cm4coc Posted August 25, 2015 Report post Posted August 25, 2015 Our machines all require the pre req patch MS15-079 to be installed first so we can install MS15-093. I create a deployment including MS15-079 and MS15-093. The machines receive MS15-079 which prompts a reboot after installing and then after the reboot MS15-093 is not installed because CM sees it as not required due to the software update scan not being run yet which can take up to a week. So is this normal we have to wait up to a week for the software update scan to run before both patches will be installed? Not very effective or efficient for patches that need to get out ASAP such at MS15-093. Is there a way to force a software update scan after MS15-079 is installed and machine is rebooted? Quote Share this post Link to post Share on other sites More sharing options...
HotdogSCCM Posted August 27, 2015 Report post Posted August 27, 2015 To answer your questions: Is there a way to force a software update scan after MS15-079 is installed and machine is rebooted? Yes. WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000113}" /NOINTERACTIVE However, I wouldn't recommend doing that. I'd personally recommend (and we have done this on ~8k machines, with zero issues): 1) Use PowerShell App Deploy 2) Download all the MSUs you need; Windows 7, Windows 8, IE8, 9, 10, etc. 3) Use the Install-MSUpdates command to install the MSUs: If ($Is64Bit) { Install-MSUpdates -Directory "$dirFiles\Updates\x64\First" Install-MSUpdates -Directory "$dirFiles\Updates\x64\Second" } else { Install-MSUpdates -Directory "$dirFiles\Updates\x86\First" Install-MSUpdates -Directory "$dirFiles\Updates\x86\Second" } Basically, I've placed all of the "Cumulative" update, depending on architecture, into the Updates\<Architecture>\First folder. The MSU will be installed if it's not present. It'll then go onto the next folder, the "Second", and install the MSU for the OOB update there. This ensures they get installed (if needed) in order. You can use App model to determine applicability by utilizing the Get-Hotfix command: Get-HotFix | Where-Object {$_.HotfixID -eq 'KB3087985'} Voila. Package it up, deploy it, and be happy. You could also, if you don't like using PSAppDeploy, just chain together two wusa installs of the individual MSUs depending on architecture/OS/IE revision, but that's a lot of work. Quote Share this post Link to post Share on other sites More sharing options...
cm4coc Posted August 28, 2015 Report post Posted August 28, 2015 Thanks for the suggestion. I'm just going to temporary decrease the interval for software update scans in the client settings to 24 hours so they should both be installed within a day at least that way. Quote Share this post Link to post Share on other sites More sharing options...
