Monitoring: Best Practices

Use the best practices in this section to monitor the various aspects of the software update management process.

Use SMS inventory data to query the potential security problem exposure for a software update

When responding to a new critical software update, you can use SMS hardware and software inventory to query clients according to criteria in the vulnerability matrix for that update. This is not necessary for deploying the software update, but it can be useful for determining the overall exposure to the potential security problem, and whether or how aggressively the software update should be deployed. For example, if the vulnerability only exists on computers that are running IIS, and no computers in a collection are running IIS, the software update deployment can be skipped for that collection.

Monitor status MIF text for run-time errors and summary data

In addition to monitoring the software update reports, you should develop a process for regularly monitoring the software update package advertisement status MIF files for errors and summary data. In the SMS 2003 release, status messages for summary and detail level status have been dramatically improved and are now complete status messages viewable with reports and the status message viewer in each SMS Server language.

Run compliance reports regularly

You should run regular reports to monitor the number of missing or installed updates, or updates with incomplete status, for each software update that is authorized. Similarly, reporting for software updates that are not yet authorized can facilitate easy deployment decisions. Try using the Dashboards feature of reporting to create a customized view of compliance, infrastructure health, and distribution status and include a link to this dashboard in your Internet Explorer Favorites.

For More Information

Did you find this information useful? Please send your suggestions and comments about the documentation to smsdocs@microsoft.com.