SCCM 2007 – Microsoft Software Updates (part 1)

So, you’re ready to try your hand at SCCM 2007 windows updates eh? As far as I can tell, here are the pro’s / con’s of using SCCM instead of WSUS on it’s own.


  • Very granular targeting
  • Mo’ Betta’ (that’s “better”) reporting
  • Feeling like you’re the master of System Center, and actually using that program you made your boss buy into.


  • No automatic approvals
  • Requires SCCM (for sure an investment / commitment)

That ‘no automatic approvals’ is a big one, and they fixed it for SCCM 2012.

Onwards you say? This post will cover getting your system ready for deploying updates. Part 2 will take you through a deployment.


  1. Configure a Software Update Point.
  2. Synchronize the repository.
  3. Fix your GPO’s.

The Process

Step 1 – The Software Update Point

A software update point is dependent on WSUS being installed and running on ports 8530 and 8531. Step 7 in my post “SCCM 2007 Single-Server Install Process” handles WSUS installation.

  1. First, launch ConfigMgr Console and navigate to Site Systems. Right-click your server then click, “New Roles”.
  2. On the ‘General’ screen enter your server’s FQDN in the boxes then click ‘Next’.
  3.  On the ‘System Role Selection’ screen click ‘Software update point’ and click ‘Next’.
  4. On the ‘Software Update Point’ screen, enter proxy settings if needed or click next.
  5. On the ‘Active software update point settings’ screen check the box. In the ‘Port number’ text box type ‘8530’, then in the ‘SSL Port number’ box type ‘8531’, then click ‘next’.
  6.  On the ‘Synchronization source’  screen choose ‘Synchronize from Microsoft Update’ and ‘Create all WSUS reporting events.”
  7. On the ‘Synchronization Schedule’ screen, choose “Enable synchronization on a schedule”. I choose a 1 day schedule to start.
  8.  On the ‘Update classifications’ screen, choose all updates except Drivers. Drivers through Windows Update have always caused a problem for me personally.
  9. On the ‘Products’ screen choose the products you’re interested in updating, then click “Next”.
  10.  On the ‘Languages’ screen choose the any language editions of the updates that are needed then click ‘Next’.
  11. On the ‘Summary’ screen click ‘Next’.
  12. On the ‘Completion’ page click ‘Finish’. Your software update point is now installed!

Step 2 – Configure the Software Update Client Agent

  1. Navigate to “Client Agents’, then right-click “Software Update Client Agent” and click “Properties”.
  2. In the properties window, check “Enable software updates on clients’. I choose a 1 day schedule to start with.
  3. On the ‘Update Installation’ tab, check, “Enforce all mandatory deployments” then click “OK”.

Step 3 – Synchronize the Repository

    1. Nagivate to Software Updates -> Update Repository, then right-click Update Repository and choose “Run Synchronization”.

    2. On the “Run Update Synchronization” popup, click ‘Yes’.
    3. After a while (10-15mins), your repository should have filled out a bit.

Step 4 – Group Policy Changes

The “SCCM Updates Client” automatically configures the client system to use the SCCM server as it’s WSUS server. If any WSUS configurations are applied through group policy, they will overwrite the SCCM client and the client will fail to check in to the SCCM server. Therefore, make sure to disable any group policies that set the client’s wsus server and\or update install times.
Great, you’re ready to deploy! See part 2 soon.

2 thoughts on “SCCM 2007 – Microsoft Software Updates (part 1)

  1. Pingback: Table of Contents | windowsmasher

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s