Deploying Microsoft Hotfixes via the ConfigMgr 2012 App Model

In this example, I will use the new ConfigMgr 2012 application model to deploy the a Microsoft hotfix.  While this is not intended to be a full demo on how to create a script installer for the application model, this will feature a few key components – the installation/uninstallation command lines and then using PowerShell to detect the presence of the hotfix’s installation status.

For the install/uninstall command lines, be certain to NOT call the .wsu installer directly as this will fail with message “Method EnforceApp failed with error 87d01104″ in the AppDiscovery.log file.  Rather, use wusa.exe to trigger the install.  Also, ensure the file name is surrounded by double quotes and the appropriate parameters are added after the quotes.

  • Install – wusa.exe “KB1234567″ /quiet
  • Uninstall – wusa.exe “KB1234567″ /uninstall


For the detection logic (in the Deployment Type), select to use script type “PowerShell” and click edit.  For the script contents, run command

Get-HotFix | Where-Object {$_.HotfixID -eq 'KB1234567'}



And this should be the main components you need to have in place to successfully detect and deploy a hotfix with the ConfigMgr 2012 as an Application!


Written by , Posted .


  1. Mike Gouldthorp

    How do you address when a specific hotfix deployed via the app model in “not applicable” for a given computer? Right now it appears that it simply fails… which is unfortunately when the hotfix is a dependency for another application.

  2. Josip M.

    I got error code that evaluation script is not signed

  3. ThEGr33k

    I know it has been a while since you wrote this, but I hope you might still be able to help?

    I have done as above for a Hotfix install and all looks well in the application settings. The problem I have is that it doesn’t show up in Software Centre as it should. All other applications that should be there are there, just this one.

    Is this an issue you have come across?

Leave a Comment

You must be logged in to post a comment.