How to install software updates using the client-side SDK
One more script from me today. In System Center 2012 Configuration Manager we have deprecated our old COM interface from 2007 (this one here). This has been replaced, along with a few other legacy COM interfaces, with a new set of WMI classes in the appropriately name root\CCM\ClientSDK namespace. This namespace existing on each Configuration Manager client, and can be accessed using standard WMI interfaces (PowerShell, WMIC, WbemTest, VBScript, WinRM, .NET or old school C++). The classes were are interested are the following:
- CCM_SoftwareUpdate (documentation)
- CCM_SoftwareUpdatesManager (documentation)
The method we need to call is under CCM_SoftwareUpdatesManager, the also aptly named InstallUpdates J (documentation). The process is relatively straightforward of a logical WMI point of view:
- Get all instances of CCM_SoftwareUpdate where ComplianceState is 0 (Missing/ciNotPresent)
- Stick the instances in an array (if they aren't already)
- Call InstallUpdates passing the array of missing software updates
That's it! Job done, the client will do the rest of the work. You can check CCM_SoftwareUpdate instances to validate installation progress (or potentially use WMI events – though I haven't bothered to play around with this). I've taken the liberty to create a PowerShell sample script and placed it up on the TechNet Script Center (Note: step 2 in the above has a bit more work to devolve some of the PowerShell variable nicety to keep InstallUpdates and Invoke-WmiMethod happy): https://gallery.technet.microsoft.com/scriptcenter/Install-All-Missing-8ffbd525
Happy security update deployment! ;)
Saud.
Comments
- Anonymous
April 28, 2015
I use this
$query = "SELECT * FROM CCM_SoftwareUpdate WHERE ComplianceState = '0'"
$namespace = "ROOTccmClientSDK"
[System.Management.ManagementObject[]] $MissingUpdates = @(GWMI -ComputerName $server -query "$query" -namespace "$namespace")
[void](GWMI -ComputerName $server -Namespace "$namespace" -Class "CCM_SoftwareUpdatesManager" -List).InstallUpdates($MissingUpdates) - Anonymous
October 23, 2016
Using Invoke-WmiMethod -Class CCM_SoftwareUpdatesManager -Name InstallUpdates is great to feed it a list of missing SCCM updates to be installed. What's missing is the ability to watch GWMI -Class CCM_SoftwareUpdate -NameSpace root\CCM\ClientSDK -List | Select -Expand Properties | Select PercentComplete. This always returns 0 so instead you can watch EvaluationState but why is PercentComplete there? - Anonymous
February 26, 2017
I'm not a scripter but in dealing with PowerShell and SCCM, it appears the PercentComplete property in GWMI -Namespace root\ccm\clientSDK -Class CCM_SoftwareUpdate tracks progress per update. A foreach-Object and Do Until loop might be helpful but I'm not sure in what order SCCM installs missing updates. Unless it is possible CCM client side to install missing updates one by one.