Information Technology Reference
In-Depth Information
window is defined by the start time, end time, and recurrence pattern. In addition, you can
configure the maintenance windows to All Deployments, only Software Updates, or only Task
sequences.
Any reboots caused by a deployment can occur only during a maintenance window.
Therefore, you should configure your software updates maintenance windows to be long
enough to deploy all the appropriate updates to prevent reboots during working hours. Each
maintenance window must be configured for less than 24 hours.
When a device is affected by multiple maintenance windows, the maintenance windows
are cumulative. For example, if a device is in a collection with a maintenance window from
12:00 A.M. to 3:00 A.M. and in a different collection with a maintenance window from
2:00 A.M. to 5:00 A.M., its effective maintenance window would be from 12:00 A.M. to
5:00 A.M.
Maintenance windows only affect deployments that start automatically. If a user starts a
deployment from the application catalog or from the software center, the application will
install, and any required reboots will occur.
Scanning for update compliance
When the initial scan begins on a client, the Software Updates agent submits a request to
the management point to find the WSUS server that the scan will use. After the management
point provides the WSUS server location, the agent enables the Specify Intranet Microsoft
Update Service Location local Group Policy setting located at Computer Configuration
\Administrative Templates\Windows Components\Windows Update and then configures the
policy setting with the URL of the server that is running the software update point.
If you configure Windows Update settings in an Active Directory-based Group Policy
Object (GPO), the Active Directory settings override the local Group Policy settings that the
Software Updates agent configures. Be sure to remove conflicting Group Policy settings from
Active Directory when integrating software updates by using Configuration Manager.
The Software Updates agent then passes a scan request to the Windows Update agent.
The Windows Update agent connects to the WSUS server, retrieves the software updates
metadata, and then performs a local scan on the client. The Windows Update agent sends
the compliance results to the management point by using state messages. The management
point forwards the results to the site server, which then inserts them in the site database.
The process to scan clients for update compliance is as follows:
1.
Per the schedule that you configure, or when you initiate the scan manually, the client
receives machine policy from the Management point. The machine policy config-
ures local Group Policy settings with the name of the software update point that the
Windows Update agent should use. The machine policy also provides the schedules for
scanning and reevaluation.
The compliance scan initiates on the client. The Windows Update agent on the client
connects to the WSUS server, retrieves the software update metadata, and initiates the
2.
