Managing software updates with SMS consists of a series of phases. Let's take a look at each phase in the software update management process and which SMS tool is engaged for that component of the process.
The first step is initiating the software update inventory cycle. The SMS administrator starts this phase by downloading and running the installer program for one or both of the software update inventory tools on the site server. The installer program:
Sets up the synchronization host
Creates the packages, collections, programs, and advertisements for installing the software update inventory tools' scanning components on the clients
Software update inventory tools scan the SMS clients and provide information about installed and applicable software updates.
Administrators use the DSUW, shown in Figure 12-1, to assess, authorize, and deploy software updates.
The synchronization host periodically updates the site's local catalogs based on the configuration and scans components. The default is weekly updates.
The various components of the software update management feature are used to manage software updates.
Let's break down the process and go through each step for managing the updates.
First, there are a few steps to starting the software update inventory cycle. Those include the following:
The SMS administrator downloads from the Microsoft downloads site the Security Update Inventory utility, the Microsoft Office Inventory Tool for Updates, or both.
The administrator runs the respective installer program on the SMS site server.
Each inventory utility installer program creates the necessary packages, collections, and advertisements for distributing the software update inventory tools' scan components to the site's clients.
Each inventory utility installer program creates the necessary packages, collections, and advertisements for distributing the synchronization component to the designated synchronization host.
SMS leverages the software distribution feature to distribute the software update inventory tools' scan components to the site's clients.
The clients run the advertised program and install the software update inventory tools' scan components.
The scan component of one or both software update inventory tools starts to run on SMS clients at the specified interval. The default interval is every seven days. Every time a scan component runs, it analyzes the current state of software updates on the client and generates a list of software updates that are installed and software updates that are applicable to the client. The scan component then stores that information in the Win32_PatchState property in WMI. This information is now treated as hardware inventory data. It is collected during the next hardware inventory cycle and propagates up the hierarchy along with the rest of the hardware inventory data. The time it takes for the information to reach the site server depends on the scan component configuration, hardware inventory agent schedule settings, and site server load.
With this information in place, the SMS administrator runs the DSUW to view, evaluate, and authorize applicable software updates. Inventory scanning updates can be downloaded as shown in Figure 12-2. The information that the wizard displays is based on the software update inventory data that was collected during the scanning phase. Note that the DSUW will not display information until the hardware inventory cycle has fully completed and the hardware inventory data is stored in the SMS site database.
The DSUW downloads from the Microsoft downloads site the source files for the specified software updates and then stores software update source files on a specified package source share. The DSUW then creates or updates the necessary packages, programs, and advertisements for distributing the software updates to SMS clients. To every package that the wizard creates or updates, it appends the necessary Software Updates Installation Agent components and the necessary program to initiate that component.
Once the Software Updates Installation Agent components are updated, the DSUW copies the required source files from the package source share to the specified distribution points. SMS then leverages software distribution to advertise the software updates programs to clients. The advertised programs run on the clients. The Software Updates Installation Agent runs and deploys the software updates. The agent runs the scan component to ensure that only the required software updates are deployed. The synchronization component then synchronizes the software update inventory tools' scan components and software update catalogs, which involves several additional steps. First, periodically the synchronization component checks the Microsoft Download Center Web site for updates to the software update inventory tools' scan components and software update catalogs. The default period is one week. The synchronization component downloads any new updates and then the synchronization host updates the local copy of software update catalogs, and also updates the packages, programs, and advertisements that are associated with the software update inventory tools' scan components. SMS then leverages the software distribution feature to advertise to clients the programs that update the software update inventory tools' scan components. Clients then run the advertised programs and update their software update inventory tools' scan components.