# Understanding the Software Update Chain ## Video Guide {% embed url="" %} ## Scenario 1: Configuring Software Update Policy When you first start off with configuration manager and software updates there are always a lot of questions, what options should l use, how do they work and more. ![Software Update Policy](/files/-MbgjAG-4M0mDTNIMGuD) ### Software Update Scan Schedule When does this REALLY Happen * Anytime a NEW software update group is assigned AND machine policy Runs * Anytime a scheduled instance of Software Update Scan Schedule Hits * Anytime a Deployment is completed * Sometimes after a reboot is completed - Depends on assignment configuration * After a servicing stack update ### Schedule Deployment Re-evaluation * This does NOT contact WSUS * Uses the existing locally stored policies in WMI WMI Explorer is a fantastic tool to review the classes that are involved in all of this {% embed url="" %} | What is It | WMI Path | | ----------------------- | ---------------------------------------------------------------------------------- | | Software Update Objects | \MACHINENAME\ROOT\ccm\ClientSDK:CCM\_SoftwareUpdate | | Update Manager | \MACHINENAME\ROOT\ccm\ClientSDK:CCM\_SoftwareUpdatesManager | | Update CI Assignment | \MACHINENAME\ROOT\ccm\Policy\Machine\ActualConfig:CCM\_UpdateCIAssignment | | Maintenance Windows | \MACHINENAME\ROOT\ccm\Policy\Machine\ActualConfig:CCM\_ServiceWindow | | Cient Policy | \MACHINENAME\ROOT\ccm\Policy\Machine\ActualConfig:CCM\_SoftwareUpdatesClientConfig | ### Enable Third Party Updates {% embed url="" %} {% hint style="success" %} When you set this option to **Yes**, it sets the policy for **Allow signed updates for an intranet Microsoft update service location** and installs the signing certificate to the Trusted Publisher store on the client. {% endhint %} ### Delta Updates Explanation from microsoft.com {% embed url="" %} Set this option to **Yes** to allow clients to use delta content files. This setting allows the Windows Update Agent on the device to determine what content is needed and selectively download it. * Before enabling this client setting, ensure Delivery Optimization is configured appropriately for your environment. For more information, see [Windows Delivery Optimization](https://docs.microsoft.com/en-us/mem/configmgr/sum/deploy-use/optimize-windows-10-update-delivery#windows-delivery-optimization) and the [Delivery Optimization client setting](https://docs.microsoft.com/en-us/mem/configmgr/core/clients/deploy/about-client-settings#delivery-optimization). * This client setting replaces **Enable installation of Express installation files on clients**. Set this option to **Yes** to allow clients to use express installation files. For more information, see [Manage Express installation files for Windows 10 updates](https://docs.microsoft.com/en-us/mem/configmgr/sum/deploy-use/manage-express-installation-files-for-windows-10-updates). * When this option is set, delta download is used for all Windows update installation files, not just express installation files. When using a CMG for content storage, the content for third-party updates won't download to clients if the **Download delta content when available** client setting is enabled. Deltaldownload.log - is the log file that tracks this behavior ### Maintenance Windows The feature, that used to be a bug - ish. {% embed url="" %} When you set this option to **Yes**, and the client has at least one "Software Update" maintenance window defined, software updates will install during an "All deployments" maintenance window. By default, this setting is set to **No**. This value uses the same behavior as before: **if both types exist, it ignores the window.** ## Scenario 2: Maintenance Windows ### Types of Windows | Value | Type | | ----- | -------------------------------- | | 1 | All Deployment Service Window | | 2 | Program Service Window | | 3 | Reboot Required Service Window | | 4 | Software Update Service Window | | 5 | Task Sequences Service Window | | 6 | Corresponds to non-working hours | ### How To Schedule a Maintenance Window ![](/files/-MbgrduAamEDkLlMk4lA) ### Finding Maintenance Windows in ConfigMgr ```sql SELECT sw.Name AS [MW Name], Sw.CollectionID, sw.Description, sw.StartTime, sw.Duration AS 'Duration Minutes', sw.IsEnabled AS 'MW Enabled', sys.Name0 AS ServerName, sys.Resource_Domain_OR_Workgr0, sys.Operating_System_Name_and0 AS OperatingSystem FROM dbo.v_ServiceWindow AS sw INNER JOIN dbo.v_FullCollectionMembership AS fcm ON sw.CollectionID = fcm.CollectionID INNER JOIN dbo.v_R_System sys ON fcm.ResourceID = sys.ResourceID WHERE (sys.Name0 = 'DEMO6') ORDER BY [MW Name], sys.Name0 ``` ### The not really maintenance window Business hours, and clients. {% embed url="" %} ### Log File on the Client {% embed url="" %} {% embed url="" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://learn.patchmypc.com/deep-dives/understanding-the-software-update-chain.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.