Software Update Management Advanced Features

  • Article

The following advanced features are included with the software update management feature in SMS 2003.

On This Page

Persistent Notification
Unattended Software Update Installation
Firewall Authentication Support
Scheduled Installations
Dynamic Package Configuration
Reference Computer Inventory Template

Persistent Notification

The persistent notification icon is a feature that allows a user on a computer that is running the SMS Advanced Client to receive notifications and schedule software update installations independent of the software update advertisement. This allows for better compliance by allowing users to install updates at their convenience, and it reduces system load because the advertisement does not have to be scheduled as often.

If this feature is enabled by the SMS administrator for a software updates program or package, an icon appears in the notification area (also called the "system tray") whenever a user is logged on and there are pending, uninstalled software updates. When the computer is in compliance, the notification area icon does not appear.

Users can use the notification area icon to:

  • Check for upcoming installations.

  • Schedule installations and restarts to occur at convenient times of the day.

  • Install software updates immediately.

If the computer is running the Legacy Client, the persistent notification settings are ignored. You can enable this feature for a package or program on the third Configure Installation Agent Settings page of the Distribute Software Updates Wizard.

Unattended Software Update Installation

Unattended software update installations are installations that occur without notification or user interaction. No notification icon appears in the notification area, and users with insufficient credentials cannot terminate the process in Task Manager. This feature is useful for pushing critical software updates quickly through the enterprise and can be effective in locked-down installations or situations where enterprise policy dictates strict compliance rules.

You can enable unattended software update installations for a package or program through settings on the Configure Installation Agent Settings pages of the Distribute Software Updates Wizard. For more information, see the "Configure Software Updates Installation Agent Settings" section later in this chapter.

Firewall Authentication Support

Because the synchronization component of the software update inventory tools requires access through the firewall to the Internet, this can create problems in enterprises with stringent firewall policies.

You can now run the synchronization component to obtain catalogs of software updates in an automated, unattended way, even through a firewall that requires authentication of a domain user account. You can also optionally specify a user name and password of an account that is authenticated through the firewall, in addition to the IP address of a specific proxy server. For more information, see the "Configure the Synchronization Host" section later in this chapter.

Scheduled Installations

To accommodate the special requirements of servers, which often can be maintained only at certain hours on certain days, you can now configure the Distribute Software Updates Wizard and the Software Updates Installation Agent to limit the time that a software update is installed to a specific time period. Outside of this time period, no installation is performed. If the SMS client is offline during the time period when the advertisement is scheduled, the restricted time period prevents the SMS client from attempting to catch up and apply the software updates at the wrong time.

Dynamic Package Configuration

You can use dynamic package configuration to create multiple program objects for the same package. This allows you to distribute one package with multiple installation parameters, so that you can conditionally install the package to different collections according to criteria you define. For example, you can create one program for workstations that are running the Legacy Client, another for mobile users that are running the Advanced Client (with, for example, a less frequent advertisement schedule) and a third program for servers on which system restarts are automatically suppressed and a scheduled installation is specified.

You can also attach a different software updates authorization list to each program in the package, so you can, for example, add a newly released software update to your production package and distribute it only to your test collection.

Reference Computer Inventory Template

Because the Distribute Software Updates Wizard does not list a software update for approval until the update has been requested by at least one client computer, there might be some delay between the time a software update becomes available and the time it is approved for distribution. You can use this feature to specify a reference computer to generate baseline software update templates, which speeds authorization, package administration, and package deployment.

For More Information

Did you find this information useful? Please send your suggestions and comments about the documentation to smsdocs@microsoft.com.