The previous article in this series presented an architectural overview of the SMS 2.0 Software Update Services Feature Pack. We also described its main components and deployment procedures. This installment of our Windows Patch Management series focuses on operational aspects and concludes our coverage of Systems Management Server (SMS). The next article will overview the new patch-management-related features of Software Update Services components incorporated in the recently released SMS 2003.
We conclude our coverage of SMS’ role in Windows patch management with an examination of configuration requirements and application prerequisites.
Previous installments in this series have listed relevant components and explained their availability, installation process, and role in the patch management process. Thus far, all of the components have been free downloads from the Microsoft Web site. However, we have not yet discussed prerequisites for their operation.
To run effectively, SUS Feature Pack should be installed on SMS 2.0 SP3 or later. SP 4.0 is recommended due to its built-in support for XP Professional clients and software distribution enhancements. Also, scan and sync inventory tools running on SMS clients require Windows NT 4.0 SP6a or later, along with Internet Explorer 5.0 and MS XML 3.0. Finally, the Web Reporting Add-in pack relies on the SQL Server hosting an SMS database operating in the mixed-mode security.
The SMS hardware inventory must be enabled in the site where SMS clients reside, since this is the primary mechanism on which the collection of patch-level information is based. You might also want to evaluate whether the weekly default inventory interval is sufficient to keep the environment properly patched. The same applies to SMS software installation functionality, although in this case, it is advisable to disable the sitewide countdown for assigned programs and notification of software distribution (since both settings are available in the Feature Pack) and change Advertised Program Manager interval from its one-hour default to match your expected deployment schedule without affecting the overall performance of SMS clients. It is also recommended to have at least one test computer in pre-production collections for Security and Office updates for each type of production system in an environment. Thus, if clients are running Windows 2000 SP3 and Windows XP SP1, you should ensure that identically configured workstations are available for evaluating the impact of each patch. It is also a good idea to account for differences in major hardware components.
As explained in the previous article, installing Feature Pack components on the SMS Site Server results in the creation of several collections, packages, and advertisements. Together, they form the framework of patch management operations. During installation, a system is designated to serve as a Sync host. The Sync host automatically keeps track of the latest security and MS Office updates released by Microsoft. While the host does not need to be an SMS server, it does require an SMS client.
The primary responsibility of an SMS administrator is to run Distribute Software Wizard whenever a new patch must be deployed. The wizard analyzes patch status information reported by SMS clients and updated on a regular basis by the Scan tool running locally on each system and based on the inventory tools and catalog data provided by the Sync host. It creates appropriate packages and advertisements targeting selected collections according to the results of this analysis. The packages contain missing patches, which are downloaded from the Microsoft Windows Updates Web site. The patches are then distributed to Windows systems within these collections using standard SMS software deployment mechanisms. They are installed with help from the Software Updates Installation Agent, which runs on every target system.
The Distribute Software Updates Wizard launches from the All Tasks -> Distribute Software Updates context-sensitive menu of any of the Collections, Packages, or Advertisements nodes in the SMS Administrator console. When running the wizard, the following actions are prompted:
Marcin Policht obtained his Master of Computer Science degree about 20 years ago and has been since then working in the Information Technology field, handling variety of responsibilities, but focusing primarily on the areas of identity and access management, virtualization, system management, and, more recently private, hybrid, and public cloud services. He has authored the first book dedicated to Windows Management Instrumentation and co-written several others dealing with subjects ranging from core operating system features to high-availability solutions. His articles have been published on such Web sites as ServerWatch.com and DatabaseJournal.com. For his contributions to the Microsoft technical community, he has been awarded the title of Microsoft MVP over the last ten years.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.