The "Microsoft Update Tool Program (expedited)" simply runs the scan tool and then kick-starts a HW Inventory so that the results of the scan are returned to the SMS server sooner.
So there's two ways (and perhaps more, I'm sure) to approach this: 1) Change your site-wide HW Inventory setting to something like once a day, once every 12 hours, or once every 3 hours, or 2) Use the Microsoft Update Tool Program with the "(expedited)" program option and increase the mandatory frequency that this runs via the Advertisement properties.
Here at Tektronix, we have a very aggressive schedule during "Patch Week" and the following week-end:
1. HW Inventory is changed from once per week to twice per day, running at 4:30am and 4:30pm local time.
2. Since we use query-based Collections, we increase the collection update cycle to every 3 hours starting at 3:00pm.
3. We run the "Microsoft Update Tool Program (expedited)" twice a day at 5am and 5pm local time. (We renamed this to "Audit Scan" to prevent confusion with the actual Microsoft Update package that contains the monthly patches. And yes, you have to name it correctly when you install ITMU. Or create another Package/Program with identical settings but named "Audit Scan".)
4. We run the "Microsoft Updates - Apr'07 Critical Updates" (we call this the "patch bundle") advertisement every 6 hours starting at 4:00pm Thursday of "Patch Week" and becoming mandatory at 10:00pm Thursday of "Patch Week". This gives the Early Adopters a chance to run it between 4pm and 10pm Thursday, during which they are told to reboot their workstation once the patch bundle has completed. After the next "expedited" audit scan occurs, the workstation then falls out of the Collection and they are no longer bothered with reminders and such. We have about a 20% early adopter rate, based on the number of machines that fall out of the Collection on Thursday afternoon.
5. We suppress the reboots of the workstations and servers within the patch bundle. A separate Package/Program and Advertisement causes the reboots of the workstations starting Friday night at 11:00pm and expiring Sunday morning at 10:00am, and runs every 6 hours starting at 10:30pm Friday night.
During non-patch weeks, we reset the schedule as follows:
1. HW Inventory is set to once per week on Tuesday nights at 9:00pm local time.
2. Collection update is set to once per day at 10:00am local time.
3. The "expedited" audit scan runs once every 48 hours, at 5:00am local time.
4. The patch bundle Advertisement is kept active for any machines that get powered up or come back online.
Patching is a game of timing. Once the pieces are put in the proper order, you can get some good information on the compliance rate within your environment.
SMS is not real-time, but with proper scheduling of Advertisements and the use of the "expedited" audit scan, you can get pretty close to real-time results.
BTW, this past week-end we achieved a 91.34% compliance rate (that's scanned, patched, rebooted, and scanned again) on our workstations. We're 100% on the Windows servers. The remaining workstations have been identified and will be dealt with during this week.
And then it all starts over on the 2nd Tuesday of the next month.