Skip to end of metadata
Go to start of metadata

About

Microsoft Endpoint Configuration Manager (MECM) also formerly knows as SCCM, is a software management suite made by Microsoft that is being implemented throughout the university and will be rolled out to the School of Medicine in October 2019. Initially, MECM will primarily be used to ensure that Windows updates are being applied to SOMTech-managed Windows computers. Unpatched systems open the school and university to unnecessary risks, so MECM is a great way to help protect the Windows computers in the environment. MECM has already been tested and implemented in other schools and departments and is being centrally managed by the VCU Technology Services Endpoint Computing team. Besides ensuring that patches are being applied swiftly, MECM will also allow VCU to prevent patches from being applied that have caused issues or otherwise conflicts with computers at the university.

As SOMTech is deploying MECM through a background process that requires an active connection to the VCU servers, some computers may be enrolled later than others and may not be affected during the initial deployment stage in October 2019. To determine if your Windows computer is enrolled, look for the Software Center application in the Start Menu under the Microsoft Endpoint Manager folder. If you do not see the application, then you are not enrolled yet. In this situation, it would be helpful to reboot the computer while connected to the VCU wired network. Please submit a ticket to SOMTech at http://go.vcu.edu/SOMTicket or email SOMTech@vcuhealth.org if you need assistance or have any questions.

Impact

In order to ensure patches are being applied, MECM requires that computers be rebooted each month. If a reboot does not occur within a specific time frame, then the computer will be rebooted automatically (after providing a 90-minute warning). SOMTech has been testing the patching process internally for a couple months and we do not expect there to be a negative impact for most faculty and staff, but we realize that there are areas of SOM that will be more impacted more by this requirement.

Mitigating Impact

VCU and SOMTech understand that having computers rebooted without user initiation has the potential to cause problems. In order to help minimize impact, a strict testing and deployment schedule is in place. The specific dates that will affect users are listed in the Schedule section below. If you are concerned that a specific task may need to be running during the scheduled reboot time, it is important that you install the updates and reboot before. To do this, open the Software Center application and verify that all of the updates are installed.

Schedule

  • Patch Tuesday is the day that Microsoft releases the Windows Updates for that month.
  • Patches Deployed represents the day that these updates are released to standard Windows computers in the environment after testing has been done.
  • Computers Rebooted if Necessary is the day that the computers in the environment will reboot if there hasn't been a reboot since the Patches Deployed date. In rare situations, a second (or multiple) reboots may be required. In those situations, you will receive separate notifications from the MECM software icon in the system tray (near the clock). Computers will only be rebooted on this day if necessary. The default time is 10PM, but is based on the configured Business Hours which can be changed on each PC.
YearMonth

Patch Tuesday
(Day 0)

Patches Deployed
(Day 9)
Computers Rebooted
if Necessary (Day 16)
2021January

12 Jan 2021 

21 Jan 2021 

28 Jan 2021 

2021February

09 Feb 2021 

18 Feb 2021 

25 Feb 2021 

2021March

09 Mar 2021 

18 Mar 2021 

25 Mar 2021 

2021April

13 Apr 2021 

22 Apr 2021 

29 Apr 2021 

2021May

11 May 2021 

20 May 2021 

27 May 2021 

2021June

08 Jun 2021 

17 Jun 2021 

24 Jun 2021 

2021July

13 Jul 2021 

22 Jul 2021 

29 Jul 2021 

2021August

10 Aug 2021 

19 Aug 2021 

26 Aug 2021 

2021September

14 Sep 2021 

23 Sep 2021 

30 Sep 2021 

2021October

12 Oct 2021 

21 Oct 2021 

28 Oct 2021 

2021November

09 Nov 2021 

18 Nov 2021 

25 Nov 2021 

2021December

14 Dec 2021 

23 Dec 2021 

30 Dec 2021 

Manually Installing Updates

To manually install the updates, please look for the Update Now icon in the system tray after the patches have been deployed (see schedule below). Click on the icon and then choose View Required Software. You will then get a window where you can apply the updates and reboot when done. After you start the process, you can open Software Center (see below) to see the status. There will likely be a delay while the updates are downloaded and installed.You can safely continue to use your computer during this time. When the computer is ready to be rebooted, you will receive a new prompt to actually reboot the computer. To be on the safe side, look for the icon after the computer reboots to make sure that there are not any more required reboots. If you click on the icon after rebooting, you should see a notification indicating that the "Changes required by your IT department have been made."

  1. [View Image]
  2. [View Image]
  3. [View Image]
  4. [View Image]
  5. [View Image]

Notifications

SOMTech has developed a notification system to help make people aware of these changes as well as to notify users of the specific dates for the upcoming update reboots. These notifications will look like the window below and are official notifications from SOMTech.

[View Image]

Exemptions

There are some situations where patching using this methodology may not be feasible within SOM. If you would like to talk with SOMTech about requesting an exemption, please email SOMTech@vcuhealth.org.

Software Center

One way to verify that MECM is configured on your computer is to look for the Software Center application. Within Software Center, you will see all pending Windows Updates (Publisher = Microsoft) and available 3rd-party application updates. Currently, only Adobe and Google application updates are applied automatically, but this may change in the future. It's a good idea to apply any 3rd-party application updates available in order to make sure that your software is up-to-date and any security vulnerabilities have been patched. You can install the Windows Updates through Software Center if you would prefer to see the specific updates being applied. If you only see application updates, then you are up-to-date with your Windows updates.

[View Image]

[View Image]






  • No labels
{"serverDuration": 62, "requestCorrelationId": "bb3c22b885725f98"}View graphic version