Automatically Add Required Patches to Pkg

Posted on Updated on

On a recent ConfigMgr 2012 engagement, I was migrating a customer from using standalone WSUS to CM12 Software Updates.  They requested to have the ability at ‘bypassing’ the steps required for downloading and distributing patches to the Distribution Points (but still desired to approve the patches before deployment).  To be clear, this ONLY for adding patches into a package automatically.  Other than for AV updates, it is never recommended to automatically approve and distribution patches.

Using CM12’s Automatic Deploy Rules (ADR), I was able to set up a process which would auto detect and distribute required patches to DPs within their organization so that they could rapidly deploy updates.  To do this:

  1. Create an “empty” collection that will NEVER contain any members
  2. If you do not have one already, create an “All Distribution Points” group with all DPs
  3. Create a new ADR in the console
  4. General page: add an appropriate name, target the EMPTY collection, and add the patches to an existing Software Updates Group, and deselect “Enable this rule…”
  5. Deployment Settings page: use defaults
  6. Software Updates page: add filters for
    • Product (Win7, Win8, WinXP, etc.)
    • Required (>0)
    • Superseded (No)
    • Title (-“service pack”) => using the minus before the name will exclude anything with that string in the title)
  7. Evaluation schedule page: Run the rule after any Software Updates sync (if only doing once per day) or set to run only overnight
  8. Deployment schedule page: for safety, set both the availability and deadline for 12 months in advance
  9. User Experience page: use defaults
  10. Download Settings page: select both options to “Do not install”
  11. Deployment Package page: create a new package or use an existing package
  12. Distribution Points page: add your “All Distribution Points” group
  13. Complete the remainder of the wizard with your desired patch download and language preferences
  14. After completion of the ADR, run it to ensure that patches are downloaded
  15. Open the deployment which was created to ensure it is disabled

Then you’re good to have them ready for approval in the future!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s