The Configuration Manager 2007 Inventory Tool for Microsoft Updates Setup creates three collections. Two collections are for distributing the Configuration Manager 2007 Inventory Tool for Microsoft Updates to your clients, and the third collection is only for designating the synchronization host that will obtain the updated catalogs.

Inventory Tool Collections

If you want to test computers in addition to the one you specified during Setup, create a direct query rule to add them to the Microsoft Updates Tool (pre-production) collection.

After you are satisfied that the Configuration Manager 2007 Inventory Tool for Microsoft Updates is scanning your test computer as expected, remove the Limit to collection option on the collection Microsoft Updates Tool so that the collection will become a true query-based collection and will include all Windows XP, Windows 2000, Windows Server 2003, and Windows Vista computers.

To remove the limit-to-collection option

  1. In the SMS Administrator console, expand Systems Management Server, expand the site database node, expand Collections, right-click the Microsoft Updates Tool collection, and then click Properties. The Microsoft Updates Tool Collection Properties dialog box appears.

  2. On the Membership Rules tab, right-click the Collection Query membership rule and then click Properties. The Query Rule Properties dialog box appears.

  3. Set the Collection limiting option to Not collection limited.

  4. In the Query Rule Properties dialog box, click OK.

  5. In the Microsoft Updates Tool Collection Properties dialog box, click OK.

  6. Click the Microsoft Updates Tool collection in the left pane of the SMS Administrator console. Verify that all computers that you want to manage are listed in the right pane.

If you prefer not to use the Microsoft Updates Tool collection, you can modify the Microsoft Updates Tool advertisement to be delivered to any collection you want.

Synchronization Host Collection

Your Microsoft Updates Tool Sync collection should always contain exactly one client computer. For security reasons, it might not be desirable to expose the site server to the Internet. This is especially true if the site server is running a site system role that requires Internet Information Services (IIS) because it creates a larger attack surface for the site server. If the site server is not connected to the Internet or if you do not want it retrieving the Microsoft Update Catalog, you can designate a different client computer to be the synchronization host. Modify the membership rules on the collection to include the new synchronization host. If the new synchronization host does not have a user constantly logged in, configure the synchronization host to run in unattended mode. For more information, see Configuring the Synchronization Host to Run in Unattended Mode later in this document.