Windows Security Update Deployment 27
Case Example: Downloading and Installing Security Updates
While many different scenarios can exist when deploying software updates, you can use
this case example as a starting point to understand how you can deploy security updates
to your thin clients. Once you are familiar with the process and requirements, you can
modify this case example as needed for your requirements.
In this case example, we will:
•Use a Software Updates Deployment Package named All Windows Embedded
Standard 7 Updates to store the updates we want (these are the updates that are
made available to Windows WES7 machines in the environment).
• Create a new Deployment Management Task to deploy the new updates.
• Clean up any previous Deployment Management Tasks by removing/deleting any
expired updates referenced in the software package (All Windows Embedded Standard
Step 1: Run Synchronization
1. Expand your Software Updates node in your Configuration Manager.
2. Right-click Update Repository, select Run Synchronization, and then click Yes.
3. You can verify that the synchronization process has completed in the Site Status >
Component Status > SMS_WSUS_SYNC_MANAGER log. Look for Message ID 6702
stating: SMS WSUS Synchronization Done.
Step 2: Select the New Updates Using the Search Folder
1. Select a search folder that contains the patches you want to apply. For example, if you
select a folder named Windows Embedded Standard 7 Patches, you will see the list
of patches available in that folder (on the right).
2. Right-click the search folder (in our example, the folder named Windows Embedded
Standard 7 Patches), and then select Download Software Updates to open the
Deployment Package dialog box.
3. Click Create a New Deployment Package, enter the name All Approved Microsoft
Patches, (Optional) enter a description if desired, enter the package source (for
example: \\Servername\Share) making sure that the share security is set to full control
for everyone so that Configuration Manager can publish the patches to the server
(otherwise the download will fail), select the Enable Binary Differential Replication
option (this option will allow you to update this package next month with the newest
patches and will help save bandwidth when updating the Distribution Points), and then
4. Click Browse, browse to and select your Distribution Point, and then click Next to
open the Distribution Settings dialog box.
5. Set the priority and click Next.
6. Select Download Software Updates from the Internet and click Next.
7. Select the languages that you want to be downloaded, and then click Next to open the
8. Click Next to start the process (you will see a progress page until all patches are
9. When the process is complete and a Confirmation page appears, click Finished.
10., After the success message, you can browse to the package source folder (in our
example, \\Servername\Share) and verify the selected updates have been