When Configuration Manager 2007 uses the Inventory Tool for Microsoft Updates to scan for software update compliance on Systems Management Server (SMS) 2003 clients, the following basic elements of the process are important:

During Setup, you must select a Configuration Manager 2007 client computer to act as the synchronization host. This client will connect to Microsoft Update and synchronize the latest catalog.
You must install the inventory tool on the SMS 2003 clients in the hierarchy. The SMS 2003 Inventory Tool for Microsoft Updates does not actually install the inventory tool on the clients, but it creates packages, programs, and advertisements that will install the inventory tool automatically when sent to the desired collection.
After the SMS 2003 clients run the inventory tool, they must complete a hardware inventory cycle for Configuration Manager to collect the results.
After the site server has processed the inventory and placed it in the site database, the software update compliance is displayed in the Configuration Manager console and available in reports, and software updates can be deployed to SMS 2003 clients using the Deploy Software Updates Wizard.

Folders Used in the Software Update Process

During Setup, the wizard creates a directory named PkgSource under the destination folder specified in the wizard. Setup shares this folder as \\siteserver\PackageSrc and grants the local Windows Administrators group and SMS Administrators full control.

Note
If there is already a shared folder with the name PackageSrc, Setup shares the folder as PackageSrc_x instead, where x is the next available number that will create a unique share name.

If the site server does not have a connection to the Internet, you can specify a local catalog location and Setup will look there for the Microsoft Update catalog. You must manually copy the current Microsoft Update catalog and, when available, any subsequent updates to the catalog to the local catalog location. For more information, see the “Automatically Obtain the Latest Microsoft Update Catalog” section later in this guide. If the site server has a connection to the Internet, Setup connects to the Microsoft Web site and copies the Microsoft Update catalog to the PkgSource folder.

Important
The site server does not require Internet connectivity. Allowing the site server to connect to the Internet increases the security risk to the site server. The account used to run Setup must be a local administrator, which increases the risk to the computer if malicious software is downloaded. Reduce the risk by limiting the Internet connections initiated from the site server by visiting only trusted Web sites.

Important

The site server does not require Internet connectivity. Allowing the site server to connect to the Internet increases the security risk to the site server. The account used to run Setup must be a local administrator, which increases the risk to the computer if malicious software is downloaded. Reduce the risk by limiting the Internet connections initiated from the site server by visiting only trusted Web sites.

During Setup, one computer is specified as the synchronization host. After Setup is complete, the synchronization host runs a program that updates the PkgSource folder, either from the Internet or from the local catalog location. The synchronization host compares the hash on the Microsoft Update catalog on the Internet or in the local catalog location with the hash on the version in the PkgSource directory. If the hashes do not match, the version in the PkgSource folder is replaced by the version from the Internet or the local catalog location. If the Microsoft Update catalog version is updated, the synchronization host is responsible for copying the new version to all distribution points.

Important
If the site server has an Internet connection, you can use the site server as the synchronization host, but it is recommended that you use a workstation computer with an Internet connection. Alternatively, you can configure the synchronization host to use a local catalog location instead of the Internet. However, to use a local catalog, you must manually download the latest catalog before distributing client updates.

Important

If the site server has an Internet connection, you can use the site server as the synchronization host, but it is recommended that you use a workstation computer with an Internet connection. Alternatively, you can configure the synchronization host to use a local catalog location instead of the Internet. However, to use a local catalog, you must manually download the latest catalog before distributing client updates.

When you create packages to distribute software updates by using the Distribute Software Updates Wizard, you must have an additional source directory to store the software updates downloaded from Microsoft.com. The Deploy Software Updates Wizard can create this for you. For more information, see the Software Updates Web site (http://go.microsoft.com/fwlink/?LinkId=66754).