System Center 2012 Configuration Manager–Part7: Software Updates (Deploy)

In our last article Part6: Software Updates (SUP), we’ve configure the Software Update point and ran the synchronization with Microsoft Updates server.

As a result of this process, we’ve got the Software Updates metadata synchronized and the result can be viewed from the Configuration Manager console


Throughout this article, we will select few updates and deploy them to a collection of Windows 7 machines. Before we do that, it would be nice to review the Software Update policy to make sure its properties satisfy our business needs.

From the Client Settings in the Administration tab, Click Software Update


If you are planning to use Software Update point to patch your environment, make sure you do not configure domain policy for client computers to receive updates from WSUS through Group Policy Settings. The group policy settings used by Windows Update Agent (WUA) on client computers will override any machine policy sent from Configuration Manager and hence the client agent will retrieve the updates specified by the “unmanaged” WSUS.

Deploying Software Updates to client machines is simply the process of adding software updates to a software update group and then deploy the software update group to clients. There are actually two methods to deploy updates. The first one is a manual process where we select updates from the console and deploy it to a collection of machines and the second method is automatic by using an automatic deployment rule or by adding software updates to an update group that has active an deployment.

At your initial install, you might need to use first the manual method to get your devices up-to-date with required software updates and then you create an automatic deployment rule to manage your ongoing monthly software update deployments.

As you’ve seen in our first screenshot, there are hundreds of updates in the console. The first step here would be to filter the updates by criteria.

To do so, from the Configuration Manager console, click Software Library.

Expand Software Updates and click All Software Updates.

In the search pane, click Add Criteria and select the criteria that you want to use to filter software updates and click Add


Click Search to filter the Software Updates


Select the updates you wish to deploy, right click on your selection and click Deploy


On the General page, specify the name of the deployment, the software update group name and the collection where the updates will be deployed


On the Deployment Settings page, make sure Required is selected as the Type of deployment to make sure the updates will be mandatory with an installation deadline and Minimal for Detail level.

On the Scheduling page, select Client local time, on the Software Available Time, select As soon as possible to make sure clients are notified for updates installation as soon as their next policy polling cycle and on the Installation deadline, specify a time where the software updates will get installed automatically


On the User Experience page, you can keep the default settings and click Next


On the Alerts page, configure how Configuration Manager and Operations Manager will generate Alerts


On the Download Settings page, when a client is connected to a slow network or is using a fallback content location, specify whether the client will download and install the software updates and when the content for the software updates is not available on a preferred distribution point, you can specify whether to have the client download and install the software updates from a fallback distribution point and on the Allow clients to share content with other clients on the same subnet: specify whether to enable the use of BranchCache for content downloads


On the Deployment Package page, select to create a new deployment package and specify its properties


On the Distribution point page, select the distribution point to host the software update files.


On the Download location page, select to Download software updates from the internet


On the Language selection page, select the languages for which the selected software updates are downloaded.

On the Summary page, review the settings and click Save As Template to save the settings for a future deployment


Click Next and on the Completion screen click Close.

At this stage, you would need to wait for the next policy polling cycle on the client machine or you can force the client machine to retrieve the machine policy by double clicking the Configuration Manager Client Agent found in Control Panel.

From the Actions tab, select Machine Policy Retrieval & Evaluation Cycle and click Run Now


After few seconds, you will notice a notification message


From the Software Center, you can check the Software Updates deployment settings


Once the updates get installed, you will be able to view the installed updates with a description of each update


This comes to the end of this article where we’ve discussed the required steps to deploy Software Updates to devices. We will be discussing in a future article the automatic deployment rule when it comes to Endpoint Protection.

“This article can also be viewed from my blog