Share This Post

SCCM Maintenance Windows and Software Updates

SCCM has made huge changes and improvements with software update delivery/installation as well as the introduction of very much needed functionality with service windows.

However, there are some "gotchas" for maintenance windows that you should be made aware of.

With regular software deployments, the maximum runtime value is used to determine if the program will be run within a given maintenance window. For software updates, there is no opportunity to input this data. Instead, SCCM has defaulted to a runtime of 35 minutes per software update (75 for each service pack). When the update deployment routine runs, it requires a maintenance window of at least 35 minutes in order to deploy the updates.

Another gotcha is users that configure their own update installation schedule via the Configuration Manager control panel applet (on the Updates tab). If the user selects a time that is outside of defined maintenance windows, the updates will NOT be installed. It appears that SCCM just treats this as another schedule item and evaluates it like any other running program (with maintence window exclusions in-tact if excluded by the original advertisement).

Finally, software update deployments that have a grace period of, say two weeks, assigned to computers with a maintenance window between the original advertisement and the mandatory deadline will not install automatically during one of the intervening maintenance periods. The software updates will only be automatically installed once the mandatory deadline has been exceeded (during the next maintenance window). If you have laptop computers, this may prove to be challenging to setup correctly and to establish end-user expectations. For example, if the mandatory period is set for Thursday night at midnight (during a maintenance window), if a computer is on, it will be patched and rebooted. If the computer was off during the maintenance period but comes on the following morning, one of two things will happen. If the exclusion to only run during maintenance windows is enabled, the laptop will not get the updates. If the exclusion is to run anytime after the mandatory date is reached, the computer will get the patches and potentially reboot (if that exclusion is also enabled).

Share This Post

Leave a Reply