Introduction

Upon creating an automatic Software Update strategy in your organization, you need to automate this process as much as possible.

If you are using SCCM, you should be creating Automatic Deployment Rules (ADRs).

ADRs require configuration with deployment deadlines for software update installation on the clients.

This blog post describes in short what ADRs are and how they deploy to clients in different phases.

What are Automatic Deployment Rules?

ADRs are used to accomplish the following tasks automatically:

  • Filter out Software Updates according to a set amount of criteria from the database.
  • Add the filtered out Software Updates to a Software Update Group
  • Download the Software Updates to a Deployment Package
  • Deploy the Software Update Group to a collection

I have previously created a blog post which describes how to add multiple deployments for one Automatic Deployment Rule.

Configure ADRs in SCCM

The Deployment Schedule page looks like this in the Create Automatic Deployment Rule Wizard:

The different options that you can configure are defined by Microsoft here: https://docs.microsoft.com/en-us/sccm/sum/deploy-use/automatically-deploy-software-updates

Automatic Deployment Rules in SCCM

Above we can see that Available Time is two days. After two days, the software updates are available in the Software Center on the client.

Installation Deadline is configured for 7 days, which means that after 2+7 days, the software updates are forcefully installed on the clients.

Maintenance Windows and Deployment Deadlines

If you deploy software updates manually or using an Automatic Deployment Rule, any maintenance windows on a device will take precedence.

When looking into UpdatesDeployment.log, you can see the following line if a maintenance window is targeted to a machine.

no current service window available to run updates assignment with time required

If you want to see which maintenance windows are configured on a device, I recommend using Nickolaj Andersen’s Powershell script.

Conclusion

The key take away from this is that the software updates’ installation deadline is the sum of Available time + Deadline time.

I hope this short explanation can help someone! Did you know this? Please leave a comment below!

Related posts

7 COMMENTS

  1. Is the screen shot above, you have the “actual time” listed under available time and deadline time. I dont see that option on SCCM 1902. What version are you running?

  2. Hello Daniel,

    Could you please help me on below point?

    I have deployed software update on system, no user logged in that system (LAB system’s). System power is on.

    Type of deployment is Required.

    But patches not installed on that system from last 2 days.

    I have pull log from system and observed.
    Windows update scan run completed. system downloaded required patches. but still not installing.

    Is it required to user login in that system for install patches,

    or any other deployment setting is require for this scenario ?

    • Hello Daniel,
      Please find Updatedeployment.log

      Update (Site_4126B8CA-59A6-48B0-B3FF-69F92E5D04B5/SUM_54c61861-e5d2-4b07-82f3-54c0d167c0a6) Name (Security Update for Microsoft Word 2016 (KB4484268) 32-Bit Edition) ArticleID (4484268) added to the targeted list of deployment ({EF0CF867-76B4-48C6-BD9E-2C4E61276725}) UpdatesDeploymentAgent 4/2/2020 1:02:24 AM 964 (0x03C4)
      Update (Site_4126B8CA-59A6-48B0-B3FF-69F92E5D04B5/SUM_876138e5-4624-4dd6-b4e6-b063bf57efef) added to the targeted list of deployment ({EF0CF867-76B4-48C6-BD9E-2C4E61276725}) UpdatesDeploymentAgent 4/2/2020 1:02:24 AM 964 (0x03C4)
      Update (Site_4126B8CA-59A6-48B0-B3FF-69F92E5D04B5/SUM_8d642417-1aa0-4b95-b294-fc9b7159e62d) added to the targeted list of deployment ({EF0CF867-76B4-48C6-BD9E-2C4E61276725}) UpdatesDeploymentAgent 4/2/2020 1:02:24 AM 964 (0x03C4)
      Update (Site_4126B8CA-59A6-48B0-B3FF-69F92E5D04B5/SUM_e85c7796-010e-4f92-a901-852563815598) added to the targeted list of deployment ({EF0CF867-76B4-48C6-BD9E-2C4E61276725}) UpdatesDeploymentAgent 4/2/2020 1:02:24 AM 964 (0x03C4)
      Update (Site_4126B8CA-59A6-48B0-B3FF-69F92E5D04B5/SUM_b9f38079-d7b9-4519-8435-7a0fe43f511e) Name (2020-03 Cumulative Update for Windows 10 Version 1909 for x64-based Systems (KB4551762)) ArticleID (4551762) added to the targeted list of deployment ({EF0CF867-76B4-48C6-BD9E-2C4E61276725}) UpdatesDeploymentAgent 4/2/2020 1:02:24 AM 964 (0x03C4)
      Evaluation completed for the assignment {EF0CF867-76B4-48C6-BD9E-2C4E61276725} UpdatesDeploymentAgent 4/2/2020 1:02:24 AM 964 (0x03C4)
      CUpdateAssignmentsManager received a SERVICEWINDOWEVENT END Event UpdatesDeploymentAgent 4/2/2020 5:00:00 AM 1356 (0x054C)
      No current service window available to run updates assignment with time required = 1 UpdatesDeploymentAgent 4/2/2020 5:00:00 AM 1356 (0x054C)

    • Hi Husen,

      Sorry for the very late reply. Did you manage to solve this? Required patch deployments do not require the user to be logged on, so that shouldn’t be the problem…

      /Daniel

  3. If a client has an assigned maintenance window, the updates will not install even if the deadline has been reached. However, you can override this behavior in the deployment settings. If you want to control when updates are installed, I would recommend controlling this through maintenance windows and not using deadlines. I will add this as a reference in the post. Thanks!

    /Daniel

LEAVE A REPLY

Please enter your comment!
Please enter your name here