Join Brien Posey for an in-depth discussion in this video Deploy updates manually, part of Windows 10: Plan and Implement Software Updates.
- [Instructor] Within a few hours of initiating the synchronization process, updates should be available for deployment. There are some places that you can check to make sure that the synchronization process is working as expected. Go to Monitoring workspace, and go to the Software Update Point Synchronization Status container. Here you can see when the last synchronization attempt occurred and the synchronization status. You can also use the Refresh button to get an updated synchronization status. If you go to the Software Library workspace and go through the console tree to Overview, Software Updates, All Software Updates, you'll see a list of the software updates that are available for deployment.
If this list has not been populated, then there's a good chance that the synchronization process may have failed. The two most common errors are using the incorrect port numbers for the WSUS server and having inadequate permissions for the location where WSUS shares its updates. I'll open File Explorer, and here you can see the Updates folder. And you can see two shares that reside beneath that folder. These are the shares where WSUS stores its update files, and System Center Configuration Manager has to have access to these shares in order for the updates to appear within the System Center Configuration Manager console.
The location of these shares is going to vary depending on how your system is configured, but if you do have trouble getting to the updates then this is a good place to check. To deploy an update, all you have to do is right-click on the update and choose the deploy option. This is going to launch the Deploy Software Update Wizard. So there are a number of different steps in this wizard. We begin by specifying the general information for the deployment, starting with the deployment name, which is filled in for you automatically.
Next, we have to specify a deployment collection. I'm going to click Browse. A deployment collection refers to the types of devices that we're going to deploy the update to. So right now our available options are all desktop and server clients, all mobile devices, all systems, or all unknown computers. I'm just going to choose the All Unknown Computers and click OK, and then I'm going to click Next. Now we have the option of choosing what type of deployment this is.
We can make this a required update, or we can make it an available update. We can also set the detail level for the deployment process. By default, only success and error messages are shown, but we do have the option of specifying all messages or only error messages. I'm going to put this back to the default. When I click Next, we're taken to the Scheduling tab. And right now the time is based on local time. That's generally the preferred option. Next, we can set the software available time.
We can make the update available as soon as possible, or we can make the update available at a specific time. If we're making the update required, which we're not in this case, but if we were, we could set a deadline for installing the update, and then we could specify the deadline time in this field that you see right here. I'm going to click Next, and now we're taken to the User Experience page. The first option on the User Experience page is user notifications. Right now this is set to display in System Center and only show notifications for computer restarts, or we could display in System Center and show all notifications.
Generally you'll want to use only the notifications for computer restarts as a way of reducing some of the clutter. Down here we have write filter handling for Windows Embedded devices, which we're not using, and we also have software update re-evaluation behavior upon restart. And there's a checkbox we can use. And that checkbox is labeled if any updates in this deployment require a system restart, run update deployment evaluation cycle after restart. So I'm going to go ahead and click Next, and now we're taken to the Alerts page.
And down here we have Operations Manager alerts. We can disable Operation Manager alerts while software updates run. And we have generate Operation Manager alerts when a software update installation fails. I'm going to click Next, and we're taken to the Download Settings screen. The first option here is the deployment options. We have do not install software updates, or download software updates from a distribution point and install.
So the first option on the Download Settings screen is to select the deployment option to use when a client uses a distribution point from a neighbor boundary group or the default site boundary group. And we have two options here. We can choose to not install the software update, or we can allow the software update to be downloaded from the distribution point and installed. The next option is when software updates are not available on any distribution point in the current or neighbor boundary group, client can download and install software updates from distribution points in the default boundary group.
And our options here are do not install software updates, or download and install software updates from the distribution points in site default boundary group. There's also a checkbox to allow clients to share content with other clients on the same subnet. And then there are two checkboxes down at the bottom. If software updates are not available on distribution point in current neighbor or site boundary groups, download content from Microsoft Update. Generally that's a good option to check.
Then we have another checkbox. Allow clients on metered internet connection to download content after the installation deadline, which might incur additional cost. So in other words, if you have client computers that are on a metered network, that's a network where they're charged based on the amount of data that they download. If you select this checkbox, then that metered connection will be used to download required updates once the deadline expires. I'm going to click Next, and now we're taken to the Deployment Packages screen.
So generally you would select the package that you want to use, but right now we don't have any packages. So we're going to have to create one. So the first thing that we have to do is enter a name for the deployment package, and I'm just going to call this one Updates. In the real world, you would want to use something a little bit more descriptive. Then we have to provide a package source. So I'm going to click Browse, and then I'm going to type \\in-ss-sccm.
That's my server name. And then I'm going to go to Software. That's a folder that I've set up to act as a distribution point. So I'm going to select this folder, and then sending priority is set to medium by default. And I'm going to click next, and now we have to select a distribution point. I'm going to click Add and then Distribution Point. And my current server is set up to function as a distribution point, so I'm going to select that checkbox and click OK and click Next. And now I'm taken to the Download Location screen.
Now this is really interesting. The default option is download software from the internet. But if you look at the text down here, you can see that it says when the deployment package contains all of the required software updates, select download software updates from internet. The software update files will be validated but will not be downloaded again. So in other words, if the updates are available locally, then even though we've told System Center to download those software updates from the internet, it won't actually use the internet for anything other than validation.
So I'm going to click Next, and now we have to specify the language that we want to use. I'm going to go with English, and I'll click Next. I'm taken to the Summary screen, and here we have a summary of all of the options that we've chosen. There are quite a few options, so you want to take some time and read through this, and just make sure everything is okay. And then I'll click Next, and we're taken to the Progress screen, and this process can take a few minutes to complete. And the Deployment Wizard has completed successfully.
So I'm going to go ahead and click Close, and our update has been prepared for deployment.
- Deploying updates manually
- Monitoring deployments
- Configuring automatic deployment rules
- Analyzing log files
- Approving and declining updates in Intune
- Deploying software from SCCM, WSUS, and Intune