5 Updating a Windows OS

Enterprise Manager Ops Center enables you to update your managed Windows operating systems by using the Microsoft System Center Configuration Manager (SCCM) and Windows Management Instrumentation (WMI) software.

About Updating a Windows OS

Enterprise Manager Ops Center enables you to update your managed Windows operating systems by using the Microsoft SCCM and WMI software. The Windows Update functionality depends on the SCCM's agent installed on the managed systems. You can configure SCCM to install agents on your managed Windows systems either automatically or through a manual process.

Enterprise Manager Ops Center uses Microsoft SCCM 2007 to implement the software updates for the Windows OS. More specifically, it uses the Windows software update capability of SCCM to update any Windows operating systems that are discovered and managed. You must be able to identify a functional SCCM that is configured for software update and management of the Windows systems that are managed by Enterprise Manager Ops Center. The Windows Update functionality depends on the SCCM's agent installed on the managed systems.

Patching in Connected and Disconnected Mode

The Enterprise Controller connects to the SCCM to get the latest information about patches and packages. The SCCM is connected to the Internet for downloading the metadata that is used for compliance analysis. Enterprise Manager Ops Center can also be connected to the Internet to download patches that are then handled by SCCM for installation.

When you want to download and install a patch, the patch is downloaded from the Microsoft Web site. You do not need any authentication to access the Microsoft Web site. However, you must provide authentication information to access the SCCM server.

You can also update the managed systems when the Enterprise Controller is in disconnected mode, that is, when the Enterprise Controller is not connected to the Internet.

Reports

To ensure that your managed systems are up to date, you must determine which patches, updates, and actions to apply to your system. The Windows OS update reports help you to determine the patches that are applicable to your systems and how many of the applicable patches are compliant or not compliant for the selected systems.

Several predefined OS Update reports are available. The reports enable you to check for new patches and update your systems. You can get a general report, or test a system for available fixes.

When you create a report, you select the criteria that are relevant to you, such as category, severity, superseded, and release date of the update patches. You can also select specific updates on which to run the compliance reports.

Update Job

Enterprise Manager Ops Center contains the following options in an update job to maintain control and consistency across your data center:

  • Groups – Help you to organize your assets in the user interface and act as targets for many types of jobs.

  • Roles – Enable you to determine the tasks that a user can perform on a specific piece of an asset or a group of assets.

  • Reports – Enable you to run compliance reports and create update jobs from the compliance reports.

You can define the following job parameters while creating a windows update job:

  • Name and Description – Identify the name of the report against which you want to create a Windows OS update job. A detailed description is helpful to clearly identify the job in the historical record.

  • Reboot behavior – Lets you select the reboot behavior if a reboot is required after the new update job is executed. You can select whether you want the system to reboot immediately following the update operation or whether you want to reboot the system at the default setting of the SCCM server.

  • License Terms – Lets you review the license terms and either accept or decline them. The License Terms window appears only when the updates in the report require License Terms that must be reviewed.

  • Schedule – Lets you decide how you want to schedule the execution of the new update job.

Configuring Enterprise Manager Ops Center for Updating the Windows OS

Enterprise Manager Ops Center uses the j-Interop command to access the Windows Management Instrumentation (WMI) and get Windows update information. It uses the software update capability of the Microsoft System Center Configuration Manager (SCCM) to update any managed Windows operating systems.

Before You Begin

Before you can use Enterprise Manager Ops Center to update your Windows systems, you must configure it to interact with the identified Microsoft System Center Configuration Manager (SCCM). In addition, you might need to modify the WMI registry.

To configure Enterprise Manager Ops Center to interact with the identified SCCM, you must have the following credentials:

  • SCCM Server

    • Server Name

    • Domain Name

    • Site Name

    • User Name

    • Password

  • SCCM Share

    • URL

    • Domain Name

    • User Name

    • Password

The configuration information is displayed in the Configuration tab of the Windows Update window.

Note:

Enterprise Manager Ops Center uses the same SCCM credentials to access the SCCM server and enable the SCCM share. Use the <domain> format for the Domain Name field. Do not use the <domain>\<username> format. If you entered an incorrect format for the Domain Name field and if the configuration task returns an error, then unconfigure the SCCM and configure the SCCM again with the correct format for the credentials.

To Configure Enterprise Manager Ops Center to Interact With the Identified SCCM

  1. In the Navigation pane, click Administration, then click Windows Update.

  2. In the Actions pane, click SCCM Configuration. An SCCM Configuration window is displayed.

  3. Enter the credentials for the following fields:

    • SCCM Server

      • Server Name

      • Domain Name

      • Site Name

      • User Name

      • Password

      • Confirm Password

    • SCCM Share

      • URL

      • Domain Name

      • User Name

      • Password

      • Confirm Password

  4. Click Submit.

Enterprise Manager Ops Center is now configured to interact with the SCCM.

To Unconfigure Enterprise Manager Ops Center's Interaction With the SCCM

  1. In the Navigation pane, click Windows Update from the Administration section.

  2. In the Actions pane, click Unconfigure. A confirmation window appears.

  3. Click Yes to unconfigure Enterprise Manager Ops Center's interaction with the SCCM.

Modifying the Registry

Due to some changes that Microsoft introduced for registry key ownership, you must manually modify the registry and change of ownership permissions for the Administrators group.

Note:

This procedure is required only on a Windows Server 2008 R2. Other Windows servers, such as 2008 Server SP2, do not require you to modify the registry.

To Modify the Registry

  1. Log in to the target remote host as an Administrator.

  2. Run the Regedit program.

  3. Click Yes when you are asked to allow the Regedit program to make changes to the computer.

  4. Go to the Registry item HKEY_CLASSES_ROOT\CLSID\76a64158-cb41-11d1-8b02-00600806d9b6

  5. Right click the registry item and select Permissions.

  6. Click Advanced, then click the Owner tab.

  7. In the Change Owner to... box, select the account that you are currently logged in as, then click Ok.

  8. Click Ok.

  9. Right click the registry item again and select Permissions.

  10. Select the Administrators group, then select the Allow check box to give Full Control permissions to the Administrators group.

  11. Click Ok.

Creating an Update Job for Windows OS

Enterprise Manager Ops Center enables you to use the output from compliance reports to update your Windows OS to be compliant with the newly released updates.From the results of the Windows Host Compliance Report and the Windows Incident Compliance Report you can make your systems compliant by initiating an update job for the Windows OS.

Figure 5-1 Process for Updating Windows OS

Description of Figure 5-1 follows
Description of "Figure 5-1 Process for Updating Windows OS"

Before You Begin

The Create New Windows Update Job wizard enables you to create an update job. When creating a new update job, you must define the following job parameters:

  • Name and Description for the new Windows software update job.

  • Reboot behavior – Lets you select whether you want the system to reboot immediately following the update operation or at the default setting of the SCCM server.

  • License Terms – Lets you review the license terms and either accept or decline them. The License Terms window appears only when the updates in the report require license terms that must be reviewed.

  • Schedule – Lets you decide how you want to schedule the execution of the new update job.

To Create an Update Job for Windows OS

  1. Click Reports in the Navigation pane.

  2. Click Windows OS Updates.

    The executed reports are listed under the Report Results List tab in the center pane.

  3. Select a report from the list of the executed reports in the Windows OS Update Report Results table.

  4. Click the View Report icon.

    A compliance report details window is displayed.

  5. Click Make Targets Compliant.

    The Create New Windows Update Job wizard is displayed.

  6. Enter a name and description for the update job in the Job Information window.

  7. Select whether you want the system to reboot immediately following the update operation or whether you want to reboot the system at the default setting of the SCCM Server. Click Next.

    When you click Next, either the License Terms window or the Schedule window is displayed. The License Terms window is displayed only when the updates in the report require license terms to be reviewed.

  8. Review and accept the Software License Terms for the updates that require license terms.

    The table shows only the updates for the license terms that were not accepted or were declined before. Under Search, you can select Select All to include a bulletin ID, article ID, title, and license terms in your search, or you can select specific fields to narrow your search. Click Next.

  9. Select the schedule for the new Windows software update job from the following options:

    • Now (immediately)

    • Start Date and Start Time

    • On a Recurring Schedule by specifying Month, Days, Earliest Job Start Time, and Latest Job Start Time

    Click Next.

  10. Verify the information in the Summary window. Click Finish to execute the Windows OS update job.