02-10-2019 05:13 PM
I know you always need a Cert but the configuration for the WSUS Self Sign is so much simpler in SCCM built in 3rd party Update Feature, vs SCUP. I was never really able to setup self sign with SCUP 2011. I had to Set Full SSL on WSUS for it to get working.
So since its built-in in SCCM I find it much simpler.
But my questions was mainly, Can I use the Lenovo Patch Catalogue in SCCM
The one with the link getting to : "LenovoUpdatesCatalog2.cab"
There might be something documented to use it that i missed. I just dont want to be using it unsupported and/or illegally.
If we don't need to pay for Lenovo Patch, I would be happy, since I prefer Build-in vs Third Party App/Plugin for the SCCM console.
And By the Way answering the
"We have also seen that subscribing to a 3rd party catalog through SCCM will automatically publish all the content from the catalog into the All Software Updates group. " It the normal beaviour with this feature. It was not like this in SCUP since you could decide what would WSUS would Sync before with the SCUP console, so after the WSUS Sync you would see the synced patchs in the SCCM Console.
Now that there are no Secondary console, its normal that simply everything gets synced, but nothing is downloaf apart from the metadata. So its fine. Best thing you could do and I dont see a real point, would be the have more options in the classification/product menu for SCCM SUP.
02-11-2019 06:19 AM
We tried the same with the "LenovoUpdatesCatalog2.cab".
But the problem was, there no machine informations in the updates (e.g. 20FA).
We should have provided all updates of all models. That was too much for us.
02-17-2019 05:23 AM - edited 02-17-2019 05:30 AM
So I keep hearing there are challenges in providing an update catalog that we can import into SCCM. I suppose these are challenges that HP, DELL and MS Surface don't seem to have?
Also, your Lenovo Patch tool isn't available in all countries. This is ridiculous. There is absolutely no reason why Lenovo should be involved in any hardware discussions for any enterprise moving forward. Just crazy in this current climate of high profile malware making headlines across the world and we can't even automate the patching process with your devices. The 1980s just rang and want their computers back.
02-18-2019 09:14 AM
We are also keeping an eye on Lenovo's support for third party update catalog feature in SCCM. Any update on this? We have brought this question up with our sales rep and field technical sales. I see peers having very good results with the HP catalog.
02-19-2019 11:19 AM - edited 02-19-2019 11:34 AM
You can give our V2 catalog a try by subscribing to this URL in SCCM:
We are trying to update it at least monthly. We are constrained by the WSUS XML schema for catalogs, so as it has been pointed out previously, it can be a challenge to tie an update to all of its supported models if you need that. We continue to have discussions with MS on how might improve this.
02-19-2019 10:56 PM - edited 02-20-2019 01:28 PM
Thank you very much. For me this has been a major pain point.
Note that if you copy/paste the URL there is a small type (lenovoN).
I imported the catalog in SCUP which allows for a better experience in terms of examining the updates and make necessary adjustments.
A few comments.
1. The catalog seems to contain very few updates. Only three updates from 2019 and 17 from Dec/2018.
2. I tried to find updates for a few models - M910q, X270, X280. The process seems to be that one has to use the regular webpages to identify the updates and find the number (article number) here. That was a bit convuluted. But doable.
3. I like that the more info URL seems to be correct for all updates.
4. In terms of the XML schema - you could create multiple updates, with identical .exe but different metadata. Search the catalog for 188.8.131.5286 and notice that you have four Intel HD drivers. I am sure most of us admins would prefer ease of update selection over catalog size.
5. Updating the catalog once a month sounds a little to little. If a catalog is to have any value it is in speed of deployment. If a critical update is released and I have to download and deploy it manually then the catalog is worthless. It should allow me to protect my environment as fast as possible.
6. You could really differentiate your catalog by adding CVE metadata.
But thanks for what looks like a solid catalog.