:::: MENU ::::

Windows Updates Classification

 

Service Packs

A service pack is a periodic update that corrects problems in one version of a product. In addition to correcting known problems, service packs provide tools, drivers, and updates that extend product functionality, including enhancements developed after the product was released.

 

Updates

Updates are code fixes for products that are provided to individual customers when those customers experience critical problems for which no feasible workaround is available.

 

Security Updates

Security updates address security vulnerabilities. Attackers wanting to break into systems can exploit such vulnerabilities. Security updates are analogous to updates, but should be considered mandatory, and they must be deployed quickly.

 

 

 

Critical updates Broadly released fixes for specific problems addressing critical, non-security related bugs.
Definition updates Updates to virus or other definition files.
Drivers Software components designed to support new hardware.
Feature packs New feature releases, usually rolled into products at the next release.
Security updates Broadly released fixes for specific products, addressing security issues.
Service packs Cumulative sets of all hotfixes, security updates, critical updates, and updates created since the release of the product. Service packs might also contain a limited number of customer-requested design changes or features.
Tools Utilities or features that aid in accomplishing a task or set of tasks.
Update rollups Cumulative set of hotfixes, security updates, critical updates, and updates packaged together for easy deployment. A rollup generally targets a specific area, such as security, or a specific component, such as Internet Information Services (IIS).
Updates Broadly released fixes for specific problems addressing non-critical, non-security related bugs.

 


Configuration Manager Action cycles

Action tab has different Action cycles that will run automatically as per schedule mentioned in SCCM server.

  • Application Deployment Evaluation Cycle: This cycle will check new application deployment polices available to client computer & start installation as per schedule.
  • Data Discovery Collection Cycle: It generates a new discovery data record (DDR). When the DDR is processed by the site server, Discovery Data Manager adds or updates resource information from the DDR in the site database.
  • File Collection Cycle: When a file is specified for collection, the Microsoft System Center Configuration Manager software inventory agent searches for that file when it runs a software inventory scan on each client in the site. If the software inventory client agent finds a file that should be collected, the file is attached to the inventory file and sent to the site server. This action differs from software inventory in that it actually sends the file to the site server, so that it can be later viewed using Resource Explorer. This is a part of SCCM inventory functionality.
  • Hardware Inventory Cycle: Collects information such as available disk space, processor type, and operating system about each computer. This is a part of SCCM inventory functionality.
  • Machine Policy Retrieval & Evaluation Cycle: The client downloads its policy on a schedule. By default, this value is configured to every 60 minutes and is configured with the option Policy polling interval (minutes).
  • Software Inventory Cycle: Collects software inventory data directly from files (such as .exe files) by inventorying the file header information. SCCM can also inventory unknown files — files that do not have detailed information in their file headers. This provides a flexible, easy-to-maintain software inventory method. Software inventory and collected file information for a client can be viewed using Resource Explorer. This is a part of SCCM inventory functionality.
  • Software Metering Usage Report Cycle: collects the data that allows you to monitor and client software usage.
  • User Policy Retrieval & Evaluation Cycle: Similar to Machine Policy Retrieval & Evaluation Cycle, it will initiate user policies.
  • Windows Installer Source List update Cycle: causes the Product Source Update Manager to complete a full update cycle. When you install an application using Windows Installer, those Windows Installer applications try to return to the path they were installed from when they need to install new components, repair the application, or update the application. This location is called the Windows Installer source location. Windows Installer Source Location Manager can automatically search SCCM distribution points for the source files, even if the application was not originally installed from a distribution point.

 

 

 



About SCEP

SCCM and SCEP Agent License are different .so we have to buy additionally if we like to implement SCEP.

Here we have 2 separate behavior based on OS

For Windows 7 Machines:— You will be able to see as SCEP (System Center Endpoint Protection) as separate agent along with SCCM Client. For installing the SCEP.. You don’t required to push any mechanism.. When you install the SCCM Client, SCEP agent will get auto installed ( Of course assuming you have enabled SCEP) ..For Frequent SCEP client upgrade you have to Deploy with normal patching mechanism or S/W

 

For Windows 10:—- You won’t be see separate SCEP agent. In windows 10 you can able to see windows Defender (which is comes default with OS). When you install the SCCM Client SCEP will take your Windows Defender with customized policy. For Frequent SCEP client upgrade you have to Deploy with normal patching mechanism or S/W.

 

As recommends Microsoft, Please create ADR for Definition updates for deploying with Custom policy.


Some information about Ransomware & WannaCry Ransomware

 

What is Ransomware?

————————

Ransomware is a malicious software that encrypts the files and locks device, such a

a computer, tablet or smartphone and then demands a ransom to unlock it. Recently, a

dangerous ransomware named ‘Wannacry’ has been affecting the computers worldwide

creating the biggest ransomware attack the world has ever seen.

 

What is WannaCry Ransomware?

——————————-

WannaCry ransomware attacks windows based machines. It also goes by the name

WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY.It leverages SMB exploit in

Windows machines called EternalBlue to attack and inject the malware. All versions of

windows before Windows 10 are vulnerable to this attack if not patched for MS-17-010.

After a system is affected, it encrypts the files and shows a pop up with a countdown and

instructions on how to pay the 300$ in bitcoins to decrypt and get back the original files. If

the ransom is not paid in 3 days, the ransom amount increases to 600$ and threatens the

user to wipe off all the data. It also installs DOUBLEPULSAR backdoor in the machine.

What can you do to prevent infection?

—————————————-

 Microsoft has released a Windows security patch MS17-010 for Winodws machines.

This needs to be applied immediately and urgently.

 Remove Windows NT4, Windows 2000 and Windows XP-2003 from production

environments.

 Block ports 139, 445 and 3389 in firewall.

 Avoid clicking on links or opening attachments or emails from people you don’t

know or companies you don’t do business with.

 SMB is enabled by default on Windows. Disable smb service on the machine by

going to Settings > uncheck the settings > OK

 Make sure your software is up-to-date.

 Have a pop-up blocker running on your web browser.

 Regularly backup your files.

 Install a good antivirus and a good antiransomware product for better security.

File Names:

  • @Please_Read_Me@.txt
  • @WanaDecryptor@.exe
  • @WanaDecryptor@.exe.lnk
  • Please Read Me!.txt (Older variant)
  • C:\WINDOWS\tasksche.exe
  • C:\WINDOWS\qeriuwjhrf
  • 131181494299235.bat
  • 176641494574290.bat
  • 217201494590800.bat
  • [0-9]{15}.bat #regex
  • !WannaDecryptor!.exe.lnk
  • 00000000.pky
  • 00000000.eky
  • 00000000.res
  • C:\WINDOWS\system32\taskdl.exe



OSD TaskSequence TROUBLESHOOTING PROCEDURES

If you encounter an error during the imaging process, please note the error code generated by the Tssk Sequence Wizard. Please reboot the system and boot into the task sequence wizard using an available boot media or PXE function.

Once within the Task Sequence Wizard, select F8 to initiate the command prompt. Within the command prompt, please run the following commands depending on the error listed below:

 

For Microsoft Surfaces ONLY

  1. Enter the command “ipconfig /all” to verify that the machine has a network connection.
  2. Enter the command “time” to verify that the machine has the proper time set.
  3. Enter the command “date”, to verify that the machine has the proper date set. After verifying this information continue to the diskpart steps.

For Everything Else:

If you are not imaging a Surface Pro and receive a 0x8004005or 0x80070570 error, please use the Diskpart Steps that arebolded and listed below:

  1. Enter the command “diskpart”.
  2. Enter the command “list disk”, this will show a selection similar to the one listed below:

Disk ###  Status         Size         Free     DynGpt

——–  ————-      ——-       ——-    —      —

Disk 0    Online          238 GB     0 B        *(select the OS disk)

Disk 1    Online           28 GB      0 B

 

  1. Select the OS disk (Disk 0) with the following command: “select disk 0”.
  2. Once selected, enter the command “clean”.
  3. Once cleaned, enter the command “create partition primary”.
  4. Once the partition is created, select the partition with the command “Select partition 1”.
  5. Once selected, enter the command “active” to activate the partition.
  6. After selection, format the OS disk with the following command “format quick fs=ntfs”.
  7. After format, enter the command “assign” to assign a drive letter or mount point.
  8. After assigning the disk a mount point, enter the command “exit” to complete the processfollowed by a full reboot of the machine.

For an “0x8007005 or 0x80070070 error or an image where the primary drive isn’t imaged as C:”, please run the following diskpart steps:

  1. Enter the command “diskpart”.
  2. Enter the command “list disk”.
  3. Select the OS disk (Disk 0) with the following command: “select disk 0”.
  4. Once selected, enter the command “clean”.
  5. After cleaning the disk, enter the command “exit” to complete the process followed by a full reboot of the machine.

Overview of System Center Suite

System Center Suite is combination of below Tools. By Using System Center Suite we can manage a Company end to end , like Process,Hardware,Security,Backup,Configuration,Monitoring,etc

 

  • System Center Operations Manager
  • System Center Configuration Manager & Endpoint Protection Manager
  • System Center Virtual Machine Manager
  • System Center Data Protection Manager
  • System Center Orchestrator
  • System Center App Controller
  • System Center Service Manager
  • System Center Advisor

 

sytemcentersuite

 

System Center Operations Manager Operations Manager provides infrastructure monitoring that is flexible and cost-effective, helps ensure the predictable performance and availability of vital applications, and offers comprehensive monitoring for your datacenter and cloud, both private and public.
System Center Configuration Manager &  Endpoint Protection Manager Configuration Manager provides a comprehensive solution for change and configuration management. Configuration Manager lets you perform tasks such as like Deploy operating systems, software applications,software updates,Software Inventory,Monitor and remediate computers for compliance settings and more other.Endpoint Protection Manager allows you to manage antimalware policies and Windows Firewall security for client computers in your Configuration Manager hierarchy.
System Center Virtual Machine Manager Virtual Machine Manager (VMM) is a management solution for the virtualized data center. You can use it to configure and manage your virtualization host, networking, and storage resources in order to create and deploy virtual machines and services to private clouds that you have created.
System Center Data Protection Manager Data Protection Manager (DPM) to back up servers, computers, Microsoft workloads, system state, and bare metal recovery (BMR)
System Center Orchestrator Orchestrator is a workflow management solution for the data center. Orchestrator lets you automate the creation, monitoring, and deployment of resources in your environment.
System Center App Controller App Controller provides a common self-service experience that can help you easily configure, deploy, and manage virtual machines and services across private and public clouds.
System Center Service Manager Service Manager provides an integrated platform for automating and adapting your organization’s IT service management best practices, such as those found in Microsoft Operations Framework (MOF) and Information Technology Infrastructure Library (ITIL). It provides built-in processes for incident and problem resolution, change control, and asset lifecycle management.
System Center Advisor  Is an online service that analyzes installations of Microsoft server software. Advisor collects data from your installations, analyzes it, and generates alerts that identify potential issues (such as missing security patches) or deviations from identified best practices with regard to configuration and usage. Advisor also provides both current and historical views of the configuration of servers in your environment.

In short below are the step to Upgrade SCCM CB/CBB(1511/1607)

In short below are the step to Upgrade  SCCM CB/CBB(1511/1607)
Upgrade ADK
Upgrade MDT
Backup ConfigMGR DB
Upgrade SCCM 2012(*  version )– >> Confimgr * Version(1511/1607/)
Update Boot Images
Upgrade SQL to 2016
Export SUSDB using WSUSUTIL.EXE
Uninstall WSUS
Uninstall SUP
Upgrade OS to 2016
Fix IIS Issues (if upgrading from 2008 R2 and App Pools are having issues_
Reinstall BITS
Restart Windows Process activation and WWW
Import SUSDB
Reinstall WSUS
Reinstall SUP
Validate Functionality and trobleshoot issues as they come up( Insepct monitoring node and Ensure compnents are Functional and not having issues