The General page allows you to provide the name and description for the deployment. The name must be unique for the site.

Recommendation

The Collection page specifies the collection that will be targeted for the software update deployment. Members of the collection and subcollections, if configured, receive available deployments during their next Machine Policy Retrieval & Evaluation Cycle. The following settings are available on the Collection page:

• Collection: Specifies the target collection for the deployment. Members of the collection receive the software updates defined in the deployment.
  
  
• Include members of subcollection: Specifies whether members of any subcollection of the main collection receive the software updates defined in the deployment. By default, this setting is enabled and members of both the collection and subcollection are targeted for the deployment.
  
  

Recommendation

The Display/Time Settings page specifies whether the user will be notified of pending software updates, the installation progress for software updates, whether a client evaluates the deployment schedule based on local or Coordinated Universal Time (UTC), and the default duration between software update availability and deployment deadline. The following settings are available on the Display/Time Settings page:

• Display Settings
  
  
• Select one of the following settings:
  
  
• Allow display notifications on clients: Specifies that display notifications are used on clients that inform end users of available software updates and progress indicators are displayed during software update installation. By default, this setting is selected and display notifications are allowed on clients.
  
  
• Suppress display notifications on clients: Specifies that display notifications are not used on clients and progress indicators are not displayed during update installation. Software update notification icons will still display on clients and users can click this icon to see available updates.
  
  
• Time Settings
  
  
• Select one of the following settings:
  
  
• Client Local Time: Specifies that clients use their local time to evaluate schedules for the time when software updates become available on clients and when deadlines enforce software update installation, if enabled.
  
  
• UTC: Specifies that clients use UTC to evaluate schedules for the time when software updates become available on clients and when deadlines enforce software update installation. By default, this setting is selected and UTC is used to evaluate deployment schedules.
  
  
• Duration Setting
  
  
• Duration: Specifies the duration, which is used only when creating a deployment using a template. The deadline setting in the deployment defaults to the time when an update is available plus the configured duration setting. By default, the duration is set at 2 weeks.
  
  

The Restart Settings page specifies the system restart behavior when a software update installs on a client computer and requires a restart to complete. The following settings are available on the Restart Settings page:

Suppress the system restart on:

• Servers: Specifies whether to suppress a system restart on servers. This action is requested by a software update installation when a restart is required for the installation to complete. By default, this setting is not enabled, and servers will restart if required by the software update installation.
  
  
• Workstations: Specifies whether to suppress a system restart on workstations. This action is requested by a software update installation when a restart is required for the installation to complete. By default, this setting is not enabled, and workstations will restart if required by the software update installation.
  
  

Specify whether to allow a system restart outside of maintenance windows both for servers and for workstations:

• Allow system restart outside of maintenance windows: Specifies whether to allow system restarts for both workstations and servers outside of configured maintenance windows. By default, this setting is not enabled, and when a system restart is required for a software update installation to complete, it is initiated only when more than 10 minutes are left in the configured maintenance window.
  
  

Recommendation

The Event Generation page specifies whether Microsoft Operation Manager alerts are disabled while the software updates install and whether an Operation Manager alert is created when a software update installation fails. The following settings are available on the Event Generation page:

• Disable Operations Manager alerts while software updates run: Specifies that Operation Manager alerts are disabled during the software update installation. This is useful when deploying software updates will impact an application that is being monitored by Operations Manager. By default, this setting is not enabled.
  
  
• Generate Operation Manager alert when a software update installation fails: Specifies that an Operations Manager alert is created for each software update installation failure. By default, this setting is not enabled.
  
  

Recommendation

The Download Settings page specifies how Configuration Manager 2007 client computers will interact with distribution points when they receive a software update deployment. The following settings are available on the Download Settings page:

When a client is connected within a slow or unreliable network boundary:

• Do not install software updates: Specifies that clients do not install software updates if they are within network boundaries that are designated as slow or unreliable. This is the default selection.
  
  
• Download software updates from distribution point and install: Specifies that clients download the software updates from the distribution point and install them if they are within network boundaries that are designated as slow or unreliable. This is the same behavior as if the client was within a local area network boundary.
  
  

Specify whether to allow clients that are within the boundaries for one or more protected distribution points to download and install software updates from unprotected distribution points when the updates are not available from any protected distribution point:

• Do not install software updates: Indicates that when protected distribution points do not have the software updates available for clients that are within the protected distribution point boundaries, software updates will not be installed.
  
  
• Download software updates from unprotected distribution point and install: Indicates that when protected distribution points do not have the software updates for clients that are within the protected distribution point boundaries, the client will download the software updates from an unprotected distribution point and install them. This is the default selection.
  
  

The SMS 2003 Settings page specifies whether to deploy software updates to SMS 2003 clients that are in the target collection. This setting is available only when all of the software updates in the deployment have been synchronized using the Inventory Tool for Microsoft Updates and have a value of Yes for the Deployable to SMS 2003 setting. The following settings are available on the SMS 2003 Settings page:

Deploy software updates to SMS 2003 clients

This setting specifies whether to deploy the software updates in the deployment to SMS 2003 clients that are in the target collection. A package, package instruction files, and advertisement are created and sent to child SMS 2003 sites to support the update installation on SMS 2003 clients. By default, this setting is not enabled.

Important
When this setting is disabled in an active deployment that includes SMS 2003 clients, this setting cannot be enabled again. The corresponding program and advertisement created for SMS 2003 clients are disabled. Before permanently disabling this deployment for SMS 2003 clients, make sure this is the intended action.

When this setting is selected, the following settings are available:

• Collect hardware inventory immediately: Specifies whether to collect hardware inventory on SMS 2003 clients immediately following software update installation. This increases reporting accuracy but might increase system activity on the SMS 2003 clients. By default, this setting is not enabled and hardware inventory is collected during its scheduled hardware inventory cycle.
  
  
• When a distribution point is available locally: Specifies that SMS 2003 clients handle software update installation when the updates are available on a local distribution point according to the following options:
  
  
  • Run update installation from distribution point: Specifies that the software updates are installed from the distribution point. This is the default setting.
    
    
  • Download updates from distribution point and then run installation: Specifies that the software updates are downloaded from the distribution point and then installed on the client.
    
    
• When a client is connected within a slow or unreliable network boundary: Specifies that SMS 2003 clients handle software update installation when the updates are available only on remote distribution points according to the following options:
  
  
  • Do not run update installation: Specifies that the software update installation will not run. This is the default setting.
    
    
  • Download updates from a remote distribution point prior to update installation: Specifies that the software updates are downloaded from the distribution point and then installed on the client.
    
    
  • Run update installation from a remote distribution point: Specifies that the software updates are installed from the remote distribution point.
    
    

For more information about deploying software updates to SMS 2003 clients, see Planning for SMS 2003 Deployments later in this section.

Recommendation

The Deployment Package page specifies the deployment package that will be used to host the software updates in the deployment. The software updates in the deployment are downloaded and copied to the deployment package folder on the distribution points configured for the package. If all software updates in the deployment have previously been downloaded and copied to a shared package folder on the distribution point, the Deployment Package page of the wizard does not display and the deployment is automatically configured to use the package that downloaded the update. If the deployment targets SMS 2003 clients, the wizard will always ask for a deployment package regardless of whether the updates have been previously downloaded. The following settings are available on the Deployment Package page:

• Select deployment package: Specifies that an existing package is used for the software updates in the deployment. Deployment packages that were created at the site can be selected. Packages created at a parent site are not available.
  
  
• Create a new deployment package: Specifies that a new package is created for the software updates in the deployment. The following properties are configured as part of the deployment package:
  
  
  • Deployment package name: Specifies the name of the deployment package. The package should have a unique name, describe the package content, and is limited to no more than 50 characters.
    
    
  • Deployment package description: Specifies the description of the deployment package. The package description should describe the package contents in detail and is limited to no more than 127 characters.
    
    
  • Deployment package source: Specifies the location of the software update source files. When the deployment is generated, the source files are compressed and copied to the distribution points that are associated with the deployment package. The source location must be entered as a network path (for example, \\server\sharename\path), or the Browse button can be used to find the network location. The shared folder for the deployment package source files must be manually created before proceeding to the next page.
    
    

    Important
    The deployment package source location must not be used by another deployment or software distribution package.

    Important
    The SMS Provider computer account and the user who will actually download the software updates to the download location both require write access to the download location. Restrict access to the download location to reduce the risk of attackers tampering with the software updates source files in the download location.

  • Deployment package sending priority: Specifies the sending priority for the deployment package. The sending priority is used for the deployment package when it is sent to distribution points at child sites. Packages are sent in priority order: High, Medium, or Low. Packages with identical priorities are sent in the order in which they were created. Unless there is a backlog, the package will process immediately regardless of its priority.
    
    
  • Enable binary differential replication: Specifies whether binary delta comparison should be used on changed package source files. Selecting the check box enables this behavior and allows Distribution Manager to transfer only parts of the file that have changed instead of the entire file. This behavior can result in large bandwidth savings when transferring the changes for large files, compared with the traditional method in which the entire file is transferred. For more information, see About Binary Differential Replication. This setting can be modified for existing packages in the properties for the package.
    
    

The Download Location page specifies whether the software updates in the deployment should be downloaded from the Internet or from the local network to the computer running the Configuration Manager console. The following settings are available on the Download Location page:

• Download software updates from the Internet: Specifies that the software updates are downloaded from the location on the Internet that is defined in the software update definition. This setting is enabled by default.
  
  

  Note
  Internet connectivity is required from the computer that runs the wizard in the Configuration Manager console.

• Download software updates from a location on the local network: Specifies that the software updates are downloaded from a local directory or shared folder. Use this setting if the computer running the wizard does not have Internet access or if the software updates are available on the local network. The software updates can be downloaded from any computer that has Internet access and stored in a location on the local network that is accessible from the computer running the wizard. For more information, see How to Manually Download Software Updates.
  
  

Recommendation

The Language Selection page specifies the languages that are downloaded for the selected software updates. The software updates are downloaded only if they are available in the selected languages. Software updates that are not language specific are always downloaded.

If all software updates in the deployment have previously been downloaded and copied to the shared folder for the package on the distribution point, the Language Selection page of the wizard does not display. The deployment is automatically configured to download the updates in the languages that were previously downloaded. The following settings are available on the Language Selection page:

• Update File: Specifies the languages for which software update files are downloaded. By default, the languages configured in the software update point properties are selected. Selecting additional languages does not add them to the configured software update point language settings. At least one language must be selected before proceeding to the next page. If a language is selected on this page that is not supported by the software update, the download will fail for the software update.
  
  

The Deployment Schedule page specifies when a software update deployment will become active and whether software update installation will be enforced on clients. The following settings are available on the Deployment Schedule page:

Select the data and time that software updates will be made available to clients:

• As soon as possible: Specifies that the software updates in the deployment are made available to clients as soon as possible. When the deployment is created, the machine policy is updated, clients are made aware of the deployment at their next machine policy evaluation cycle, and then the updates are available for installation.
  
  
• Date and time: Specifies that the software updates in the deployment will not be made available to clients until a specific date and time. When the deployment is created, the machine policy is updated and clients are made aware of the deployment at their next machine policy evaluation cycle, but the software updates in the deployment are not available for installation until the configured date and time.
  
  

Specify whether the software updates should automatically install on clients at a configured deployment deadline:

• Do not set a deadline for software update installation: Specifies that the software updates in the deployment are optional and do not require automatic installation by a specific date and time.
  
  
• Set deadline for software update installation: Specifies that the software updates in the deployment are mandatory and require automatic installation by a specific date and time. If the deadline is reached and the software updates in the deployment are still required on the client, the update installation will automatically be initiated. When a deadline is configured, the following additional settings are available:
  
  
  • Enable Wake On LAN: Specifies whether to enable Wake On LAN at the deadline to send wake-up packets to computers that require one or more updates in the deployment. The computers that are not running are started at the deadline so the update installation can be initiated. Clients that do not require any updates in the deployment are not started. By default, this setting is not enabled and available only when there is a deadline configured for the deployment.
    
    
  • Ignore maintenance windows and install immediately at deadline: Specifies whether the software updates in the deployment are installed at the deadline regardless of a configured maintenance window. By default, this setting is not enabled and available only when there is a deadline configured for the deployment.
    
    

More Information

The NAP Evaluation page specifies whether the software updates in this deployment are required for compliance when using Network Access Protection (NAP). Enable NAP evaluation to include the software updates in a NAP policy that will become effective on NAP-capable clients based on the configured schedule. When the policy becomes effective, NAP-capable clients might have restricted access until they comply with the selected software update. Network restriction and remediation are dependent on how the policies are configured on the Windows Network Policy Server. The following settings are available on the Deployment Schedule page:

• Enable NAP evaluation: Specifies whether the software update is included in the NAP policy and evaluated on NAP-capable clients. When this setting is selected, the following settings are available:
  
  
• Specify when these settings become effective:
  
  
• As soon as possible: Specifies that the software update is included in the NAP policy, which becomes effective on NAP-capable clients as soon as possible.
  
  
• Date and time: Specifies that the software update is included in the NAP policy, which becomes effective on NAP-capable clients on the specified date and time. The default date and time value is determined by adding 14 days to the deployment deadline date and time that was configured on the Deployment Schedule page.
  
  

The NAP evaluation page of the Deploy Software Updates Wizard does not display unless NAP is configured for the site. For more information, see About Network Access Protection in Configuration Manager Hierarchies.

All software updates that have been synchronized using the Inventory Tool for Microsoft Updates can be deployed to SMS 2003 clients. After the Microsoft Update catalog has been synchronized, the Deployable to SMS 2003 setting is set to Yes. The option to deploy to SMS 2003 clients is available only when every update in the deployment is deployable to SMS 2003.

Migrated Software Updates Metadata After an Upgrade

During the upgrade process, Configuration Manager 2007 Setup appends (LEGACY) to the title for each software update. This helps you identify software updates that were migrated among the new software updates metadata that is synchronized after the upgrade. Software updates with (LEGACY) in the title should not be deployed to clients and are only migrated for software update distributions that were migrated and for reporting purposes. You can run a script to hide these software updates in the Configuration Manager console so only deployable software updates are displayed. A sample script is available from the Microsoft Script Center Script Repository (http://go.microsoft.com/fwlink/?LinkId=102377).

Note
Migrated software updates that are in a software update deployment that was also migrated will not be hidden until the migrated deployment is deleted or the updates are removed from the deployment.

When creating a software update deployment that will target SMS 2003 clients, and at least one software update has not yet been downloaded, all of the software updates not in the package configured for the deployment will be downloaded even when they were previously downloaded to another package. When all software updates have been downloaded prior to creating the deployment, when the downloaded updates were previously downloaded to the package selected in the deployment, or when the Deploy software updates to SMS 2003 clients setting is not selected in the deployment, the wizard downloads only the software updates that have not been previously downloaded. To prevent this behavior, download the software updates that have not yet been downloaded prior to creating the deployment by using the Download Updates Wizard or the Update List Wizard.

If all the software updates that are selected for deployment are deployable to SMS 2003, you can select a deployment template that has the Deploy software updates to SMS 2003 clients setting enabled. If at least one software update is not deployable to SMS 2003 clients, templates that deploy updates to SMS 2003 clients are not available for use when creating the deployment.

Configuration Manager 2007 client computers download only the software updates from a deployment package that they require. This allows administrators to create large deployment packages that support multiple deployments. By default, when deploying software updates to SMS 2003 clients, the software update installation is run directly from a distribution point. When it is configured to download software updates and then install on the SMS 2003 Settings page of the Deploy Software Updates Wizard, the SMS 2003 client will download all updates contained in the deployment package regardless of applicability. If a deployment package contains a lot of updates that might not be applicable to the SMS 2003 clients, it is recommended that you run the update installation directly from the distribution point.