The overall process for software updates in System Center 2012 Configuration Manager includes four main operational phases: synchronization, compliance assessment, deployment, and monitoring. The synchronization phase is the process of synchronizing the software update metadata from Microsoft Update and inserting it into the site server database. The compliance assessment phase is the process that client computers perform to scan for compliance of software updates and report the compliance state for the software updates. The deployment phase is the process of manually or automatically deploying the software updates to clients. Finally, the monitoring phase is the process of follow-on monitoring for software update deployment compliance.

Important
Before software update compliance assessment data is displayed in the Configuration Manager console and before you can deploy the software updates to clients, you must carefully plan for the software updates in your hierarchy and configure the software update dependences to meet the needs of your environment. For more information about planning for software updates, see Planning for Software Updates in Configuration Manager. For more information about configuring software updates, see Configuring Software Updates in Configuration Manager.

The following sections in this topic will help you with the operational phases for software updates in Configuration Manager:

Synchronize Software Updates

Software update synchronization in Configuration Manager is the process of retrieving the software update metadata that meets the criteria that you configure. The software update point on the central administration site, or on a stand-alone primary site, retrieves the metadata from Microsoft Update on a predetermined schedule. Alternatively, you can manually initiate metadata synchronization from the Configuration Manager console. After the software update synchronization is complete at a central administration site, the site sends the child primary sites a synchronization request that instructs them to initiate synchronization. For more information about software update synchronization, see the Software Updates Synchronization section in the Introduction to Software Updates in Configuration Manager topic.

You configure software update synchronization to run on a schedule as part of the properties for the software update point on the top-level site. After you configure the synchronization schedule you will typically not change the schedule as part of normal operations. However, you can manually initiate software update synchronization when it is necessary. For information about configuring the software update synchronization schedule, see the Synchronize Software Updates section in the Configuring Software Updates in Configuration Manager topic.

Use the following procedure to manually initiate software update synchronization.

To manually initiate software updates synchronization on the central administration site

After you initiate the synchronization process, you can use the Configuration Manager console to monitor the process for all software update points in your hierarchy. Use the following procedure to monitor the software update synchronization process.

To monitor the software update synchronization process

Download Software Updates

There are several methods available to you for downloading software updates in Configuration Manager. When you create an automatic deployment rule or manually deploy software updates, the software updates are downloaded to the content library on the site server, and then copied to the content library on the distribution points that are associated with the configured deployment package. If you want to download the software updates before you deploy them, you can use the Download Updates Wizard. Doing this will enable you to verify that the software updates are available on distribution points before you deploy the software updates to client computers.

Note
For information about monitoring content status, see the Content Status Monitoring section in this topic.

Use the following procedure to download software updates by using the Download Software Updates Wizard.

To download software updates

Manage Software Update Settings

The software update properties provide information about software updates and associated content. You can also use these properties to configure settings for software updates. When you open the properties for multiple software updates, only the Maximum Run Time and Custom Severity tabs are displayed. The NAP Evaluation tab is also displayed if all selected software updates have been downloaded.

Use the following procedure to open software update properties.

To open software update properties

Review Software Updates Information

In software update properties, you can review detailed information about a software update. The detailed information is not displayed when you select more than one software update. The following sections describe the information that is available for a selected software update.

Software Update Details

Content Information

Custom Bundle Information

Supersedence Information

Configure Software Updates Settings

In the properties, you can configure software update settings for one or more software updates. You can configure most software update settings only at the central administration site or stand-alone primary site. The following sections will help you to configure settings for software updates.

Set Maximum Run Time

Enable Network Access Protection (NAP) Evaluation

Set Custom Severity

Add Software Updates to an Update Group

Software update groups provide you with an effective method to organize software updates in your environment. You can manually add software updates to a software update group or automatically add software updates to a software update group by using an automatic deployment rule. You can also deploy a software update group manually or deploy the group automatically by using an automatic deployment rule. After you deploy a software update group, you can add new software updates to the group and Configuration Manager will automatically deploy them. Use the following procedures to add software updates to a new or existing software update group.

To add software updates to a new software update group

To add software updates to an existing software update group

Deploy Software Updates

The software update deployment phase is the process of deploying the software updates. Typically, you add software updates to a software update group and then deploy the software update group to clients. When you create the deployment, the software update policy is sent to client computers, the software update content files are downloaded from a distribution point to the local cache on the client computer, and then the software updates are available for installation on the client. Clients on the Internet download content from Microsoft Update.

Note
Starting in Configuration Manager SP1, you can configure a client on the intranet to download software updates from Microsoft Update if a distribution point is not available.
Note
Unlike other deployment types, software updates are all downloaded to the client cache regardless of the maximum cache size setting on the client. For more information about the client cache setting, see the Configure the Client Cache for Configuration Manager Clients section in the How to Manage Clients in Configuration Manager topic.

If you configure a required software update deployment, the software updates are automatically installed at the scheduled deadline. Alternatively, the user on the client computer can schedule or initiate the software update installation prior to the deadline. After the attempted installation, client computers send state messages back to the site server to report whether the software update installation was successful. For more information about software update deployments, see the Software Update Deployment Workflows section in the Introduction to Software Updates in Configuration Manager topic.

There are two main scenarios for deploying software updates: manual deployment and automatic deployment. Typically, you will initially manually deploy software updates to create a baseline for your client computers, and then you will manage software updates on clients by using automatic deployment.

The following sections provide information and procedures for manual and automatic deployment workflows for software updates.

Manually Deploy Software Updates

A manual software update deployment is the process of selecting software updates from the Configuration Manager console and manually initiating the deployment process. Or, you can add selected software updates to an update group, and then manually deploy the update group. You will typically use manual deployment to get your client devices up-to-date with required software updates before you create automatic deployment rules that will manage ongoing monthly software update deployments. You will also use a manual method to deploy out-of-band software updates. The following sections provide the general workflow for manual deployment of software updates.

Step 1: Specify Search Criteria for Software Updates

Step 2: Create a Software Update Group that Contains the Software Updates

Step 3: Download the Content for the Software Update Group

Step 4: Deploy the Software Update Group

Automatically Deploy Software Updates

You can automatically deploy software updates by adding new software updates to an update group that has an active deployment or by using automatic deployment rules.

Add software updates to a deployed update group

Create an Automatic Deployment Rule

Monitor software updates

To help you to monitor software updates objects, processes, and compliance information, the Configuration Manager console provides the following:

  • Alerts for Software updates

  • Software update synchronization status

  • Software update deployment status

  • Software update reports

  • Content distribution status for software update files

Alerts for Software Updates

You can configure alerts for software updates to notify administrative users when compliance levels for software update deployments are below the configured percentage. You can configure alerts for software update deployments in the following locations:

  • Automatic deployment rule setting: You can configure the alerts settings in the Automatic Deployment Rule Wizard and in the properties for the automatic deployment rule.

  • Deployment setting: You can configure the alerts settings in the Deploy Software Updates Wizard and in deployment properties.

After you configure the alert settings, if the specified conditions occur, Configuration Manager generates an alert. You can review software update alerts at the following locations:

  1. Review recent alerts in the Software Updates node in the Software Library workspace.

  2. Manage the configured alerts in the Alerts node in the Monitoring workspace.

Software Updates Synchronization Status

After you initiate the synchronization process, you can monitor the synchronization process from the Configuration Manager console for all software update points in your hierarchy. Use the following procedure to monitor the software update synchronization process.

To monitor the software updates synchronization process

Software Update Deployment Status

After you deploy the software updates in a software update group or deploy an individual software update, you can monitor the deployment status. Use the following procedure to monitor the deployment status for a software update group or software update.

To monitor deployment status

Software Updates Reports

The state messages for software updates provide information about the compliance of software updates and about the evaluation and enforcement state of software update deployments. You can run software update reports to display these state messages. There are more than 30 predefined software update reports available. They are organized in several categories and can be used to report on specific information about software updates and deployments. In addition to using the preconfigured reports, you can also create custom software update reports according to the needs of your enterprise. For more information, see Operations and Maintenance for Reporting in Configuration Manager.

Monitoring Content

You can monitor content in the Configuration Manager console to review the status for all package types in relation to the associated distribution points. This can include the content validation status for the content in the package, the status of content assigned to a specific distribution point group, the state of content assigned to a distribution point, and the status of optional features for each distribution point (content validation, PXE, and multicast).

Content Status Monitoring

The Content Status node in the Monitoring workspace provides information about content packages. You can review general information about the package, distribution status for the package, and detailed status information about the package. Use the following procedure to view content status.

To monitor content status

Distribution Point Group Status

The Distribution Point Group Status node in the Monitoring workspace provides information about distribution point groups. You can review general information about the distribution point group, such as distribution point group status and compliance rate, as well as detailed status information for the distribution point group. Use the following procedure to view distribution point group status.

To monitor distribution point group status

Distribution Point Configuration Status

The Distribution Point Configuration Status node in the Monitoring workspace provides information about the distribution point. You can review which attributes are enabled for the distribution point, such as the PXE, Multicast, and content validation. You can also view detailed status information for the distribution point. Use the following procedure to view distribution point configuration status.

To monitor distribution point configuration status

See Also