Another component, Web Reports Add-In for Software Updates, simplifies the analysis of information about status of patch distribution and installation. This component contains a number of predefined reports (such as “Installed patches for a specific computer”, “Machines with a specific patch installed”, and “Machines where a specific patch is applicable”), which are displayed in an Internet Explorer window. They are generated much faster than the inventory information available through the SMS Administrator console because they bypass the WMI layer when deriving information from SMS databases.
While the operation of the remaining components of SMS 2.0 SUS Feature Pack is practically fully automated, no discussion would be complete without noting caveats that apply to the Sync host configuration. This system is intended, by default, to download patches when a user with administrative privileges is logged on. While it is possible to run Sync host in an unattended manner, this requires additional changes. This requirement is related to the fact that with no user logged on, Sync tool executes in the security context of the SMSCliToknAcct& local account with no privileges to access remote computers. In such cases, the package folder containing Scan files (updated by Sync tool) must reside locally on the Sync Host computer. You might also run into problems if your proxy requires authentication for Internet access, since a process running in the background cannot submit required credentials. This can be resolved if your proxy supports IP-address-based exclusions. In addition, you should ensure that Internet Explorer is configured to use HTTP 1.1 through proxy connection. Note that this setting is applied to the computer, not the user configuration, since the unattended connection to Windows Update servers will be established in the security context of the SMSCliToknAcct& account. The per-machine option can be enforced using Group Policies (Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Make proxy settings per-machine rather than per-user).
Next, you must modify the following within SMS Administrator Console:
If this approach is not possible (e.g., due to proxy authentication limitations), you can manually download tool updates on any system with a direct connection to the Internet (and the Microsoft Update Web site). This can be done by executing the following on that computer: SYNCXML.EXE /s /site Server /code SiteCode /target ServerScanSource /package PackageID, where Server is the name of the computer hosting Scan package source files, SiteCode is the SMS Site code, ScanSource is the share where Scan package source files reside, and PackageID is the Package ID of the Scan Tool package. The /s switch merely makes the execution silent.
This concludes our overview of SMS 2.0 SUS Feature Pack. The next article will review the remaining patch management offers from Microsoft and start our examination of third-party solutions.
Marcin Policht obtained his Master of Computer Science degree about 20 years ago and has been since then working in the Information Technology field, handling variety of responsibilities, but focusing primarily on the areas of identity and access management, virtualization, system management, and, more recently private, hybrid, and public cloud services. He has authored the first book dedicated to Windows Management Instrumentation and co-written several others dealing with subjects ranging from core operating system features to high-availability solutions. His articles have been published on such Web sites as ServerWatch.com and DatabaseJournal.com. For his contributions to the Microsoft technical community, he has been awarded the title of Microsoft MVP over the last ten years.
ServerWatch is a top resource on servers. Explore the latest news, reviews and guides for server administrators now.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
