In part 1 of this series we walked through the steps you can take to organise resources before scheduling your update deployments. In part 2 we covered scheduling the deployment using the Azure tag grouping option as well as using pre-scripts and post-scripts. In this blog we discuss the second grouping option for Non-Azure machines. In my example this is done using a registry key setting that is in turn picked up by Inventory and Change tracking.
Verify Inventory is picking up the Registry values
If successfully configured, you will see the details of the registry key values in Inventory under Windows Registry. Note the tabs may show (0) until you click on it.
When you click on the Registry key it shows machines that have reported their data and allows a further drill down to see the current key values as well as the before value if applicable.
Refer to the part 1 blog of this series for more details on how to create the machine groups that we will use for this blog post.
Schedule a Deployment Non-Azure
In this example we will schedule a deployment that uses registry key values in a dynamic saved search (Machine groups) to group Non-Azure machines. The steps are almost identical to that discussed in part 2 the difference is in the selection of group to update:
1. Under Items to update |Click Groups to update | Non-Azure (Preview)
2. From the Available items | Under Non-Azure (Preview) | Select the machine group and optionally click Preview to see the current machines evaluated
3. Once confirmed click OK and Click Add
4. Click OK to complete the Group selection part of the deployment schedule 5. Under Update classifications | Select the classifications in scope | In my case I selected Critical updates, Security updates, Definition updates and Updates
6. Include/Exclude updates: Use the Include tab to add KB IDs for updates not in your classification selection. For example, in my case I could include a KB number for a specific Update Rollup even though that classification is not selected. Conversely you can specify a KB(s) for any updates you want to exclude.
7. Under Schedule | Select either Day, Week or Month and the subsequent options. Note that the schedule start time must be at least 5 minutes in the future. Allow yourself time to save the job. You also select the time zone as part of this configuration
8. Provide the Maintenance window in minutes and select the Reboot options. In my case I use 180 minutes and selected a reboot option to match my registry value for this scheduled job
9. Click Create to complete the deployment schedule
10. Repeat for the other slots and schedule as required. In my case I have 6 schedule jobs
11. Note the difference in the Azure tags job and a machine group (saved search) is easy to identify by looking at the scope column
Viewing and Monitoring the Deployment
You view the active deployments and previous deployments by using the History Tab. You can filter by Status. Two of the jobs we scheduled are in progress and this is shown below
When you click on the Deployment name it expands to provide you with additional details. Once completed you can see the overall status and drill into All Logs to get verbose details. The Microsoft documents on Update management are very detailed so check those out to compliment this blog post.
This was my experimental journey, go explore your own and feel free to use these examples but remember this is shared without support or warranty! Just hit me up on twitter @samerskine and if I can assist I will. Happy updating!