Wednesday, August 17, 2016

Goodbye Patch Tuesday

Patch Tuesday is soon to be a thing of the past. Beginning in October, Microsoft will deploy fixes for Windows 7, Windows 8.1, Windows Server 2008 and Windows Server 2012 with a single cumulative monthly patch. This is designed help reduce fragmentation across your company’s PCs. The new system is right in the line with how updates are currently deployed for Windows 10.
From October 2016 onwards, Windows will release a single Monthly Rollup that addresses both security issues and reliability issues in a single update. The Monthly Rollup will be published to Windows Update (WU), WSUS, SCCM, and the Microsoft Update Catalog. Each month’s rollup will supersede the previous month’s rollup, so there will always be only one update required for your Windows PCs to get current. i.e. a Monthly Rollup in October 2016 will include all updates for October, while November 2016 will include October and November updates, and so on. Devices that have this rollup installed from Windows Update or WSUS will utilize express packages, keeping the monthly download size small.
Windows will proactively add patches to the Monthly Rollup that have been released in the past. Microsoft's goal is eventually to include all of the patches we have shipped in the past since the last baseline, so that the Monthly Rollup becomes fully cumulative and you need only to install the latest single rollup to be up to date. We encourage you to move to the Monthly Rollup model to improve reliability and quality of updating all versions of Windows.Microsoft is planning to add these previously shipped patches over the next year and will document each addition so IT admins know which KBs have been included each month.
It’s a big departure from the current system, under which Microsoft sporadically releases individual patches for the older platforms. That has some advantages, allowing IT administrators to selectively deploy updates as needed, but it also comes with some serious drawbacks. Under the current system, individual PCs frequently wind up with different updates installed, which causes syncing problems, boosts scan times, and ups testing complexity. Even just pinpointing the right patches before applying them can be a pain.
Here’s how the new system will work. In October, up-to-date PCs running the older platforms will receive just a single package of security and stability fixes from Windows Update, Windows Server Update Services (WSUS), System Center Configurations Manager (SCCM) and the Microsoft Update Catalog. If you delay the update in October, you’ll be prompted to install it again in November, along with another single set of patches for that month, and so on. Each month’s update will include patches for all previously-uninstalled months, from October onwards.
older updates will begin to be included in the monthly patch rollouts, dating all the way back to Service Pack 1 for Windows 7. That means that — at some point — you’ll be able to get fully up to date with just a single installation, no matter the current state of your PC.
Microsoft is allowing one exception for its new all-in-one update system, affording the ability to download and deploy security patches separately from stability fixes. That will reduce the size of the initial update needed to secure your company’s PCs as quickly as possible. Those updates will be available from WSUS, SCCM and the Microsoft Update Catalog, not Windows Update.
Servicing Stack and Adobe Flash updates won’t be included in the rollups. Microsoft will move to the same monthly rollup model for the .NET Framework in October too.
for more about patch Tuesday see on Patch Tuesday

Tuesday, August 2, 2016

SCCM 1606 New features

If you’ve been installing SCCM Technical Preview in your lab, SCCM 1606 contain most features included in the latest technical previews.
Consult technical Articles for a full features list. 1606 also applies the latest KB/fixes to fix known bugs…. Including KB3155482 but not KB3174008 (which was release a week prior to 1606). If you had already installed KB3174008, 1606 will revert the fixes included in KB3174008. Microsoft recommendation is to skip this KB (unless you are really blocked by this), update to 1606 and wait for a new KB that will be available for 1606 soon. (Which will include KB3174008).
Here’s our list of favorite features
  • Option for clients to switch to a new software update point
    • You can enable the option for Configuration Manager clients to switch to a new software update point when there are issues with the active software update point.
  • Per-app VPN for Windows 10 devices
    • For Windows 10 devices managed using Configuration Manager with Intune, you can add a list of apps that automatically open a VPN connection that you have configured through the Configuration Manager admin console. You have the option of restricting VPN traffic to those apps, or you can continue to allow all traffic through the VPN connection.
  • Customize the RamDisk TFTP block size and window size on PXE-enabled distribution points
    • You can customize the RamDisk TFTP block size and window size for PXE-enabled distribution points. If you have customized your network, it could cause the boot image download to fail with a time-out error because the block or window size is too large. The RamDisk TFTP block size and window size customization allow you to optimize TFTP traffic when using PXE to meet your specific network requirements
  • Improvements to the Install software updates task sequence
    • A new task sequence variable, SMSTSSoftwareUpdateScanTimeout, is available to give you the ability to control the timeout on the software updates scan during the Install software updates task sequence step. The default value is 30 minutes.
    • There have been improvements to logging. The smsts.log log file will contain new log entries that reference other log files that will help you to troubleshoot issues during the software updates installation process.