Configuration Manager/Download and deploy an update

From ITHandbook

Overview

Configuration Manager provides similar functionality to WSUS. It can synchronize updates, download them, and then distribute them to clients. Among other things, it can assess software update compliance. Administrators can check the compliance status in the console to see if clients have installed the update.

There are two ways to download and deploy updates, manually or by creating the Automatic Deployment Rules (ADR).

Prerequisites

  • The account used to operate must have an appropriate security role to perform the site server.
  • A software update point must be installed.
  • A share to store the updates and allow users to access them.

Manually download and deploy updates

 Note:
 This section describes how to manually download and deploy updates.
For automated processes, refer to Automatically download and deploy updates

Download an update

Go to the Software Library → Software Updates → All Software Updates.

Select and right-click an update, and then select Download.

Select a deployment package or create a new deployment package.

To create a new deployment package, enter the name and description, and then specify a package source, it must be a UNC path.

Specify the distribution points or distribution point groups to host the content.

  • Distribution priority
    • Specify the distribution priority for the deployment package.
  • Enable for on-demand distribution
    • Recommended to select this option.
    • When a client requests the content but isn't available on any of the client's preferred distribution points, Configuration Manager will automatically distribute this content to the client's preferred distribution points.
  • Prestaged distribution point settings
    • Specify how you want to distribute content to prestaged distribution points. Recommended to select the first option.

Specify a location to download the update source files.

Select a language for each product, or leave it as default and click Next.

Review the summary and click Next to start the progress.

Click Close to exit the wizard.

Deploy an update

The steps for manually deploying updates are similar to those for automatically deploying updates. You can refer to Automatically download and deploy updates.

Automatically download and deploy updates

 Note:
 This section describes automatically download and deploy updates.

Start the wizard

Go to the Software Library → Software Updates.

Right-click Automatic Deployment Rules and select Create Automatic Deployment Rule.

Specify basic information

Enter a name and description for the rule.

Select a template to specify whether to apply previously saved ADR configurations

  • Patch Tuesday
    • Provides common settings for monthly cumulative updates.
  • Office 365 Client Updates
    • Provides common settings for Microsoft 365 Apps clients.
  • SCEP and Windows Defender Antivirus Updates
    • Provides common settings for definition updates of Endpoint Protection or Windows Defender Antivirus.

Specify a collection to be used for the deployment.

You can select an existing software update group, or create a new one by selecting Create a new Software Update Group option.

  • Enable the deployment after this rule is run
    • Specify whether to enable the software update deployment after the ADR runs.

Configure the deployment settings

  • Type of deployment: Select one of the following options.
    • Required: Create a mandatory software update deployment.
    • Available: Create an optional software update deployment.
  • Use Wake on LAN to wake up clients for required deployments
    • Specifies whether to enable Wake On LAN at the deadline.
  • Pre-download content for this deployment
    • Reduce installation wait times for clients. This option is only available when the deployment is Available.
  • Detail level
    • Specify the level of detail for the update enforcement state messages that are reported by clients.

For the license terms setting, select Automatically deploy all software updates found by this rule and approve any license agreements and click Next.

Configure the search criteria

For example, for Windows Server 2022, the following criteria are configured:

  • Select Last 1 month for Date Released or Revised.
  • Select Microsoft Server operating system-21H2 for Target.
  • Select Critical Updates, Feature Packs, Security Updates, and Updates for Update Classification.

For more information about update classifications, see Update Classifications.

Configure the evaluation schedule

Specify whether to enable the ADR to run on a schedule. Click Next to proceed.

By default, "Run the rule after any software update point synchronization" is selected.

Configure the deployment schedule

  • Schedule evaluation
    • Select Client local time to avoid unnecessary time zone conversions.
  • Software available time
    • Select As soon as possible to make the software updates available to clients as soon as possible, or manually specify a time.
  • Installation deadline
    • Specify a reasonable period for the software updates.
  • Delay enforcement of this deployment according to user preferences, up to the grace period defined in client settings
    • Give users more time to install the software updates beyond any deadlines you set.
    • You can configure the grace period in client settings.

Configure user experience

  • User notifications
    • Select Display in Software Center and show all notifications to let users know that updates are available or being installed.
  • Deadline behavior
    • Select all options to make updates to ensure immediate completion of the update installation
    • This option is only available when the deployment is Required.
  • Device restart behavior
    • Specify whether to restart the OS on servers or workstations if a restart is required to complete the update installation.
    • For server environments, configure options carefully.
  • Write filter handling for Windows Embedded devices
    • Control the installation behavior on Windows Embedded devices that are enabled with a write filter.
  • Software updates deployment re-evaluation behavior upon restart
    • Run a software updates compliance scan immediately after a client installs software updates and restarts.

Configure the alert settings

Configure how Configuration Manager generates alerts for this deployment.

If you're also using System Center Operations Manager, enable it.

Specify a deployment package

Select a package or create a new package.

To create a new package, enter the name and description, and then specify a package source, it must be a UNC path.

Specify the distribution points or distribution point groups to host the content.

Specify a download location

Specify a location to download the update source files.

Specify a language for products

Select a language for each product, or leave it as default and click Next.

Specify the download settings

Specify if clients should download and install the updates when they use a distribution point from a neighbor or the default site boundary groups.

Specify if clients should download and install the updates from a distribution point in the site default boundary group, when the content for the software updates isn't available from a distribution point in the current or neighbor boundary groups.

  • If software updates are not available on distribution point in any...
    • Download software updates from Microsoft Update if updates aren't available on distribution points for intranet-connected clients.
  • Allow clients on a metered Internet connection to download content after the installation deadline, which might incur additional costs
    • Do not select this option unless necessary.

Summary and start configuration

Review the summary and click Next to start the progress.

Click Close to exit the wizard.

Retrieved from "https://www.ithandbook.org:443/index.php?title=Configuration_Manager/Download_and_deploy_an_update&oldid=2132"