Virtual techdays INDIA │ 9-11 February 2011 How Microsoft IT Does Desktop Patch Management Partha Chandran │ Sr. Service Engineer, Microsoft.

Slides:



Advertisements
Similar presentations
SCCM 2012 Features and Benefits
Advertisements

SIM317 Built on top of Microsoft ® System Center Configuration ManagerBuilt on top of Microsoft ® System Center Configuration Manager Supports all.
What’s coming in Sccm 2007R2 aka Sccm 2007R2: 10 reasons to upgrade Kim Oppalfens SCUG.be.
Virtual techdays INDIA │ 9-11 February 2011 Implementing a Power Management Strategy with System Center Configuration Manager 2007 R3 Chandramouli K │
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Ronald Beekelaar Beekelaar Consultancy Forefront Overview.
© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Ronald Beekelaar Beekelaar Consultancy Forefront Overview.
Virtual techdays INDIA │ 9-11 February 2011 Introduction to Windows Intune: Cloud Based Desktop Management Service Arun Subramanian │ Product Marketing.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Managing a Windows Server 2003 Environment - SMS and MOM Michael Kleef IT Pro Evangelist Microsoft Pty Ltd
Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Software Distribution in Microsoft System Center Configuration Manager v.Next: Part 1.
Patch and Settings Management in Microsoft System Center Configuration Manager 2012 Wally Mead Senior Program Manager Microsoft Corporation Mark Florida.
Microsoft ® Application Virtualization 4.5 Infrastructure Planning and Design Series.
What do User-Centric deployments mean for OSD NE Ohio System Center User Group February 2012 Jason Condo
Patch Management Strategy
IT:Network:Microsoft Applications
Module 16: Software Maintenance Using Windows Server Update Services.
SYSTEM CENTER: ENDPOINT PROTECTION FUNDAMENTALS Howard A. Carter III Senior Consultant Microsoft Consulting Services September 21, 2013 TechGate 2013 –
Office 365: Efficient Cloud Solutions Wednesday March 12, 9AM Chaz Vossburg / Gabe Laushbaugh.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Sr. Manager Global Business Solutions Carlos Capó Master Macs in Business Easily integrate Macs into a Microsoft Shop.
Wally Mead Senior Program Manager Microsoft Corporation.
Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.
SOE and Application Delivery Gwenael Moreau, Abbotsleigh.
System Center 2012 Configuration Manager Overview User Group June
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
IT:Network:Microsoft Server 2 Chapter 27 WINDOWS SERVER UPDATE SERVICES.
Training on ManageEngine Desktop Central
Managing Your Datacenter with Microsoft System Center Configuration Manager Kent Agerlund, ECM MVP, Coretech.
Tim Vander Kooi Systems
Dell Connected Security Solutions Simplify & unify.
System Center 2012 Certification and Training May 2012.
Implementing Network Access Protection
PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.
Patch Management Only part of the solution….. Bob Isaak Mar 04, 2004.
Harris Schneiderman Account Manager Kloud Solutions.
Microsoft NDA Confidential Configuration Manager 2012 How To Video Series Compliance and Settings Management Overview (fka DCM) Onur Koc Snr. Program Manager.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
Virtual techdays INDIA │ august 2010 virtual techdays INDIA │ august 2010 Moving/Co-existing your messaging platform to the cloud with Exchange.
Implementing Group Policy. Overview What is Group Policy Introduction to Group Policy Group Policy Structure How Group Policy Settings Are Applied in.
System Center 2012: Configuration Manager SP1 James Bannan Title Dilignet Macca Tech Evangelist Microsoft Corp SIM334a.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
Microsoft Management Seminar Series SMS 2003 Change Management.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Agency Introduction to DDM Dell Desktop Manager (DDM) Implementation.
Reducing server sprawl and IT power/cooling costs Moving from reactive to proactive state Quickly troubleshooting PC and laptop issues Deploying new.
Jeff Wettlaufer Sr. Technical Product Manager System Center SESSION CODE: MGT308 B T jeffwettlaufer E
Managing your IT Environment. Microsoft Operations Manager 2005 Overview.
Service Pack 2 System Center Configuration Manager 2007.
Walter Pitrof Technology Solution Professional Microsoft Switzerland Client Lifecycle Management mit Configuration Manager 2012 Chris Greuter Partner |
Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.
System Center 2012 Configuration Manager Service Pack 1 Overview.
Managed by UT-Battelle for the Department of Energy System Center Configuration Manager at ORNL National Laboratories Information Technology Summit 2008.
Office 365 What Is The Right Fit For You? Andrew Riley, MCTS, MCTIP, ITIL v3.
System Center 2012 Configuration Manager
MCSA VCE
Braindumps Questions Answers
SVTRAININGS. SVTRAININGS Features of SCCM  Application management  Provides a set of tools and resources that can help you create, manage, deploy, and.
Configuration Manager.Next Application Management – Part 2
11/23/2018 3:03 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Increase and Improve your PC management with Windows Intune
5/12/2019 2:57 PM © Microsoft Corporation. All rights reserved.
Module 1: Overview of Systems Management Server 2003
SCCM in hybrid world Predrag Jelesijević Microsoft 7/6/ :17 AM
Microsoft Virtual Academy
Preparing for the Windows 8.1 MCSA
Presentation transcript:

virtual techdays INDIA │ 9-11 February 2011 How Microsoft IT Does Desktop Patch Management Partha Chandran │ Sr. Service Engineer, Microsoft

 Management Platform and Service Delivery  Operational Team of System Center - Desktop Management System Technologies  Deployment Services - System Center Configuration Manager  Dogfooding (early adoption/product feedback): ConfigMgr 2012, R3, Forefront, etc.  Windows Update/Microsoft Update infrastructure  Windows InTune  Customers:  Microsoft IT  Microsoft Retail Stores  Online Customers: Energizer and XL virtual techdays INDIA │ 9-11 February 2011 Our Team & What we do

 How Microsoft IT uses Configuration Manager?  Configuration Manager Architecture Overview  Software Updates Management – Process & Best Practices  Preparing for the Future  Q & A virtual techdays INDIA │ 9-11 February 2011 S E S S I O N A G E N D A

virtual techdays INDIA │ 9-11 February 2011 How Microsoft IT Uses Configuration Manager?

Auckland Microsoft Offices in 105 Countries 89k Employees Globally 70k Vendors Globally Microsoft locations 400 ConfigMgr Sites ~230 ConfigMgr Clients ~300,000 Microsoft Offices in 105 Countries 89k Employees Globally 70k Vendors Globally Microsoft locations 400 ConfigMgr Sites ~230 ConfigMgr Clients ~300,000

Configuration Manager Service Boundaries Datacenter Machines (SPM) ~24,000 Lab Services ~50,000 Other OU’s 40,000 Network Attached Devices ~80,000 Smart Phones ~60,000 Supported Full Service Domains ~280,000 IP based devices ~890k Supported Limited Service Domains ~5,000 AD Clients ~420k ConfigMgr ~285K PHX / GFS~250,000 IP connected Machines ~500,000 NTDEV ~24,000 Workstation OU 280,000

 Full Service  Software Distributions  Asset Reporting – hardware & software inventory, asset intelligence  Patch Management and “Test Pass” Patching  3rd party patching Using Software Distributions  Operating System Deployment  Application Virtualization deployment (App-V)  Desired Configuration Management  Limited Service  Patch Management, including MPSD-managed WSUS  Asset Reporting virtual techdays INDIA │ 9-11 February 2011 Services Offered to Desktops in Microsoft IT

virtual techdays INDIA │ 9-11 February 2011 Configuration Manager Architecture Overview

Configuration Manager Architecture Disclaimer: Microsoft IT’s System Center Configuration Manager 2007 hierarchy has ~130,000 clients assigned at a primary site and 275,000 clients in a hierarchy. The supported System Center Configuration Manager 2007 limit is 100,000 per primary site and 200,000 per hierarchy without a custom scale agreement.

virtual techdays INDIA │ 9-11 February 2011 Physical vs Virtual – ConfigMgr Site Roles in Microsoft IT

virtual techdays INDIA │ 9-11 February 2011 Client Agent Cycles Client agentCycle Hardware Inventory3 days Software Inventory3 days Discovery – Heartbeat Discovery1 day Computer Client – Policy Interval1 hour Computer Client – State Message Reporting Cycle15 minutes Software Update Client – Scan Schedule1 day Software Update Client – Updates Re-evaluation1 day

 Runs as computer startup script through GPO  Completely silent and does not prompt users  Runs asynchronously to minimize logon time  Client health status is generated from the client  Future enhancements  WMI check and remediation will be included  Client remediation will be part of next version of SCCM virtual techdays INDIA │ 9-11 February 2011 Client Health Script

 Check for SCCM client and install or upgrade client  Check and start WMI, SCCM, WSUS services  Check and report last reported time for client health indicators  Hardware Inventory  Software Inventory  Heartbeat Discovery  If indicators are older than 5 days, initiate them  Reinstall the client if initialization fails  Enable SCCM components if disabled  Check BITS version and assign client to correct site if site code is missing virtual techdays INDIA │ 9-11 February 2011 Client Health Script features

virtual techdays INDIA │ 9-11 February 2011 Software Updates Management – Process & Best Practices

Monitor for Release/Advisory AcquireEvaluate Risk Mitigation Plan for Patches Prioritize Pre-Patch Deployment Test and Approve Create and Test Deployment Package Deploy Patch Deployment Confirm DeploymentClean Up Document and Update Configuration Standards Report on Security Patch Compliance Post Patch Deployment Patch Process Overview

Patch Deployment Experience for Users

 Security of the environment must be Top Priority  Communicate to users every month about patch Tuesday  Deploy patches consistently after validation phase is complete  Create well defined site boundaries  Use silent patching for a better user experience  Silent patching for 6 days, 3 days of enforcement  Minimize reboots  Ideally one reboot per patch cycle  Use WSUS to install the SCCM Client  Use GPO to pre-configure SCCM client settings virtual techdays INDIA │ 9-11 February 2011 Patching Best Practices

 Use WSUS to install recurring updates such as antivirus signature updates and Junk mail filters  Perform QC on deployments before release to production  Monitor and Remediate Hierarchy issues timely  Monitor Enforcement States of the deployment daily during patch cycle  Remove Expired Updates and contents from deployments periodically  Periodic WSUS Cleanup for WSUS based deployments virtual techdays INDIA │ 9-11 February 2011 Patching Best Practices

 Updates Package Maintenance Strategy  Keep 2 current month’s deployment active  Rest in sustainer packages  Sustainer package sizing strategy  Break Larger packages for efficient replication (>4 GB)  For large hierarchies, Keep package updates to minimum during enforcement cycle.  ConfigMgr patching uses WSUS, so manage Policy for consistent WU settings across enterprise virtual techdays INDIA │ 9-11 February 2011 Patching Best Practices

virtual techdays INDIA │ 9-11 February 2011 Desktop Services SLA – Patch Delivery Patch Delivery (SLA)Description PurposeEnsure the timeliness of Microsoft security updates delivery to end users Target Compliance Active Exploit deployed to 95% of computers within 3 business days Critical patches deployed to 95% of computers within 9 business days Compliance Period3 or 9 Business days, as appropriate

virtual techdays INDIA │ 9-11 February 2011 Preparing for the future

 Monitor current power state and consumptions  Plan and create a power management policy, check for exceptions  Apply power management policy  Check compliance and remediate non-compliance.  Report saving in power consumption and costs and environmental impact. virtual techdays INDIA │ 9-11 February 2011 Configuration Manager 2007 R3 – Power Management

virtual techdays INDIA │ 9-11 February 2011 Forefront Endpoint Protection ConfigMgr 2007 Advanced and comprehensive malware protection for clients and servers Lower costs of endpoint protection deployment and ownership Deployment of endpoint security with a proven scalable Config Manager infrastructure Extends Windows OS security Lower costs of endpoint protection deployment and ownership Deployment of endpoint security with a proven scalable Config Manager infrastructure Extends Windows OS security Simplified management through unified operational experience for endpoint security and management Increased visibility of potentially vulnerable endpoints that allow you to take operational remediation actions Simplified management through unified operational experience for endpoint security and management Increased visibility of potentially vulnerable endpoints that allow you to take operational remediation actions HELP PROTECT everywhere INTEGRATE and EXTEND security SIMPLIFY security MANAGEMENT experience

virtual techdays INDIA │ 9-11 February 2011 System Center Configuration Manager Pillars of Release Modernize our infrastructure Redesigned hierarchy and SQL Server replication Automated content distribution Client Health improvements and auto-remediation Redesigned admin experience and role-based security model Native 64-bit and full Unicode support Continue to improve Software Updates auto-deployment (including Forefront definitions) Automated settings remediation (DCM “set”) Consolidated and expanded mobile device management Improvements to OS Deployment and Remote Control And much, much more… Embrace user-centric management Provide a rich application management model to capture admin intent Allow the administrator to think users first Provide the end user a fitting user experience to find/install software with Allow the user to define their relationship to applications

 Use Configuration Manager to update and manage your desktops  Develop a business rhythm for patch deployment  Use validation groups to ensure security updates don’t negatively impact your business  Use server virtualization to reduce operational costs  Implement a dashboard to monitor the overall health of your environment virtual techdays INDIA │ 9-11 February 2011 SUMMARY Key Takeaways

virtual techdays INDIA │ 9-11 February 2011 RESOURCES  System Center Configuration Manager Technical Documentation   The Configuration Manager Support Team Blog   System Center in Action - Best Practices   Configuration Manager Virtualization Technical Case Study 

virtual techdays THANKS │ 9-11 February 2011

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.