6 Replies Latest reply on Jan 4, 2017 11:59 AM by frgpugs

    Integrate SPM into MDT deployment?

    frgpugs

      Has anyone had success integrating patch manager into MDT for windows deployment?  I know I can use WSUS but I think the approval groups are going to be the stopping issue for me here.  Im just curious if anyone has a good way to push out installs with all current updates other than making and sysprepping images all the time

        • Re: Integrate SPM into MDT deployment?
          jbaits

          The right answer is probably to automate your reference image creation. I have MDT install updates as part of the deployment but it takes too long if you aren't working from a somewhat up-to-date Windows image.At least every quarter I kick off a new reference image build. I have a separate MDT instance just for captures that automatically installs Windows, installs all required updates, makes a few settings changes, and captures the new image. All I have to do is test deploy the new image and then update my deployment task sequence.

            • Re: Integrate SPM into MDT deployment?
              frgpugs

              I can automate the capture fine but I think I have a problem with the target groups.  MDT will try 8 times to get updates and keeps restarting and then fails.  I guess im lost in the fact that I can add the wsus server to the customsettings.ini and enable the step in the task squence but then no updates ever get installed during deployment.  Do I need to add or do something different because of patch manager and not just vanilla wsus?

                • Re: Integrate SPM into MDT deployment?
                  jbaits

                  That should be all you need to configure in MDT. If 3rd party updates are trying to install and your publishing certificate is not trusted by the client it will throw errors and not install updates. Make sure the machine has joined the domain and has the certificate pushed via policy or you have installed the cert as a separate task before any 3rd party updates attempt to install.

                    • Re: Integrate SPM into MDT deployment?
                      frgpugs

                      do you have any special magic trick so it doesnt end up in unassigned?  Can I make it automatically go to a different target group?   I dont approve any updates for the unassigned group and thats where it ends up

                        • Re: Integrate SPM into MDT deployment?
                          jbaits

                          If you use client side targeting in WSUS you can dictate the target group via a registry key on the client. If you join the domain using the default task sequence order you should be able to push this via policy since the machine would be on the domain before running updates. If you delay or do not join a domain you can have the task sequence set the reg key directly.

                          2 of 2 people found this helpful
                            • Re: Integrate SPM into MDT deployment?
                              frgpugs

                              This is old but in case anyone else wants to do this I found my problem awhile ago

                               

                              I use console targeting and manually move computers into target groups and automating updates this way into a deployment is not easily doable.  Ive tried to follow the tutorials that hack the MDT scripts which allow the functionality but I was not successful and gave up.

                               

                              Using client side targeting this is done very easily just like you said it is jbaits.

                              1 of 1 people found this helpful