternative approach is to add one rule at a time back to…

The ProgramFiles(x86) common path identifier is not defined in the Microsoft SDP schema. Only ProgramFiles is defined, so this is the one you must use, and then parent-path to get to ..\Program Files (x86). Set commonPath = PROGRAM_FILES Set path = ..\Program Files (x86)\yourApplicationFilePath The reason you want to use…

The credential needs to be created for an Update Server rule, and it needs to be a member of the WSUS Administrators group, or a member of the local Administrators group.

It does not, which brings up an important distinction. If the WSUS Server on Site B is assigned to a Management Group hosted by the Management Server on Site B, then there is only one Automation Server for Site B and no routing rule is required. In that case it would be impossible for any traffic to that WSUS server to be…

Your observation on the registry keys is quite likely the issue. We design this package to ensure that Flash is installed, but we have to base that on the current behaviors of Flash -- and that would be the FlashPlayerActiveX key. I would remove that RegistryVersionInString test from the package. The FileVersion test will…

Yes. You'll need to create a structured logic block, that would look something like this: When Architecuture = x86 - test msxml4.dll located in SYSTEM32 folder When Architecture = x64 - test msxml4.dll located in SYSWOW64 folder You can see examples of this logic flow in some of the prepackaged update.. I think the Flash…

The next problem is how I run this as Administrator? All actions performed by the Windows Update Agent are executed in the context of the SYSTEM user.

Noting this in the Release Notes is a good suggestion, Matthew, and I'll pass that along to the product manager and documentation team.

1. It was showing as Not Applicable post-uninstallation. Then you'll want to examine each of your rules in the Prerequisite and Applicability rulesets and determine which rule(s) are not returning a true value, thus causing the update to be NotApplicable when it should be. 3. Yes, I mean 11.0.05. The version of the setup…

I've only approved the x86 packages. The Full Install package is detecting as NotApplicable for computers that do not have update 51 already. The Upgrade package is only showing as NotApplicable if they never got Java 7 in the first place, which is what I'd expect. Thank you for the clarification. And you're certain that…