Shavlik is a third party patch management add-on for Configuration Manager. It brings in updates for Adobe, Java, and Firefox, just to name a few. It publishes these updates just like any other Windows update.
Shavlik used to rely on System Center Update Publisher (SCUP). It would fill in the catalog and then the administrator would publish the updates to SCCM. Now, Shavlik is built straight into SCCM as an add-on. It appears under the Software Update options just like any other Windows update. This has really streamlined the third-party update process, as now an administrator does not have to learn SCUP.
Shavlik Benefits
Shavlik does all of the third-party update work for you. It pulls down all of the logic, such as how SCCM knows an update is needed, and then how does it know it is installed. All of this work is done for you, instead of the update administrator having to spend hours or days figuring out the correct logic.
Shavlik also downloads all of the patches for you. All the update administrator has to do is select the patches to deploy and add them to an update deployment.
After deployment, the administrator can select the “Published Third-Party Updates” option to see all of the updates that have been deployed. This is also where updates can be expired. Administrators would want to expire an update after it has been superseded, such as expiring version 11.0.1 when version 11.0.2 of Acrobat is released.
Publishing Updates
To publish updates, simply select the updates to be published and click the “Publish Updates” button. Another screen comes up asking when you want to publish. You can either publish them now, making them available to clients, or set a time to publish them.
A setting to pay attention to here is the “Synchronize after publishing selected updates” check box. You will want to check this, as this will force an incremental sync of WSUS. If you do not select this, the updates will not available until your regularly scheduled WSUS sync time.
Expiring Updates
Once an update has been superseded or is no longer necessary, it should be expired. To expire an update, simply go to the “Published Third-Party Updates” tab, select the updates that you want to expire, and click the “Expire Updates” button. The “Expired” column will change to “Yes”. You check this by viewing the update in the “All Software Updates” tab.
Certificates
Shavlik must have a code-signing certificate to function. This can be a self-signed certificate or one generated from a CA. The self-signed certificate can be generated from your WSUS server. If you use a CA, it must be imported into Shavlik by clicking “Settings”, then the “WSUS Server” node. You can also create your self-signed certificate here. The self-signed certificate must be deployed to all of your WSUS servers and clients. This can be done with Group Policy.
Shavlik is a really cool, relatively inexpensive way to handle third-party patch management. More information and a trial can be found at https://www.shavlik.com/solutions/patch-management/.
Disclaimer
All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistant.
