The overall process for software updates in System Center 2012 Configuration Manager includes four main operational phases: synchronization, compliance assessment, deployment, and monitoring. The synchronization phase is the process of synchronizing the software update metadata from Microsoft Update and inserting it into the site server database. The compliance assessment phase is the process that client computers perform to scan for compliance of software updates and report the compliance state for the software updates. The deployment phase is the process of manually or automatically deploying the software updates to clients. Finally, the monitoring phase is the process of follow-on monitoring for software update deployment compliance.
|Before software update compliance assessment data is displayed in the Configuration Manager console and before you can deploy the software updates to clients, you must carefully plan for the software updates in your hierarchy and configure the software update dependences to meet the needs of your environment. For more information about planning for software updates, see Planning for Software Updates in Configuration Manager. For more information about configuring software updates, see Configuring Software Updates in Configuration Manager.|
The following sections in this topic will help you with the operational phases for software updates in Configuration Manager:
- Synchronize Software
Software Update Settings
Software Updates to an Update Group
- Deploy Software
- Monitor software updates
Synchronize Software Updates
Software update synchronization in Configuration Manager is the process of retrieving the software update metadata that meets the criteria that you configure. The software update point on the central administration site, or on a stand-alone primary site, retrieves the metadata from Microsoft Update on a predetermined schedule. Alternatively, you can manually initiate metadata synchronization from the Configuration Manager console. After the software update synchronization is complete at a central administration site, the site sends the child primary sites a synchronization request that instructs them to initiate synchronization. For more information about software update synchronization, see the Software Updates Synchronization section in the Introduction to Software Updates in Configuration Manager topic.
You configure software update synchronization to run on a schedule as part of the properties for the software update point on the top-level site. After you configure the synchronization schedule you will typically not change the schedule as part of normal operations. However, you can manually initiate software update synchronization when it is necessary. For information about configuring the software update synchronization schedule, see the Synchronize Software Updates section in the Configuring Software Updates in Configuration Manager topic.
Use the following procedure to manually initiate software update synchronization.
To manually initiate software updates synchronization on the central administration site
After you initiate the synchronization process, you can use the Configuration Manager console to monitor the process for all software update points in your hierarchy. Use the following procedure to monitor the software update synchronization process.
To monitor the software update synchronization process
Download Software Updates
There are several methods available to you for downloading software updates in Configuration Manager. When you create an automatic deployment rule or manually deploy software updates, the software updates are downloaded to the content library on the site server, and then copied to the content library on the distribution points that are associated with the configured deployment package. If you want to download the software updates before you deploy them, you can use the Download Updates Wizard. Doing this will enable you to verify that the software updates are available on distribution points before you deploy the software updates to client computers.
|For information about monitoring content status, see the Content Status Monitoring section in this topic.|
Use the following procedure to download software updates by using the Download Software Updates Wizard.
To download software updates
Manage Software Update Settings
The software update properties provide information about software updates and associated content. You can also use these properties to configure settings for software updates. When you open the properties for multiple software updates, only the Maximum Run Time and Custom Severity tabs are displayed. The NAP Evaluation tab is also displayed if all selected software updates have been downloaded.
Use the following procedure to open software update properties.
To open software update properties
Review Software Updates Information
In software update properties, you can review detailed information about a software update. The detailed information is not displayed when you select more than one software update. The following sections describe the information that is available for a selected software update.
Software Update Details
Custom Bundle Information
Configure Software Updates Settings
In the properties, you can configure software update settings for one or more software updates. You can configure most software update settings only at the central administration site or stand-alone primary site. The following sections will help you to configure settings for software updates.
Set Maximum Run Time
Enable Network Access Protection (NAP) Evaluation
Set Custom Severity
Add Software Updates to an Update Group
Software update groups provide you with an effective method to organize software updates in your environment. You can manually add software updates to a software update group or automatically add software updates to a software update group by using an automatic deployment rule. You can also deploy a software update group manually or deploy the group automatically by using an automatic deployment rule. After you deploy a software update group, you can add new software updates to the group and Configuration Manager will automatically deploy them. Use the following procedures to add software updates to a new or existing software update group.
To add software updates to a new software update group
To add software updates to an existing software update group
Deploy Software Updates
The software update deployment phase is the process of deploying the software updates. Typically, you add software updates to a software update group and then deploy the software update group to clients. When you create the deployment, the software update policy is sent to client computers, the software update content files are downloaded from a distribution point to the local cache on the client computer, and then the software updates are available for installation on the client. Clients on the Internet download content from Microsoft Update.
|Starting in Configuration Manager SP1, you can configure a client on the intranet to download software updates from Microsoft Update if a distribution point is not available.|
|Unlike other deployment types, software updates are all downloaded to the client cache regardless of the maximum cache size setting on the client. For more information about the client cache setting, see the Configure the Client Cache for Configuration Manager Clients section in the How to Manage Clients in Configuration Manager topic.|
If you configure a required software update deployment, the software updates are automatically installed at the scheduled deadline. Alternatively, the user on the client computer can schedule or initiate the software update installation prior to the deadline. After the attempted installation, client computers send state messages back to the site server to report whether the software update installation was successful. For more information about software update deployments, see the Software Update Deployment Workflows section in the Introduction to Software Updates in Configuration Manager topic.
There are two main scenarios for deploying software updates: manual deployment and automatic deployment. Typically, you will initially manually deploy software updates to create a baseline for your client computers, and then you will manage software updates on clients by using automatic deployment.
The following sections provide information and procedures for manual and automatic deployment workflows for software updates.
Manually Deploy Software Updates
A manual software update deployment is the process of selecting software updates from the Configuration Manager console and manually initiating the deployment process. Or, you can add selected software updates to an update group, and then manually deploy the update group. You will typically use manual deployment to get your client devices up-to-date with required software updates before you create automatic deployment rules that will manage ongoing monthly software update deployments. You will also use a manual method to deploy out-of-band software updates. The following sections provide the general workflow for manual deployment of software updates.
Step 1: Specify Search Criteria for Software Updates
Step 2: Create a Software Update Group that Contains the Software Updates
Step 3: Download the Content for the Software Update Group
Step 4: Deploy the Software Update Group
Automatically Deploy Software Updates
Monitor software updates
To help you to monitor software updates objects, processes, and compliance information, the Configuration Manager console provides the following:
- Alerts for Software updates
- Software update synchronization status
- Software update deployment status
- Software update reports
- Content distribution status for software
Alerts for Software Updates
You can configure alerts for software updates to notify administrative users when compliance levels for software update deployments are below the configured percentage. You can configure alerts for software update deployments in the following locations:
- Automatic deployment rule setting: You can
configure the alerts settings in the Automatic Deployment Rule
Wizard and in the properties for the automatic deployment rule.
- Deployment setting: You can configure the
alerts settings in the Deploy Software Updates Wizard and in
After you configure the alert settings, if the specified conditions occur, Configuration Manager generates an alert. You can review software update alerts at the following locations:
- Review recent alerts in the Software Updates node in the
Software Library workspace.
- Manage the configured alerts in the Alerts node in the
Software Updates Synchronization Status
After you initiate the synchronization process, you can monitor the synchronization process from the Configuration Manager console for all software update points in your hierarchy. Use the following procedure to monitor the software update synchronization process.
To monitor the software updates synchronization process
Software Update Deployment Status
After you deploy the software updates in a software update group or deploy an individual software update, you can monitor the deployment status. Use the following procedure to monitor the deployment status for a software update group or software update.
To monitor deployment status
Software Updates Reports
The state messages for software updates provide information about the compliance of software updates and about the evaluation and enforcement state of software update deployments. You can run software update reports to display these state messages. There are more than 30 predefined software update reports available. They are organized in several categories and can be used to report on specific information about software updates and deployments. In addition to using the preconfigured reports, you can also create custom software update reports according to the needs of your enterprise. For more information, see Operations and Maintenance for Reporting in Configuration Manager.
You can monitor content in the Configuration Manager console to review the status for all package types in relation to the associated distribution points. This can include the content validation status for the content in the package, the status of content assigned to a specific distribution point group, the state of content assigned to a distribution point, and the status of optional features for each distribution point (content validation, PXE, and multicast).
Content Status Monitoring
The Content Status node in the Monitoring workspace provides information about content packages. You can review general information about the package, distribution status for the package, and detailed status information about the package. Use the following procedure to view content status.
To monitor content status
Distribution Point Group Status
The Distribution Point Group Status node in the Monitoring workspace provides information about distribution point groups. You can review general information about the distribution point group, such as distribution point group status and compliance rate, as well as detailed status information for the distribution point group. Use the following procedure to view distribution point group status.
To monitor distribution point group status
Distribution Point Configuration Status
The Distribution Point Configuration Status node in the Monitoring workspace provides information about the distribution point. You can review which attributes are enabled for the distribution point, such as the PXE, Multicast, and content validation. You can also view detailed status information for the distribution point. Use the following procedure to view distribution point configuration status.