Software updates are delivered to client computers in Configuration Manager 2007 by creating software update deployments. The Deploy Software Updates Wizard is used to create deployments and can be started by using several different methods. For more information about running the Deploy Software Updates Wizard, see How to Deploy Software Updates.
Software Update Deployment Settings
When creating a software update deployment, the following settings are configured:
Setting | Description |
---|---|
General |
Specifies the name and description of the deployment. |
* Collection |
Specifies the collection that will be targeted for the software update deployment. |
* Display/Time Settings |
Specifies whether the user will be notified of pending software updates, the installation progress for software updates, whether a client evaluates the deployment schedule based on local or Coordinated Universal Time (UTC), and the default duration between software update availability and mandatory installation on clients. |
* Restart Settings |
Specifies the system restart behavior when a software update installs on a client and requires a restart to complete. |
* Event Generation |
Specifies whether Microsoft Operation Manager alerts are disabled while the software updates install and whether an Operation Manager alert is created when a software update installation fails. |
* Download Settings |
Specifies how clients will interact with distribution points when they receive a software update deployment. |
* SMS 2003 Settings |
Specifies whether to deploy software updates to SMS 2003 clients that are in the target collection. |
Deployment Package |
Specifies the deployment package that will be used to host the software updates in the deployment. This setting is not available when all software updates in the deployment have already been downloaded to a package. |
Download Location |
Specifies whether the software updates in the deployment are downloaded from the Internet or from the local network. |
Language Selection |
Specifies the languages for which the software updates in the deployment are downloaded. |
Deployment Schedule |
Specifies the schedule for when a software update deployment becomes active, when software update installation is enforced on clients, whether to enable Wake On LAN, and whether to ignore maintenance windows when installing updates. |
NAP Evaluation |
Specifies whether the software updates in this deployment will be included in a Network Access Protection (NAP) evaluation. |
An asterisk (*) denotes the deployment properties that can be stored in a deployment template. An existing deployment template can be selected at the start of the wizard to automatically populate these properties. If a deployment template is not used when creating a deployment, the properties are manually entered and can optionally be saved as a deployment template within the wizard and used in future deployments. For more information, see About Deployment Templates in Software Updates.
Deployment Package Setting
The deployment package properties are not displayed when all software updates in the deployment have previously been downloaded and copied to a package shared folder on the distribution point. When previously downloaded, the deployment is automatically configured to use the package that hosts the downloaded software updates. When there are multiple software updates in a deployment and at least one software update has not been downloaded, a deployment package must be specified. Any software updates already downloaded to the deployment package will not be downloaded again, but just verified that they are in the package.
Deployment Deadline
When creating a software update deployment in the Deploy Software Updates Wizard, the Deployment Schedule page allows a deployment deadline date and time to be configured. Deployment deadlines can also be configured from the Deployment Schedule tab in the properties for the deployment.
Setting a deadline makes the deployment mandatory, and it enforces the software update installation on client computers by the configured date and time. If the deadline is reached and the software update deployment has not yet run on the client computer, the installation starts automatically whether or not a user is logged on to the computer. A system restart can be enforced if it is necessary for the software update installation to complete.
On client computers, display notifications will appear that inform the user that one or more software updates are ready to install and the date for the earliest deadline time displays. For example, if there are two deployments with deadlines that are two days apart, the deployment deadline that comes first displays in the notifications to users. Once the software updates have been installed for the deployment with the earliest deadline, the client computer will continue to receive notifications, but the deadline will now display the deadline for the second deployment.
In SMS 2003, deadlines were set to occur x days after the client received the policy to install the software updates. Deployment deadlines have been simplified in Configuration Manager 2007 and are now configured for an explicit date and time. SMS 2003 clients in the Configuration Manager hierarchy will also use the configured deadline date and time for deployments targeted to them.
NAP Evaluation Setting
The NAP evaluation page of the Deploy Software Updates Wizard does not display unless NAP is configured for the site. For more information, see About Network Access Protection in Configuration Manager Hierarchies.
License Terms for Software Updates
When a software update has an associated Microsoft Software License Terms and the License Terms has not yet been accepted, the Review/Accept License Terms Dialog Box displays before opening the Deploy Software Updates Wizard. Once the License Terms for a software update has been accepted, the wizard opens and the software updates can be deployed. Future deployments for the software update will not require license terms acceptance. When the license terms are declined, the process is cancelled.
Software Update Deployment Process
The compliance assessment data is used to determine which software updates are required on client computers. When you are creating a software update deployment in the Deploy Software Updates Wizard, the software updates in the deployment are downloaded from the location specified on the Download Location page of the wizard to the configured package source, if not previously downloaded. When the wizard completes, a deployment assignment policy is added to the machine policy for the site. The software updates are then copied from the package source to the configured shared folders on the distribution points defined in the package, where they are available for client computers.
When a client computer in the target collection for the deployment receives the machine policy, a software update client component initiates an evaluation scan. Software updates that are still required on the client are added to a class in Windows Management Instrumentation. The software updates in mandatory deployments are downloaded as soon as possible from the distribution point to the local cache on the client computer. The software updates in optional deployments are not downloaded until installation is manually initiated. If a deadline is added to an optional deployment, making it a mandatory deployment, client computers will download the software updates in the deployment as soon as they are made aware of the change.
Note |
---|
In Configuration Manager 2007, software updates are always downloaded to the local cache and then installed. Systems Management Server 2003 clients have an option to run the software updates installation directly from a distribution point. |
If the client is unable to retrieve the location for the distribution point through Location Services, the client will retry for up to five days before failing. If the client is unable to connect to the distribution point to download the content or the download fails, the client will retry for up to 10 days before failing. When updates are manually initiated, the client retry intervals are 1 hour per distribution point with a four-hour maximum before the request fails.
When software updates that have a configured deadline become available on a client computer, the Available Software Updates icon appears in the notification area that informs the user of the pending deadline. Display notifications are presented on a periodic basis until all pending mandatory software update installations have completed. By default, they are displayed every three hours for deadlines more than 24 hours away, every hour for deadlines less than 24 hours away, and every 15 minutes for deadlines that are less than one hour away. For more information about the display notification settings, see Computer Client Agent: Reminders Tab.
Note |
---|
There is a site-wide setting available that hides deployments from client computers. If this setting is enabled, display notifications, notification area icons, and software update installation progress dialog boxes are not displayed. Only software updates from mandatory deployments can be run on client computers. For more information, see How to Hide Deployments on Client Computers. |
Unless deployments are configured to be hidden, users can open the Express/Advanced dialog box to initiate installation for all mandatory software updates. Or they can open the Available Software Updates dialog box, where they can choose to install either mandatory or optional software updates.
When the configured deadline passes on mandatory software updates, a scan is initiated to verify that the software update is still required, the local cache on the client computer is checked to verify that the software update source file is still available, and then the software update installation is initiated. When the installation completes, it is verified that the software update is no longer required and a state message is sent to the management point that indicates that the update is now installed.
Note |
---|
State messages for deployments are replicated up the hierarchy to the site where the deployment was created. State messages for software updates are replicated to the site that synchronized with Microsoft Update, typically the central site. Reports run from a site higher in the hierarchy will not display information for the state messages that were replicated to a lower-level site. |
Required System Restart
By default, when software updates from a mandatory deployment have installed on a client computer but a system restart is required for the installation to complete, the system restart will be initiated. For software updates that have been installed prior to the deadline, the automatic system restart will be postponed until the deadline, unless the computer is restarted prior to that for some other reason.
The system restart can be suppressed for servers and workstations. These settings are configured in the Restart Settings page of the Deploy Software Updates Wizard when creating a deployment and in the Restart Settings tab in the deployment properties. This setting can also be configured in a deployment template.
Deployment Reevaluation Cycle
Client computers initiate a deployment reevaluation cycle every 7 days, by default. During this evaluation cycle, the client computer scans for software updates that have been previously deployed and installed. If any are missing, the software updates are reinstalled from the local cache. If a software update is no longer available in the local cache, it is downloaded from a distribution point and then installed. The reevaluation cycle is configured on the Deployment Re-Evaluation tab of the Software Updates Client Agent Properties page. For more information, see Software Updates Client Agent Properties: Deployment Re-Evaluation Tab.
Deployment Packages
Deployment packages are not hard-linked to deployments. When client computers receive a new deployment, they will use the software update source files from any distribution point that has them, even from a deployment package and distribution point that was not configured in the deployment. For more information, see About Software Update Deployment Packages.
Managing Deployment Collections
When you are creating a deployment in the Deploy Software Updates Wizard, the software updates are deployed to the members of the specified target collection. Prior to creating a new deployment, you might want to create a new collection that contains client computers that require particular software updates. For more information about creating collections, see How to Create a Collection.
Caution |
---|
When a collection that is used in a deployment is deleted, the software update deployment is deleted as well. Do not delete collections that are used in active deployments. |
See Also
Tasks
How to Create a CollectionHow to Deploy Software Updates
How to Hide Deployments on Client Computers
Reference
Computer Client Agent: Reminders TabDeployment Name Properties: Restart Settings Tab
Review/Accept License Terms Dialog Box
Software Updates Client Agent Properties: Deployment Re-Evaluation Tab
Concepts
About Software Update Deployment PackagesAbout Deployment Templates in Software Updates
About Network Access Protection in Configuration Manager Hierarchies
Icon Glossary for Software Updates
Planning for a Software Update Deployment