:::: MENU ::::
Monthly Archives: June 2017

Windows Updates Classification


Service Packs

A service pack is a periodic update that corrects problems in one version of a product. In addition to correcting known problems, service packs provide tools, drivers, and updates that extend product functionality, including enhancements developed after the product was released.



Updates are code fixes for products that are provided to individual customers when those customers experience critical problems for which no feasible workaround is available.


Security Updates

Security updates address security vulnerabilities. Attackers wanting to break into systems can exploit such vulnerabilities. Security updates are analogous to updates, but should be considered mandatory, and they must be deployed quickly.




Critical updates Broadly released fixes for specific problems addressing critical, non-security related bugs.
Definition updates Updates to virus or other definition files.
Drivers Software components designed to support new hardware.
Feature packs New feature releases, usually rolled into products at the next release.
Security updates Broadly released fixes for specific products, addressing security issues.
Service packs Cumulative sets of all hotfixes, security updates, critical updates, and updates created since the release of the product. Service packs might also contain a limited number of customer-requested design changes or features.
Tools Utilities or features that aid in accomplishing a task or set of tasks.
Update rollups Cumulative set of hotfixes, security updates, critical updates, and updates packaged together for easy deployment. A rollup generally targets a specific area, such as security, or a specific component, such as Internet Information Services (IIS).
Updates Broadly released fixes for specific problems addressing non-critical, non-security related bugs.


Configuration Manager Action cycles

Action tab has different Action cycles that will run automatically as per schedule mentioned in SCCM server.

  • Application Deployment Evaluation Cycle: This cycle will check new application deployment polices available to client computer & start installation as per schedule.
  • Data Discovery Collection Cycle: It generates a new discovery data record (DDR). When the DDR is processed by the site server, Discovery Data Manager adds or updates resource information from the DDR in the site database.
  • File Collection Cycle: When a file is specified for collection, the Microsoft System Center Configuration Manager software inventory agent searches for that file when it runs a software inventory scan on each client in the site. If the software inventory client agent finds a file that should be collected, the file is attached to the inventory file and sent to the site server. This action differs from software inventory in that it actually sends the file to the site server, so that it can be later viewed using Resource Explorer. This is a part of SCCM inventory functionality.
  • Hardware Inventory Cycle: Collects information such as available disk space, processor type, and operating system about each computer. This is a part of SCCM inventory functionality.
  • Machine Policy Retrieval & Evaluation Cycle: The client downloads its policy on a schedule. By default, this value is configured to every 60 minutes and is configured with the option Policy polling interval (minutes).
  • Software Inventory Cycle: Collects software inventory data directly from files (such as .exe files) by inventorying the file header information. SCCM can also inventory unknown files — files that do not have detailed information in their file headers. This provides a flexible, easy-to-maintain software inventory method. Software inventory and collected file information for a client can be viewed using Resource Explorer. This is a part of SCCM inventory functionality.
  • Software Metering Usage Report Cycle: collects the data that allows you to monitor and client software usage.
  • User Policy Retrieval & Evaluation Cycle: Similar to Machine Policy Retrieval & Evaluation Cycle, it will initiate user policies.
  • Windows Installer Source List update Cycle: causes the Product Source Update Manager to complete a full update cycle. When you install an application using Windows Installer, those Windows Installer applications try to return to the path they were installed from when they need to install new components, repair the application, or update the application. This location is called the Windows Installer source location. Windows Installer Source Location Manager can automatically search SCCM distribution points for the source files, even if the application was not originally installed from a distribution point.




About SCEP

SCCM and SCEP Agent License are different .so we have to buy additionally if we like to implement SCEP.

Here we have 2 separate behavior based on OS

For Windows 7 Machines:— You will be able to see as SCEP (System Center Endpoint Protection) as separate agent along with SCCM Client. For installing the SCEP.. You don’t required to push any mechanism.. When you install the SCCM Client, SCEP agent will get auto installed ( Of course assuming you have enabled SCEP) ..For Frequent SCEP client upgrade you have to Deploy with normal patching mechanism or S/W


For Windows 10:—- You won’t be see separate SCEP agent. In windows 10 you can able to see windows Defender (which is comes default with OS). When you install the SCCM Client SCEP will take your Windows Defender with customized policy. For Frequent SCEP client upgrade you have to Deploy with normal patching mechanism or S/W.


As recommends Microsoft, Please create ADR for Definition updates for deploying with Custom policy.