How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr

Let’s learn how to create New Software Update Patch Packages using SCCM | Configuration Manager. Most organizations use SCCM to deploy patches to thousands of Windows devices. This guide teaches you the basics of creating and deploying patch packages.

The post below also explains the end-to-end SCCM patching process, which includes infrastructure setup, WSUS + SUP configurations, and Troubleshooting issues.

SCCM Patch Software Update Deployment Process Guide.

Prerequisites – New Software Update Patch Package Using SCCM

The following are the high-level prerequisites that should be in place before you start creating the Software Update Patch Package using SCCM.

Patch My PC

Select Patches & Create Software Update Group

Let’s examine the patch package creation process using a manual method to better understand it. In a future post, we will discuss the Automatic Deployment Rule (ADR).

  • Launch ConfigMgr Admin Console
  • Navigate to \Software Library\Overview\Software Updates\All Software Updates
  • Select one of the patches from the list, as you can see in the below screenshot
  • Right-click on the selected patch and click on Create Software Update Group
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.1
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.1

Create Software Update Group

Let’s check how to create a Software Update Group for patching.

Adaptiva
  • Enter the name of the software update group = “Windows 10 1909 March 2019 Updates”
  • Enter the Description of Software Update Group (SUG)
  • Click on the Create button to finish Software Update Group (SUP)
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.2
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.2

Navigate to \Software Library\Overview\Software Updates\Software Update Groups.

How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.3
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.3

Create a New Software Update Patch Package using SCCM

Let’s get into the meat of this guide. The following steps help you create a New Software Update patch package using Configuration Manager.

Starting in version SCCM 1806, deploy software updates to devices without first downloading and distributing content to distribution points. This setting is beneficial when dealing with extremely large updated content.

  • Navigate to \Software Library\Overview\Software Updates\Software Update Groups.
  • Select the Software Update Group, which we created in the above section.
  • Right-click on the Software Update Group and Select DOWNLOAD

NOTE! – If you want to edit existing Software Update Groups? Refer to the following post here https://www.anoopcnair.com/sccm-patches-to-existing-software-update-group/

How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.4
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.4

Continue with the SCCM patching or Software Update package creation process. In this, you define the specific deployment package.

  • Specify a Deployment package from Download Software Update Wizard
  • Create a new Software Update patch package using SCCM
    • Enter the Name of the Software Update Package
      • Windows 10 1909 March 2019 Updates
    • Enter the Description of the Software Update Package
    • Enter the package source path (UNC). You can use the BROWSE button also
      • \CMMEMCM\Sources\Package Source\Patch Packages\Mar 2020
    • Check the box Enable Binary differential replication
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.5
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.5

Specify the Distribution Points for this Software Update patch package

You can specify the Distribution Points for this Software Update patch package so that the client can download the package from the DP.

  • Click on the Add button and select the Distribution Point option.
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.6
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.6

The SCCM Patching should include the distribution of the patching packages.

  • Select the Distribution Point from the list of DPs to host the content of the Software Update Patch Package.
  • Click on the OK button to complete the selection
  • Click on the NEXT button to proceed to continue
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.7
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.7

Now, it’s time to set up SCCM general distribution settings for the SCCM patching or Software update process.

  • Specify the general distribution settings for this package
  • Select Distribution Priority – Medium
  • Specify the behavior that you want to occur when a distribution point is enabled for pre-staged content
    • Automatically download content when packages are assigned to distribution points
  • Click NEXT to continue
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.8
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.8

Automatically download content when packages are assigned to distribution points

Automatically download content when packages are assigned to distribution points, as explained below.

  • Specify the source location for a Software update that you will download
  • Downloaded Software Updates from the internet
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.9
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.9

Specify the updated language for products for the SCCM Patching Guide

Select the Languages you want to Windows Update – Update Language English as part of the SCCM patching or software update process.

How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.10
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.10

MetaData of Software Update Patch Package

Package:
  The software updates will be placed in a new package:
 •    Windows 10 1909 March 2019 Updates
  Content (1):
 •    CMMEMCM.MEMCM.COM
  Distribution Settings
 •    Priority: Medium
 •    Enable for on-demand distribution: Disabled
 •    Prestaged distribution point settings: Automatically download content when packages are assigned to distribution points
 Software updates that will be downloaded from the internet
  2020-03 Cumulative Update for Windows 10 Version 1909 for x64-based Systems (KB4551762)
 Windows Update Language Selection:
  English
 Office 365 Client Update Language Selection:
  English (United States)

Download Updates from the Internet for the SCCM Patch Package

Let’s complete the download of Software Updates to the SCCM server; during this phase, the package

  • Click NEXT, NEXT, & Close (once the download is completed).
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.11
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.11

Logs PatchDownloader.Log to check the Download

The PatchDownloader.log file will give you the details of the download from the %temp% folder on the system on which you are creating the Software Update Patch Package.

Downloading content for ContentID = 16777433,  FileName = Windows10.0-KB4551762-x64.cab.  
Connecting - Adding file range by calling HttpAddRequestHeaders, range string = "Range: bytes=0-" 
Download http://dl.delivery.mp.microsoft.com/filestreamingservice/files/c9fae009-af60-48de-97c9-ca3ce45380fd/public/windows10.0-kb4551762-x64_add22bc4acb20b27873ad9c094bdcab53e759774.cab in progress: 10 percent complete  
Download http://dl.delivery.mp.microsoft.com/filestreamingservice/files/c9fae009-af60-48de-97c9-ca3ce45380fd/public/windows10.0-kb4551762-x64_add22bc4acb20b27873ad9c094bdcab53e759774.cab in progress: 20 percent complete  
Download http://dl.delivery.mp.microsoft.com/filestreamingservice/files/c9fae009-af60-48de-97c9-ca3ce45380fd/public/windows10.0-kb4551762-x64_add22bc4acb20b27873ad9c094bdcab53e759774.cab in progress: 30 percent complete  
.
.
.
Checking machine config
Cert revocation check is disabled so cert revocation list will not be checked.  
To enable cert revocation check use: UpdDwnldCfg.exe /checkrevocation
Verifying file trust C:\Users\anoop.MEMCM\AppData\Local\Temp\CAB5CA3.tmp
File trust C:\Users\anoop.MEMCM\AppData\Local\Temp\CAB5CA3.tmp verified:
Verifying file hash C:\Users\anoop.MEMCM\AppData\Local\Temp\CAB5CA3.tmp 
File hash verified: C:\Users\anoop.MEMCM\AppData\Local\Temp\CAB5CA3.tmp
Successfully moved C:\Users\anoop.MEMCM\AppData\Local\Temp\CAB5CA3.tmp to \CMMEMCM\Sources\Package Source\Patch Packages\Mar 2020\6bb57e44-c2f2-41c3-9a87-d063c9b6ed2b.1\Windows10.0-KB4551762-x64.cab
Renaming \CMMEMCM\Sources\Package Source\Patch Packages\Mar 2020\6bb57e44-c2f2-41c3-9a87-d063c9b6ed2b.1 to \CMMEMCM\Sources\Package Source\Patch Packages\Mar 2020\6bb57e44-c2f2-41c3-9a87-d063c9b6ed2b
Successfully moved \CMMEMCM\Sources\Package Source\Patch Packages\Mar 2020\6bb57e44-c2f2-41c3-9a87-d063c9b6ed2b.1 to \CMMEMCM\Sources\Package Source\Patch Packages\Mar 2020\6bb57e44-c2f2-41c3-9a87-d063c9b6ed2b 

Results – Software Update Package Creation

Let’s see the results of package creation, download, and distribution of the software update patch package.

  • Navigate to \Software Library\Overview\Software Updates\Deployment Packages node.
  • Check and confirm the distribution point status.
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.12
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.12

Deploy SCCM Patch Package to Windows 11 or Windows 10 devices

Now let’s try to deploy a software update patch package to Windows 10 devices in the organization.

  • Navigate to \Software Library\Overview\Software Updates\Software Update Groups
  • Select the Software Update Group which you want to deploy
  • Right-click on the Software Update Group and select Deploy
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.13
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.13

Enter the name of the Deployment from specific general information for this deployment page.

  • Enter the description for the deployment.
  • Select the Collection using the BROWSE button.
  • Click on the Next button.
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.14
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.14

SCCM Patch Deployment Settings – Available | Required

Specify deployment settings for this deployment. Specify if this deployment is available for installation or if it’s required.

From the Type of Deployment section, select the deployment type as Required. Select the Details Level as Only success and error messages.

How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.15
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.15

SCCM Patch Deployment Schedule Options

Need to configure three settings from the schedule page. Select the Schedule evaluation time (Time-based on)- Client Local Time is the default and best option.

Select the Software Available Timeas soon as possible. Select the installation deadline for the Software update patch package—specify the Time as per your requirement.

  • Click on the NEXT button to continue.
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.16
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.16

SCCM Patch Deployment User Experience

Specify the User Experience of Patch deployment from this page. Select the User Visual Experience – Display in Software Center and show all the notifications.

Deadline Behaviour – Select the option as per your requirement. The best option is to keep it as default, as shown in the below picture.

Device Restart Behaviour – Select the option as per your requirement. The best option is to keep it as default, as shown in the below picture.

Write Filter handling for Windows Embedded devices – Keep the default option even though this is not applicable for Windows 10 devices.

Software Update Deployment Reevaluation Behaviour – Select the option as per your requirement. The best option is to keep it as default, as shown in the below picture.

How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.17
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.17

SCCM Patching Guide – Alert Options for the Patch Deployment

Let’s select the alert options for Software update patches using SCCM | Configuration Manager.

Configuration Manager Alerts – It’s not enabled as default. I’m going to keep the same option for patch deployment.

Operational Manager Alerts – It’s not enabled as default. I’m going to keep the same option for patch deployment.

  • Click on the Next button to continue.
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.18
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.18

SCCM Patching Process – Download Options

Let’s select the download options of this patch from the Windows 10 or 11 client device. There are two types of Download options here.

Download the content if the content is NOT available in the local|Current DP.

DO NOT Download the content from neighboring DP because that might create bandwidth issues?

DON NOT download the content from the Site default boundary as well because that might create bandwidth issues?

  • Click on NEXT, NEXT, and CLOSE to complete the Software update patch package deployment using SCCM.
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.19
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.19

MetaData Deployment Information

Let’s find the metadata information of Patch package deployment using SCCM | Configuration Manager.

Updates Targeted:
 •    2020-03 Cumulative Update for Windows 10 Version 1909 for x64-based Systems (KB4551762) 4551762(Article ID)
  General: 
 •    Deployment Name: Windows 10 1909 March 2019 Updates
 •    Collection: All Desktop and Server Clients
  Deployment Settings: 
 •    Send wake-up packets: No
 •    Verbosity Level: Only success and error messages
  Scheduling: 
 •    Deployment schedules will be based on: Client local time
 •    Available to target computers: 3/24/2020 11:01:00 PM
 •    Deadline for software update installation: 3/31/2020 8:45:00 PM
 •    Delayed enforcement on deployment: No
  User Experience: 
 •    User Notifications: Display in Software Center and show all notifications
 •    Install software updates outside the maintenance window when deadline is reached: No
 •    Restart system outside the maintenance window when deadline is reached: Suppressed
 •    If a restart is required it will be: Allowed
 •    Commit changes at deadline or during a maintenance window (requires restarts): Yes
 •    If any update in this deployment requires a system restart, run updates deployment evaluation cycle after restart: No
  Alerts: 
 •    On software update installation error generate a Window Event: No
 •    Disable Window Event while software updates install: No
  Download Settings: 
 •    Computers can retrieve content from remote distribution points: No

Results from the SCCM Patch Deployment Process

Let’s check the Software Center of Windows 10 device to understand the software Update patch deployment behavior using SCCM.

How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.20
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.20

Log Files – Windows 10 or Windows 11

Let’s have a look at WUAHandler.log.

Going to search using WSUS update source.
Synchronous searching started using filter: 'UpdateID = 'b9f38079-d7b9-4519-8435-7a0fe43f511e' AND DeploymentAction = *'…
Successfully completed synchronous searching of updates.
 Update: b9f38079-d7b9-4519-8435-7a0fe43f511e, 200   BundledUpdates: 1
    Update: 6bb57e44-c2f2-41c3-9a87-d063c9b6ed2b, 200   BundledUpdates: 0
Update (Missing): 2020-03 Cumulative Update for Windows 10 Version 1909 for x64-based Systems (KB4551762) (b9f38079-d7b9-4519-8435-7a0fe43f511e, 200)
 Async installation of updates started. 
Installation of updates completed.

The Software Update patch installation using SCCM is completed successfully.

How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.21
How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr -Fig.21

Resources

  • Download software updates – https://docs.microsoft.com/en-us/configmgr/sum/deploy-use/download-software-updates
  • Deploy software updates – https://docs.microsoft.com/en-us/configmgr/sum/deploy-use/deploy-software-updates

We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

5 thoughts on “How to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr”

  1. Hi Anoop,

    I have a service plan to upgrade from win 10 1809 to 1909. I have noticed it takes around 3 to 4 hours for the whole process to complete which to me is too long. I have noticed in my upgrades tab in the service plan, when I click preview I am seeing the en-gb version and en – us. Would this be causing the client to download both as I suppose that’s what would be in the package ?

    Thanks

    Reply
  2. Hi Anoop,

    This Article is very interesting and very much useful Windows Patching.

    Can you please let me know the same steps to follow for Windows Server patches also.

    If Server Patching is different one. Please share me the Article for that.

    Thank You.
    Samarasam M

    Reply
  3. When you perform the deploy for the “All Servers and Computers” collection, the update will only be installed on the stations that require it, right?

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.