After 4 weeks’ vacation I started working again and the first thing I planned to do was to implement the new feature in FEP 2010 Update Rollup 1 for automating approval of FEP 2010 definition updates in SCCM instead of doing it separately in WSUS on the SCCM server as many of us do today.
UPDATE:! ——————————————————
A new version of the SoftwareUpdateAutomationtool.exe has been released it can be downloaded here: http://www.microsoft.com/download/en/details.aspx?id=26613
When using this updated tool the challenges with the original version has been solved, the command line below in the .cmd file using the new version used should be:
“e:\program files (x86)\Microsoft Configuration Manager\AdminUI\bin\SoftwareUpdateAutomation.exe” /AssignmentName FEP2010SignatureUpdates /PackageName FEP2010Signature
The rest of this article is still valid.
——————————————————————
I found that the documentation was not that clear and that included using a Scheduled task which I cannot simply use when we have Status Filter Rules in SCCM which is so cool 😉
The guide on Technet describes how to create the necessary Software Update packages and copy the softwareupdateautomation.exe file to the correct location so I will not go into detail about that. You can find the installation instructions here: http://technet.microsoft.com/en-us/library/hh297450.aspx
This is what I ended up doing to get it to work:
1. Follow the instructions on the Technet article until it is time to create the Schedule task.
2. Then copy the softwareupdateautomation.exe as described to the correct location(it must be executed from the AdminUI\Bin directory:
%ProgramFiles%\Microsoft Configuration Manager\AdminUI\bin, if the computer is a 32-bit operating system.
%ProgramFiles(x86)%\Microsoft Configuration Manager\AdminUI\bin, if the computer is a 64-bit operating system.
3. Then I created a simple .cmd file which I placed in a directory on the SCCM Primary Site server, E:\sccmtools.
I run all my status filter rules script from the same location. It is really easy to test that the command line works, just execute it with Admin privileges and check the SoftwareUpdateAutomation.log file for status information. The log file can be found here:
%ProgramData%\SoftwareUpdateAutomation.log.
4. The following command was the one I used in the .cmd file, replace the AssignmentName and PackaegName to reflect your environment:
"e:\program files (x86)\Microsoft Configuration Manager\AdminUI\bin\SoftwareUpdateAutomation.exe" /AssignmentName FEP2010SignatureUpdates /PackageName FEP2010Signature /UpdateFilter "articleid='2461484' AND IsSuperseded=0 AND IsEnabled=1 AND IsExpired=0" /refreshdp
5. Then I created a Status filter rule on the Primary SCCM Site Server which looks like this:
6. Using this status filter rule the SoftwareUpdateAutomation.exe will be triggered each time the WSUS Sync Manager reports that synchronization is completed. No schedule task needed!
7. Change your FEP policies to use the new update option below and you are good to go:
The command line took a while to get to work as the documentation is not correct on the Technet webpage as I am writing this at least.
Also the help information for the softwareupdateautomation.exe tool states that /refreshdp is default true but it is not so /refreshdp must be used.
I strongly recommend reading this article with some other known errors.
This was a great help as the task scheduled event described by Microsoft did not work.
Thanks again,
Jim
Hi,
Nice to hear that it worked!
/Jörgen
Hi, i get this error? any ideas thanks.
D:\Tools>”D:\program files (x86)\Microsoft Configuration Manager\AdminUI\bin\Sof
twareUpdateAutomation.exe” /AssignmentName FEPDefs /PackageName FEPDefs /UpdateF
ilter “articleid=’2461484′ AND IsSuperseded=0 AND IsEnabled=1 AND IsExpired=0″ /
Verbose
Values:
/Help: Default (False)
/SiteServer: Default (SCCMSS)
/UpdateFilter: Explicit (articleid=’2461484′ AND IsSuperseded=0 AND IsEnabled=1
AND IsExpired=0)
/AssignmentName: Explicit (FEPDefs)
/PackageName: Explicit (FEPDefs)
/PreDownloadFolder: Default ()
/UpdateLanguages: Default (0)
/DisableRefreshDP: Default (False)
/Verbose: Explicit (True)
SoftwareUpdateAutomation execution starting.
============================================
Version: 2.1.1116.101
Additional logging detail is enabled.
Command line: SiteServerName: SCCMSS; SoftwareUpdateFilter: articleid=’2461484′
AND IsSuperseded=0 AND IsEnabled=1 AND IsExpired=0; PackageName: FEPDefs; Update
Languages: 0; SoftwareUpdateFolder: ; DisableRefreshDP: False; LogFile: C:\Progr
amData\SoftwareUpdateAutomation.log. UpdateAssignmentName: FEPDefs
Attempting to connect to site server ‘SCCMSS’…
Connected to site server ‘SCCMSS’, searching for matching software updates…
Executing select query: ‘SELECT * FROM SMS_SoftwareUpdate WHERE articleid=’24614
84′ AND IsSuperseded=0 AND IsEnabled=1 AND IsExpired=0’…
Found software update matching the specified filter: articleid=’2461484’ AND IsS
uperseded=0 AND IsEnabled=1 AND IsExpired=0.
Software update: CI_ID: 45490. ArticleID: 2461484. Name: Definition Update f
or Microsoft Forefront Endpoint Protection 2010 – KB2461484 (Definition 1.117.94
.0)
Searching for the specified software update deployment package: ‘FEPDefs’…
Executing select query: ‘SELECT * FROM SMS_SoftwareUpdatesPackage WHERE Name=’FE
PDefs”…
Found software update deployment package SMS_SoftwareUpdatesPackage: PackageID:
CMP003B1
Searching for matching software update assignment…
Executing select query: ‘SELECT * FROM SMS_UpdatesAssignment WHERE AssignmentNam
e=’FEPDefs”…
Error: Found no software update assignment with name ‘FEPDefs’.
SoftwareUpdateAutomation execution completed unsuccessfully, errors occurred.
=========================================================
D:\Tools>pause
Press any key to continue . . .