Streamlining Software Updates: Automated Deployment of Necessary Upgrades via SCCM
In a bid to streamline the process of deploying missed WSUS updates in SCCM (System Center Configuration Manager) environments, a structured approach combining reporting, alerting, and automated deployment can be employed. Here's a step-by-step guide on how to achieve this.
Step 1: Identify missed WSUS updates via SQL Reporting in SCCM
Use SCCM's SQL Server Reporting Services (SSRS) to create or customize reports that query the SCCM database for clients that missed specific WSUS updates. These queries focus on updates that are approved on WSUS but not installed or failed on clients.
Step 2: Generate and format HTML Email Reports from SQL data
Export the SQL report results into HTML format for better readability. Automate report generation using SQL Server Agent jobs or SCCM report subscriptions scheduled to run periodically. Format the report within SSRS by designing it in HTML or via scripts that convert query output to a well-structured HTML email.
Step 3: Leverage SCCM Report to Array for processing reports programmatically
SCCM allows reports to be run programmatically and the results fetched into arrays or data structures in PowerShell or other scripting environments. Use PowerShell scripts to run SCCM reports via SCCM cmdlets or web service APIs, parse the report data into arrays, and programmatically determine which systems have missing updates.
Step 4: Automate email notifications using SCCM’s HTML Email function
Integrate the HTML report with SCCM’s built-in email notification capabilities or use PowerShell’s cmdlet with the HTML body. Schedule email alerts for sysadmins or stakeholders highlighting which computers have missing updates and require patch deployment. Customize automated emails to include actionable information and links to detailed reports.
Step 5: Automate deployment of the missed WSUS updates via SCCM
Based on the report output, dynamically create and deploy SCCM Software Update Groups (SUGs) targeting the noncompliant collections or devices. Use SCCM PowerShell cmdlets (, , ) to script this process so missed updates are automatically grouped and pushed. Optionally, integrate approval workflows and maintenance windows to ensure proper deployment timing.
Summary Workflow Example:
- Run SQL report query via SCCM or SQL Server Agent to detect missed WSUS updates.
- Export report results as HTML.
- Use PowerShell script to query SCCM reports into arrays, process data for missing updates.
- Send automated HTML email notifications with update compliance summaries.
- Trigger PowerShell script using SCCM cmdlets to create update groups and deploy needed updates automatically.
Additional Notes:
- Ensure WSUS and SCCM synchronization is up-to-date to maintain accurate update compliance data.
- Maintain security by using HTTPS for WSUS communication and follow Microsoft guidelines on proxy and update policies.
- Use SCCM reporting features aligned with your organization's patch policies and schedules for automation.
This approach automates update detection, reporting, notification, and deployment in an end-to-end cycle using SCCM’s reporting, scripting, and deployment capabilities combined with SQL and HTML email formatting. The HTML Email Report and SCCM Report to Array functions can help automate the detection of these updates and re-inject them into the proper Software Update Groups. The same parameters chosen in the GUI can be used in the automation process. The user can choose the report to target in the automation process. For this example, the results are also emailed out using the HTML Email Function. The my SQL to Array function stores report results as an array. The automatically injected results can be passed into the next phase. The goal is to automate the process of detecting required WSUS updates and re-injecting them into the appropriate Software Update Groups. A built-in SCCM SQL report can indicate which WSUS software updates are required but not deployed in an environment.
Data-and-cloud-computing technology plays a significant role in this approach by leveraging SCCM's SQL Server Reporting Services (SSRS) for creating and customizing reports, automating report generation using SQL Server Agent jobs or SCCM report subscriptions, and using PowerShell scripts to run SCCM reports and parse report data. Furthermore, the HTML format of the reports is employed for better readability and to integrate with SCCM's built-in email notification capabilities.
