Preparing endpoints to accept ESU patches

There are multiple Windows patch Fixlets that are pre-requisites for installing the ESU Multiple Activation Key (MAK). The MAK installation fails if the patches are not installed. The ESU Key Management: Install and Activate MAK Fixlet description contains links to the pre-requisite patch Fixlets for each supported operating system, some of which are available in the Patches for Windows site and some of which are available in the ESU patch site. Follow the links to each Fixlet and verify which is not relevant; if any Fixlet patch is relevant to the endpoints intended for ESU, you should apply it before installing and activating the ESU key.

Fixlets are provided in each ESU Patching site to automate the activation and deactivation of the ESU multiple activation key (MAK) you received from Microsoft® on many endpoints at a time. The ESU Key Management: Install and Activate MAK task allows you to input your ESU key securely in the Fixlet description and take action to install and activate the key on the targeted endpoints. Similarly, with the ESU Key Management: Deactivate and Uninstall MAK task, you can remove any ESU key that is already installed on endpoints.

Each BigFix ESU Patching Add-on site contains an analysis with a ESU Keys Installed property that identifies subscribed endpoints that have a ESU key installed and activated, and also includes the ESU key’s year and the last five characters of the installed MAK. If you have more than one MAK to manage, this will help you keep track of which key was used on which endpoints.

By copying the analysis property Relevance into a retrieved property, you can use it to create ESU patching groups in your own deployment.