Sunday, September 13, 2015

Remove deprecated Software from SUP

I have a site that they finally moved away from XP and Server 2003 and even from Office 2003 and 2007. So now I'm off to cleanup SUP and remove all this stuff. It means ConfigMgr and WSUS have less to process but even the end points will have less to process each time they check in with WSUS. The DPs have less content as well.

First thing is to remove the products from SCCM by going to the Administration pane and then Site Configuration and Sites. Right click the site and select Configure Site Components | Software Update Point. In SUP goto the Products tab and deselect all the stuff you don't have in your environment. This is a good point to do a quick audit and enable/disable other. For this site I removed Windows XP, Server 2003, Office 2003, and Office 2007.

Onto the mind numbing part! goto Software Updates on the Software Library pane. Navigate to All Software Updates. I create Software Update Groups (SUGs) for each year and the current year by month. I'd suggest you do the work per SUG as while it takes longer, its less patches being removed in one shot and allows you to quickly audit them before boredom steps in and you miss something. Plus you can stop and come back later where you left off.

With that said though, Office is small enough that I did do it at the All Software Updates level. Search for 'Office' and add criteria for Deployed = Yes and a couple titles for 2003 and 2007.

Once it finds everything, parse the list to make sure its right. If so select all and right click to 'Edit Membership' and remove from any SUGs that are checked.

You will need to rinse and repeat for all the products within those Office suites. So change 'Office' above to Excel, Word, Outlook, Access, etc. Remove membership for any of those. It should find one or two like Junk E-mail Filters.

Once that is removed goto your SUG and select the first year. In my case is was '2008 and earlier'. Do a search for 'Windows XP' with a title does not contain 'Server 2008'.

Many patches will be combo patches for multiple OS' so we have to exclude those and adding the does not contain does that. Once it pulls back a list, parse it to make sure its right and then remove these memberships. Rinse and repeat for each SUG.

Once done, you can go back to the All Software Updates and search for Windows XP and deployed and see if there are oddball ones to remove. For this site I also removed IE6 and IE7. Did I get rid of everything I could have? nope.

This work was done on a 2012 R2 SP1 CU1 site so it will take care of replication on its own. With that said I took it one step further since the less advertisements you have the better and took my 2008 and earlier and was able to merge it through 2013 removing 5 SUGs. Be sure to keep your SUGs under 1000 patches.

-Kevin Fason

No comments:

Post a Comment