Setup: Best Practices

  • Article

Use the best practices in this section when you are performing the tasks to prepare for software update management.

Create production collections based on stable criteria

In general, using stable criteria to create collections for software update inventory and distribution will help to simplify all stages of the software update management process. Stable criteria you might use can include the installed client operating system version and service pack level, system role, or target organization.

Basing production collections on the operating system and service pack level, for example, ensures collection stability and minimizes excess generation of advertisement status messages. Use the same collections for distributing the scan component and distributing software updates, and create software update packages using the same criteria.

Create pre-production collections that include reference computers

The pre-production collection should include representative configurations of the operating system versions, line of business software, and other software running in your enterprise. You can create the pre-production collection automatically when you install the software update inventory tools by specifying a single computer to be placed in this collection; but afterwards, do not forget to modify the collection rules to include your other reference computers.

Provide a site-specific name for the scan component package

When you run the installer program for one of the software update inventory tools on the site server, you are prompted to provide a name for the package you are creating. This name should not be changed after the package is created. For this reason, it is important to choose a name that accurately distinguishes the tool and the site it manages when you view the package node for it in the SMS Administrator console.

Place computers running FAT file systems in their own collections

The /cache option for the scan component program can be used only on computers running the NTFS file system. You should place all computers that do not meet this criterion in their own collections, and advertise a custom scan tool program without the /cache option, to ensure that scan files are not tampered with before SMS runs them.

As a best practice, however, you should upgrade these computers to an NTFS file system if at all possible.

Ensure firewall/proxy access to the synchronization component

If you have a firewall that requires authentication, grant Guest access credentials to the IP address of the synchronization host, or specify a low-credentials domain user with Internet access and add information about this user account to the registry on the synchronization host. For more information, see the "Configure the Synchronization Host" section earlier in this chapter.

Co-locate the synchronization component and the scan component package source folder

When you are running the synchronization component in unattended mode, ensure that the computer hosting the package source folder for the scan component is also the computer that runs the synchronization component. This ensures that the synchronization component has proper credentials to access the package source folder. Be careful, however, to control the access to this folder to prevent unauthorized changes. For more information, see the "Task 1: Prepare the Package Source Folder" section earlier in this chapter.

For More Information

Did you find this information useful? Please send your suggestions and comments about the documentation to smsdocs@microsoft.com.