The effective date is when a Configuration Manager NAP policy becomes active on specified clients. When the effective date occurs, the client computer will assess its compliance status by verifying whether it requires the software update that is listed in the policy. If it is not compliant, the required software update can be enforced through remediation. The client might have restricted network access until remediation is successful. Remediation and restriction are controlled by policies configured on the Microsoft Windows Network Policy Server.

Most Configuration Manager clients will have the required software updates installed through the normal software update deployment. It is a precautionary measure to set an effective date after the deadline for a software update deployment in order to handle the few computers that do not install the software update through standard operating procedures. However, unlike the standard software update process, NAP has the ability to restrict network access until the software updates in the Configuration Manager NAP policy are installed.

Setting an aggressive effective date has the following risks:

• More clients might have restricted network access until remediation is successful. This, in turn, increases the load on remediation servers, such as the distribution points that host the software updates, and the software update points.
  
  
• The deployment packages that contain the required software updates might not have sufficient time to replicate to the remediation distribution points before the effective date occurs.
  
  

You can configure the effective date in a Configuration Manager NAP policy to be a date in the future, or As soon as possible. Select As soon as possible only if one of the following applies:

• The Windows Network Policy Server will not restrict network access for non-compliant computers.
  
  
• The risk of a non-compliant computer having full network access is greater than the risk of it having restricted network access and being unable to remediate in the event that the software update is not yet replicated to the remediation distribution points.
  
  

1. In the Configuration Manager console, click Software Library.

2. In the Software Library workspace, expand Software Updates, and click All Software Updates. The synchronized software updates are displayed.

   Note
   On the All Software Updates node, Configuration Manager displays only software updates with a Critical and Security classification and have been released in the last 30 days.

3. In the search pane, filter to identify the software updates that you need by using one or both of the following steps:

   • In the search text box, type a search string that will filter the software updates. For example, type the article ID or bulletin ID for a specific software update, or enter a string that would appear in the title for several software updates.
     
     
   • Click Add Criteria, select the criteria that you want to use to filter software updates, click Add, and then provide the values for the criteria.
     
     

4. Click Search to filter the software updates.

   Tip
   You have the option to save the filter criteria on the Search tab and in the Save group.

1. In the Configuration Manager console, click Software Library.

2. In the Software Library workspace, click Software Updates.

3. Select the software updates that are to be added to the new software update group.

4. On the Home tab, in the Update group, click Create Software Update Group.

5. Specify the name for the software update group and optionally provide a description. Use a name and description that provide enough information for you to determine what type of software updates are in the software update group. To proceed, click Create.

6. Click the Software Update Groups node to display the new software update group.

7. Select the software update group, and in the Home tab, in the Update group, click Show Members to display a list of the software updates that are included in the group.

1. In the Configuration Manager console, click Software Library.

2. In the Software Library workspace, expand Software Updates, and click Software Update Groups.

3. Select the software update group for which you want to download content.

4. On the Home tab, in the Update Group group, click Download. The Download Software Updates Wizard opens.

5. On the Deployment Package page, configure the following settings:

   1. Select deployment package: Select this setting to use an existing deployment package for the software updates in the deployment.
      
      

      Note
      Software updates that have already been downloaded to the selected deployment package are not downloaded again.

   2. Create a new deployment package: Select this setting to create a new deployment package for the software updates in the deployment. Configure the following settings:
      
      
      • Name: Specifies the name of the deployment package. This must be a unique name that describes the package content. It is limited to 50 characters.
        
        
      • Description: Specifies the description of the deployment package. The package description provides information about the package contents and is limited to 127 characters.
        
        
      • Package source: Specifies the location of the software update source files. Type a network path for the source location, for example, \\server\sharename\path, or click Browse to find the network location. You must create the shared folder for the deployment package source files before you proceed to the next page.
        
        

        Note
        The deployment package source location that you specify cannot be used by another software deployment package.

        Security Note
        The SMS Provider computer account and the user that is running the wizard to download the software updates must both have Write NTFS permissions on the download location. You should carefully restrict access to the download location in order to reduce the risk of attackers tampering with the software update source files.

        Important
        You can change the package source location in the deployment package properties after Configuration Manager creates the deployment package. But if you do so, you must first copy the content from the original package source to the new package source location.

   Click Next.

6. On the Distribution Points page, select the distribution points or distribution point groups that are used to host the software update files defined in the new deployment package, and then click Next.

7. On the Distribution Settings page, specify the following settings:

   • Distribution priority: Use this setting to specify the distribution priority for the deployment package. The distribution priority applies when the deployment package is sent to distribution points at child sites. Distribution packages are sent in priority order: High, Medium, or Low. Packages with identical priorities are sent in the order in which they were created. If there is no backlog, the package will process immediately regardless of its priority. By default, packages are sent using Medium priority.
     
     
   • Distribute the content for this package to preferred distribution points: Use this setting to enable on-demand content distribution to preferred distribution points. When this setting is enabled, the management point creates a trigger for the distribution manager to distribute the content to all preferred distribution points when a client requests the content for the package and the content is not available on any preferred distribution points. For more information about preferred distribution points and on-demand content, see the Planning for Preferred Distribution Points and Fallback section in the Planning for Content Management in Configuration Manager topic.
     
     
   • Prestaged distribution point settings: Use this setting to specify how you want to distribute content to prestaged distribution points. Choose one of the following options:
     
     
     • Automatically download content when packages are assigned to distribution points: Use this setting to ignore the prestage settings and distribute content to the distribution point.
       
       
     • Download only content changes to the distribution point: Use this setting to prestage the initial content to the distribution point, and then distribute content changes to the distribution point.
       
       
     • Manually copy the content in this package to the distribution point: Use this setting to always prestage content on the distribution point. This is the default setting.
       
       
     For more information about prestaging content to distribution points, see the Prestage Content section in the Operations and Maintenance for Content Management in Configuration Manager topic.
     
     

   Click Next.

8. On the Download Location page, specify location that Configuration Manager will use to download the software update source files. As needed, use the following options:

   • Download software updates from the Internet: Select this setting to download the software updates from the location on the Internet. This is the default setting.
     
     
   • Download software updates from a location on the local network: Select this setting to download software updates from a local folder or shared network folder. Use this setting when the computer running the wizard does not have Internet access.
     
     

     Note
     When you use this setting, download the software updates from any computer with Internet access, and then copy the software updates to a location on the local network that is accessible from the computer running the wizard.

   Click Next.

9. On the Language Selection page, specify the languages for which the selected software updates are to be downloaded, and then click Next. Configuration Manager downloads the software updates only if they are available in the selected languages. Software updates that are not language-specific are always downloaded.

10. On the Summary page, verify the settings that you selected in the wizard, and then click Next to download the software updates.

11. On the Completion page, verify that the software updates were successfully downloaded, and then click Close.

12. To monitor the content status for the software updates, click Monitoring in the Configuration Manager console.

13. In the Monitoring workspace, expand Distribution Status, and then click Content Status.

14. Select the software update package that you previously identified to download the software updates in the software update group.

15. On the Home tab, in the Content group, click View Status.

1. In the Configuration Manager console, click Software Library.

2. In the Software Library workspace, expand Software Updates, and click Software Update Groups.

3. Select the software update group that you intend to deploy.

4. On the Home tab, in the Deployment group, click Deploy. The Deploy Software Updates Wizard opens.

5. On the General page, configure the following settings:

   • Name: Specify the name for the deployment. The deployment must have a unique name that describes the purpose of the deployment, and differentiates it from other deployments in the Configuration Manager site. By default, Configuration Manager automatically provides a name for the deployment in the following format: Microsoft Software Updates - <date><time>
     
     
   • Description: Specify a description for the deployment. The description provides an overview of the deployment and any other relevant information that helps to identify and differentiate the deployment among others in Configuration Manager site. The description field is optional, has a limit of 256 characters, and has a blank value by default.
     
     
   • Software Update/Software Update Group: Verify that the displayed software update group, or software update, is correct.
     
     
   • Select Deployment Template: Specify whether to apply a previously saved deployment template. You can configure a deployment template to contain multiple common software update deployment properties and then apply the template when you deploy subsequent software updates to ensure consistency across similar deployments and to save time.
     
     
   • Collection: Specify the collection for the deployment, as applicable. Members of the collection receive the software updates that are defined in the deployment.
     
     

6. On the Deployment Settings page, configure the following settings:

   • Type of deployment: Specify the deployment type for the software update deployment. Select Required to create a mandatory software update deployment in which the software updates are automatically installed on clients before a configured installation deadline. Select Available to create an optional software update deployment that is available for users to install from Software Center.
     
     

     Important
     After you create the software update deployment, you cannot later change the type of deployment.

   • Use Wake-on-LAN to wake up clients for required deployments: Specify whether to enable Wake On LAN at the deadline to send wake-up packets to computers that require one or more software updates in the deployment. Any computers that are in sleep mode at the installation deadline time will be awakened so the software update installation can initiate. Clients that are in sleep mode that do not require any software updates in the deployment are not started. By default, this setting is not enabled and is available only when Type of deployment is set to Required.
     
     

     Warning
     Before you can use this option, computers and networks must be configured for Wake On LAN.

   • Detail level: Specify the level of detail for the state messages that are reported by client computers.
     
     

7. On the Scheduling page, configure the following settings:

   • Schedule evaluation: Specify whether the available time and installation deadline times are evaluated according to UTC or the local time of the computer running the Configuration Manager console.
     
     
   • Software available time: Select one of the following settings to specify when the software updates will be available to clients:
     
     
     • As soon as possible: Select this setting to make the software updates in the deployment available to clients as soon as possible. When the deployment is created, the client policy is updated, the clients are made aware of the deployment at their next client policy polling cycle, and then the software updates are available for installation.
       
       
     • Specific time: Select this setting to make the software updates in the deployment available to clients at a specific date and time. When the deployment is created, the client policy is updated and clients are made aware of the deployment at their next client policy polling cycle. However, the software updates in the deployment are not available for installation until after the specified date and time.
       
       
   • Installation deadline: Select one of the following settings to specify the installation deadline for the software updates in the deployment.
     
     

     Note
     You can configure the installation deadline setting only when Type of deployment is set to Required on the Deployment Settings page.

     • As soon as possible: Select this setting to automatically install the software updates in the deployment as soon as possible.
       
       
     • Specific time: Select this setting to automatically install the software updates in the deployment at a specific date and time.
       
       

     Note

     The actual installation deadline time is the specific time that you configure plus a random amount of time up to 2 hours. This reduces the potential impact of all client computers in the destination collection installing the software updates in the deployment at the same time. Starting in Configuration Manager SP1, you can configure the Computer Agent client setting, Disable deadline randomization to disable the installation randomization delay for the required software updates. For more information, see the Computer Agent section in the About Client Settings in Configuration Manager topic.

8. On the User Experience page, configure the following settings:

   • User notifications: Specify whether to display notification of the software updates in Software Center on the client computer at the configured Software available time and whether to display user notifications on the client computers. When Type of deployment is set to Available on the Deployment Settings page, you cannot select Hide in Software Center and all notifications.
     
     
   • Deadline behavior: Specify the behavior that is to occur when the deadline is reached for the software update deployment. Specify whether to install the software updates in the deployment. Also specify whether to perform a system restart after software update installation regardless of a configured maintenance window. For more information about maintenance windows, see the Configure Maintenance Windows section in the Configuring Settings for Client Management in Configuration Manager topic.
     
     
   • Device restart behavior: Specify whether to suppress a system restart on servers and workstations after software updates are installed and a system restart is required to complete the installation.
     
     

     Important
     Suppressing system restarts can be useful in server environments or for cases in which you do not want the computers that are installing the software updates to restart by default. However, doing so can leave computers in an insecure state, whereas allowing a forced restart helps to ensure immediate completion of the software update installation. .

   • Write filter handling for Windows Embedded devices: For Configuration Manager SP1 only: When you deploy software updates to Windows Embedded devices that are write filter enabled, you can specify to install the software update on the temporary overlay and either commit changes later or commit the changes at the installation deadline or during a maintenance window. When you commit changes at the installation deadline or during a maintenance window, a restart is required and the changes persist on the device.
     
     

     Note
     When you deploy a software update to a Windows Embedded device, make sure that the device is a member of a collection that has a configured maintenance window.

   You can configure the Deadline behavior and Device restart behavior settings only when Type of deployment is set to Required on the Deployment Settings page.

9. On the Alerts page, configure how Configuration Manager and System Center Operations Manager will generate alerts for this deployment. You can configure alerts only when Type of deployment is set to Required on the Deployment Settings page.

   Warning
   You can review recent software updates alerts from the Software Updates node in the Software Library workspace.

10. On the Download Settings page, configure the following settings:

    • Specify whether the client will download and install the software updates when a client is connected to a slow network or is using a fallback content location.
      
      
    • Specify whether to have the client download and install the software updates from a fallback distribution point when the content for the software updates is not available on a preferred distribution point.
      
      
    • Allow clients to share content with other clients on the same subnet: Specify whether to enable the use of BranchCache for content downloads. For more information about BranchCache, see the Planning for BranchCache Support section in the Planning for Content Management in Configuration Manager topic.
      
      
    • For Configuration Manager SP1 only: Specify whether to have clients that are connected to the intranet download software updates from Microsoft Update if software updates are not available on distribution points.
      
      
    • For Configuration Manager SP1 only: Specify whether to allow clients to download after an installation deadline when they use metered Internet connections. Internet providers sometimes charge by the amount of data that you send and receive when you are on a metered Internet connection.
      
      

    Note

    Clients request the content location from a management point for the software updates in a deployment. The download behavior depends upon how you have configured the distribution point, the deployment package, and the settings on this page. For more information, see the Planning for Preferred Distribution Points and Fallback section in the Planning for Content Management in Configuration Manager topic.

11. If you have performed Step 3: Download the Content for the Software Update Group, then the Deployment Package, Distribution Points, and Language Selection pages are not displayed, and you can skip to step 15 of the wizard.

    Important
    Software updates that have been previously downloaded to the content library on the site server are not downloaded again. This is true even when you create a new deployment package for the software updates. If all software updates have already been previously downloaded, the wizard skips to the Language Selection page (step 15).

12. On the Deployment Package page, select an existing deployment package or configure the following settings to specify a new deployment package:

    1. Name: Specify the name of the deployment package. This must be a unique name that describes the package content. It is limited to 50 characters.
       
       
    2. Description: Specify a description that provides information about the deployment package. The description is limited to 127 characters.
       
       
    3. Package source: Specify the location of the software update source files. Type a network path for the source location, for example, \\server\sharename\path, or click Browse to find the network location. You must create the shared folder for the deployment package source files before you proceed to the next page.
       
       

       Note
       The deployment package source location that you specify cannot be used by another software deployment package.

       Security Note
       The SMS Provider computer account and the user that is running the wizard to download the software updates must both have Write NTFS permissions on the download location. You should carefully restrict access to the download location in order to reduce the risk of attackers tampering with the software update source files.

       Important
       You can change the package source location in the deployment package properties after Configuration Manager creates the deployment package. But if you do so, you must first copy the content from the original package source to the new package source location.

    4. Sending priority: Specify the sending priority for the deployment package. Configuration Manager uses the sending priority for the deployment package when it sends the package to distribution points. Deployment packages are sent in priority order: High, Medium, or Low. Packages with identical priorities are sent in the order in which they were created. If there is no backlog, the package will process immediately regardless of its priority.
       
       

13. On the Distribution Points page, specify the distribution points or distribution point groups that will host the software update files. For more information about distribution points, see Planning for Content Management in Configuration Manager.

14. On the Download Location page, specify whether to download the software update files from the Internet or from your local network. Configure the following settings:

    • Download software updates from the Internet: Select this setting to download the software updates from a specified location on the Internet. This setting is enabled by default.
      
      
    • Download software updates from a location on the local network: Select this setting to download the software updates from a local folder or shared network folder. This setting is useful when the computer that runs the wizard does not have Internet access. The software updates can be preliminarily downloaded from any computer that has Internet access and stored in a location on the local network for subsequent access for installation.
      
      

15. On the Language Selection page, select the languages for which the selected software updates are downloaded. The software updates are downloaded only if they are available in the selected languages. Software updates that are not language specific are always downloaded. By default, the wizard selects the languages that you have configured in the software update point properties. At least one language must be selected before proceeding to the next page. When you select only languages that are not supported by a software update, the download will fail for the software update.

16. On the Summary page, review the settings. To save the settings to a deployment template, click Save As Template, enter a name and select the settings that you want to include in the template, and then click Save. To change a configured setting, click the associated wizard page and change the setting.

    Warning
    The template name can consist of alphanumeric ASCII characters as well as \ (backslash) or ‘ (single quotation mark).

17. Click Next to deploy the software update.

1. In the Configuration Manager console, click Software Library.

2. In the Software Library workspace, click Software Updates.

3. Select the software updates that are to be added to the new software update group.

4. On the Home tab, in the Update group, click Edit Membership.

5. Select the software update group to which you want to add the software updates as members.

6. Click the Software Update Groups node to display the software update group.

7. Click the software update group, and in the Home tab, in the Update group, click Show Members to display a list of the software updates in the group.

1. In the Configuration Manager console, click Software Library.

2. In the Software Library workspace, expand Software Updates, and click Automatic Deployment Rules.

3. On the Home tab, in the Create group, click Create Automatic Deployment Rule. The Create Automatic Deployment Rule Wizard opens.

4. On the General page, configure the following settings:

   • Name: Specify the name for the automatic deployment rule. The name must be unique, help to describe the objective of the rule, and identify it from others in the Configuration Manager site.
     
     
   • Description: Specify a description for the automatic deployment rule. The description should provide an overview of the deployment rule and any other relevant information that helps to identify and differentiate the rule among others in the Configuration Manager site. The description field is optional, has a limit of 256 characters, and has a blank value by default.
     
     
   • Select Deployment Template: Specify whether to apply a previously saved deployment template. You can configure a deployment template to contain multiple common software update deployment properties that can then be used when creating automatic deployment rules. These templates help to ensure consistency across similar deployments and to save time.
     
     For Configuration Manager SP1 only: You can select from two built-in software update deployment templates from the Automatic Deployment Rule Wizard. The Definition Updates template provides common settings to use when you deploy definition software updates. The Patch Tuesday template provides common settings to use when you deploy software updates on a monthly cycle.
     
     
   • Collection: Specifies the target collection to be used for the deployment. Members of the collection receive the software updates that are defined in the deployment.
     
     
   • Decide whether to add software updates to a new or existing software update group. In most cases, you will probably choose to create a new software update group when the automatic deployment rule is run. However, you might choose to use an existing group if the rule runs on a more aggressive schedule. For example, if you will run the rule daily for definition updates, then you could add the software updates to an existing software update group.
     
     
   • Enable the deployment after this rule is run: Specify whether to enable the software update deployment after the automatic deployment rule runs. Regarding this specification, consider the following:
     
     
     • When you enable the deployment, the software updates that meet the criteria defined in the rule are added to a software update group, the software update content is downloaded as necessary, the content is copied to the specified distribution points, and the software updates are deployed to the clients in the target collection.
       
       
     • When you do not enable the deployment, the software updates that meet the criteria defined in the rule are added to a software update group and the software updates deployment policy is configured but the software updates are not downloaded or deployed to clients. This situation provides you time as needed to prepare to deploy the software updates, verify that the software updates that meet the criteria are adequate, and then enable the deployment at a later time.
       
       

5. On the Deployment Settings page, configure the following settings:

   • Use Wake-on-LAN to wake up clients for required deployments: Specifies whether to enable Wake On LAN at the deadline to send wake-up packets to computers that require one or more software updates in the deployment. Any computers that are in sleep mode at the installation deadline time will be awakened so the software update installation can initiate. Clients that are in sleep mode that do not require any software updates in the deployment are not started. By default, this setting is not enabled.
     
     

     Warning
     Before you can use this option, you must configure computers and networks for Wake On LAN.

   • Detail level: Specify the level of detail for the state messages that are reported by client computers.
     
     

     Important
     When you deploy definition updates, set the detail level to Error only to have the client report a state message only when a definition update fails to be delivered to the client. Otherwise, the client will report a large number of state messages that might impact performance on the site server.

   • License terms setting: Specify whether to automatically deploy software updates with associated license terms. Some software updates include license terms, such as a service pack. When you automatically deploy software updates, the license terms are not displayed and there is not an option to accept the license terms. You can choose to automatically deploy all software updates regardless of an associated license terms or only deploy software updates that do not have associated license terms.
     
     

     Warning

     To review the license terms for a software update, you can select the software update in the All Software Updates node of the Software Library workspace, and then on the Home tab, in the Update group, click Review License. To find software updates with associated license terms, you can add the License Terms column to the results pane in the All Software Updates node, and then click the heading for the column to sort by the software updates with license terms.

6. On the Software Updates page, configure the criteria for the software updates that the automatic deployment rule retrieves and adds to the software update group.

   Important
   The limit for software updates in the automatic deployment rule is 1000 software updates. To ensure that the criteria that you specify on this page retrieves less than 1000 software updates, consider setting the same criteria on the All Software Updates node in the Software Library workspace.

7. On the Evaluation Schedule page, specify whether to enable the automatic deployment rule to run on a schedule. When enabled, click Customize to set the recurring schedule.

   Important
   The software update point synchronization schedule is displayed to help you determine the frequency of the evaluation schedule. You should never set the evaluation schedule with a frequency that exceeds the software updates synchronization schedule. The start time configuration for the schedule is based on the local time of the computer that runs the Configuration Manager console.

   Note
   To manually run the automatic deployment rule, select the rule, and then click Run Now on the Home tab in the Automatic Deployment Rule group. Before you manually run the automatic deployment rule, verify that software updates synchronization has been run since the last time you ran the rule.

   Important
   The automatic deployment rule evaluation can run as often as three times per day.

8. On the Deployment Schedule page, configure the following settings:

   • Schedule evaluation: Specify whether Configuration Manager evaluates the available time and installation deadline times by using UTC or the local time of the computer that runs the Configuration Manager console.
     
     
   • Software available time: Select one of the following settings to specify when the software updates are available to clients:
     
     
     • As soon as possible: Select this setting to make the software updates that are included in the deployment available to the client computers as soon as possible. When you create the deployment with this setting selected, Configuration Manager updates the client policy. Then, at the next client policy polling cycle, clients become aware of the deployment and can obtain the updates that are available for installation.
       
       
     • Specific time: Select this setting to make the software updates that are included in the deployment available to the client computers at a specific date and time. When you create the deployment with this setting enabled, Configuration Manager updates the client policy. Then, at the next client policy polling cycle, clients become aware of the deployment. However, the software updates in the deployment are not available for installation until after the configured date and time.
       
       
   • Installation deadline: Select one of the following settings to specify the installation deadline for the software updates in the deployment:
     
     
     • As soon as possible: Select this setting to automatically install the software updates in the deployment as soon as possible.
       
       
     • Specific time: Select this setting to automatically install the software updates in the deployment at a specific date and time. Configuration Manager determines the deadline to install software updates by adding the configured Specific time interval to the Software available time.
       
       

     Note

     The actual installation deadline time is the displayed deadline time plus a random amount of time up to 2 hours. This reduces the potential impact of all client computers in the destination collection installing the software updates in the deployment at the same time. Starting in Configuration Manager SP1, you can configure the Computer Agent client setting Disable deadline randomization to disable the installation randomization delay for required software updates. For more information, see the Computer Agent section in the About Client Settings in Configuration Manager topic.

9. On the User Experience page, configure the following settings:

   • User notifications: Specify whether to display notification of the software updates in Software Center on the client computer at the configured Software available time and whether to display user notifications on the client computers.
     
     
   • Deadline behavior: Specify the behavior that is to occur when the deadline is reached for the software update deployment. Specify whether to install the software updates in the deployment. Also specify whether to perform a system restart after software update installation regardless of a configured maintenance window. For more information about maintenance windows, see the Configure Maintenance Windows section in the Configuring Settings for Client Management in Configuration Manager topic.
     
     
   • Device restart behavior: Specify whether to suppress a system restart on servers and workstations after software updates are installed and a system restart is required to complete the installation.
     
     

     Important
     Suppressing system restarts can be useful in server environments or in cases in which you do not want the computers that are installing the software updates to restart by default. However, doing so can leave computers in an insecure state, whereas allowing a forced restart helps to ensure immediate completion of the software update installation.

   • Write filter handling for Windows Embedded devices: For Configuration Manager SP1 only. When you deploy software updates to Windows Embedded devices that are write filter enabled, you can specify to install the software update on the temporary overlay and either commit changes later or commit the changes at the installation deadline or during a maintenance window. When you commit changes at the installation deadline or during a maintenance window, a restart is required and the changes persist on the device.
     
     

     Note
     When you deploy a software update to a Windows Embedded device, make sure that the device is a member of a collection that has a configured maintenance window.

10. On the Alerts page, configure how Configuration Manager and System Center Operations Manager will generate alerts for this deployment.

    Warning
    You can review recent software updates alerts from the Software Updates node in the Software Library workspace.

11. On the Download Settings page, configure the following settings:

    • Specify whether the client will download and install the software updates when a client is connected to a slow network or is using a fallback content location.
      
      
    • Specify whether to have the client download and install the software updates from a fallback distribution point when the content for the software updates is not available on a preferred distribution point.
      
      
    • Allow clients to share content with other clients on the same subnet: Specify whether to enable the use of BranchCache for content downloads. For more information about BranchCache, see the Planning for BranchCache Support section in the Planning for Content Management in Configuration Manager topic.
      
      
    • For Configuration Manager SP1 only: Specify whether to have clients that are connected to the intranet download software updates from Microsoft Update if software updates are not available on distribution points.
      
      
    • For Configuration Manager SP1 only: Specify whether to allow clients to download after an installation deadline when they use metered Internet connections. Internet providers sometimes charge by the amount of data that you send and receive when you are on a metered Internet connection.
      
      

    Note

    Clients request the content location from a management point for the software updates in a deployment. The download behavior depends upon how you have configured the distribution point, deployment package, and the settings on this page. For more information, see the Planning for Preferred Distribution Points and Fallback section in the Planning for Content Management in Configuration Manager topic.

12. On the Deployment Package page, select an existing deployment package or configure the following settings to create a new deployment package:

    1. Name: Specify the name of the deployment package. This must be a unique name that describes the package content. It is limited to 50 characters.
       
       
    2. Description: Specify a description that provides information about the deployment package. The description is limited to 127 characters.
       
       
    3. Package source: Specifies the location of the software update source files. Type a network path for the source location, for example, \\server\sharename\path, or click Browse to find the network location. You must create the shared folder for the deployment package source files before you proceed to the next page.
       
       

       Note
       The deployment package source location that you specify cannot be used by another software deployment package.

       Security Note
       The SMS Provider computer account and the user that is running the wizard to download the software updates must both have Write NTFS permissions on the download location. You should carefully restrict access to the download location in order to reduce the risk of attackers tampering with the software update source files.

       Important
       You can change the package source location in the deployment package properties after Configuration Manager creates the deployment package. But if you do so, you must first copy the content from the original package source to the new package source location.

    4. Sending priority: Specify the sending priority for the deployment package. Configuration Manager uses the sending priority for the deployment package when it sends the package to distribution points. Deployment packages are sent in priority order: High, Medium, or Low. Packages with identical priorities are sent in the order in which they were created. If there is no backlog, the package will process immediately regardless of its priority.
       
       

13. On the Distribution Points page, specify the distribution points or distribution point groups that will host the software update files. For more information about distribution points, see Planning for Content Management in Configuration Manager.

    Note
    This page is available only when you create a new software update deployment package.

14. On the Download Location page, specify whether to download the software update files from the Internet or from your local network. Configure the following settings:

    • Download software updates from the Internet: Select this setting to download the software updates from a specified location on the Internet. This setting is enabled by default.
      
      
    • Download software updates from a location on the local network: Select this setting to download the software updates from a local directory or shared folder. This setting is useful when the computer that runs the wizard does not have Internet access. Any computer with Internet access can preliminarily download the software updates and store them in a location on the local network that is accessible from the computer that runs the wizard.
      
      

15. On the Language Selection page, select the languages for which the selected software updates are downloaded. The software updates are downloaded only if they are available in the selected languages. Software updates that are not language specific are always downloaded. By default, the wizard selects the languages that you have configured in the software update point properties. At least one language must be selected before proceeding to the next page. When you select only languages that are not supported by a software update, the download will fail for the software update.

16. On the Summary page, review the settings. To save the settings to a deployment template, click Save As Template, enter a name and select the settings that you want to include in the template, and then click Save. To change a configured setting, click the associated wizard page and change the setting.

    Warning
    The template name can consist of alphanumeric ASCII characters as well as \ (backslash) or ‘ (single quotation mark).

17. Click Next to create the automatic deployment rule.

1. In the Configuration Manager console, click Monitoring.

2. In the Monitoring workspace, expand Distribution Status, and then click Content Status. The packages are displayed.

3. Select the package for which to view detailed status information.

4. On the Home tab, click View Status. Detailed status information for the package is displayed.

1. In the Configuration Manager console, click Monitoring.

2. In the monitoring workspace, expand Distribution Status, and then click Distribution Point Group Status. The distribution point groups are displayed.

3. Select the distribution point group for which to view detailed status information.

4. On the Home tab, click View Status. Detailed status information for the distribution point group is displayed.

1. In the Configuration Manager console, click Monitoring.

2. In the monitoring workspace, expand Distribution Status, and then click Distribution Point Configuration Status. The distribution points are displayed.

3. Select the distribution point for which to view distribution point status information.

4. In the results pane, click the Details tab. Status information for the distribution point is displayed.