How To Deploy Software Updates Using SCCM 2012 R2 In this post we will look at the steps on how to deploy software updates using SCCM 2012 R2. Deploying the software updates for the computers is essential, the software updates are released by major software vendors to address security vulnerabilities in their existing products. To stay protected against cyber-attacks and malicious threats it is very important that you keep the computers patched with latest software updates. Software updates in System Center 2012 R2 Configuration Manager provides a set of tools and resources that can help manage the complex task of tracking and applying software updates to client computers in the enterprise. Talking about software updates, in SCCM 2012 R2 there are few new features added which includes a new maintenance window dedicated for software updates installation. This lets you configure a general maintenance window and a different maintenance window for software updates. When a general maintenance window and software updates maintenance window are both configured, clients install software updates only during the software updates maintenance window. A new feature called Software updates preview lets you review the software updates before you create the deployment.
How To Deploy Software Updates Using SCCM 2012 R2
In this post we will see the steps on how to deploy software updates using SCCM 2012 R2, if you are looking for SCCM 2012 R2 step by step guides click here. There are 2 ways to deploy software updates using SCCM 2012 R2, Manual and Automatic. In Manual software updates deployment, a set of software updates is selected the Configuration Manager console and these updates are deployed to the target collection whereas Automatic software updates deployment is configured by using automatic deployment rules. This method is used for deploying monthly software updates and for managing definition updates. When the rule runs, the software updates that meet a specified criteria (for example, all security software updates released in the last week) are added to a software update group, the content files for the software updates are downloaded and copied to distribution points, and the software updates are deployed to client computers in the target collection. In this post we will see the steps to deploy the software updates manually and for automatic software updates deployment, there will be a separate post.
To start with, install the Software Update Point role first. Launch the Configuration Manager Console, click on Administration, expand Overview, click Site Configuration, click on Sites. At the top ribbon click on Add Site System Roles.
When you install WSUS, you can specify whether to use the default Internet Information Services (IIS) website or create a new custom WSUS website. As a best practice, select Create a Windows Server Update Services 3.0 Web site so that IIS hosts the WSUS 3.0 services in a dedicated website instead of sharing the same website with other Configuration Manager site systems or other software applications. When you use a custom website for WSUS 3.0, WSUS configures port 8530 for HTTP and port 8531 for HTTPS. You must specify these port settings when you create the software update point for the site.
For WSUS Server Connection Account, click Use credentials to connect to the WSUS server, click on Set and choose the account. The account provides authenticated access from the site to WSUS server. Click Next.
To see what’s happening at the background, you need to have 2 files opened wsyncmgr.log and WCM.log file. Below is the screenshot of the wsyncmgr.log file and we can see that the WSUS is synchronizing the categories and updates.
Out of all the updates we will not deploy all of them rather we will filter the updates by adding criteria. Click on Add criteria. Select Expired, Product, Superseded, Bulletin ID. Click Add. Choose the product as Windows 7, Bulletin ID as MS, Expired as NO, Superseded as NO.
Set the Type of deployment as Required and detail level can be set to Only success and error messages. Click Next.Configure the schedule for this deployment, set the Time based on to Client local time. Choose Software available time to specific time and set the Installation deadline to as soon as possible. Click Next.
For Deployment options, if a client is within a slow or unreliable network boundary then select Download software updates from distribution point and install. If the updates are not available with preferred DPs then select Download and install software updates from the fallback content source location. Click Next.