Install Software Updates - Configuration Manager (2023)

  • Article
  • 7 minutes to read

Applies to: Configuration Manager (current branch)

The Install Software Updates step is commonly used in Configuration Manager task sequences. When installing or updating the OS, it triggers the software updates components to scan for and deploy updates. This step can cause challenges for some customers, such as long timeout delays or missed updates. Use the information in this article to help mitigate common issues with this step, and for better troubleshooting when things go wrong.

For more information on the step, see Install Software Updates


To help this process be successful, use the following recommendations:

  • Use offline servicing
  • Single index
  • Reduce image size

Use offline servicing

Use Configuration Manager to regularly install applicable software updates to your image files. This practice then reduces the number of updates that you need to install during the task sequence.

For more information, see Apply software updates to an image.

(Video) SCCM Updates stuck at installing status

Single index

Many image files include multiple indexes, such as for different editions of Windows. Reduce the image file to a single index that you require. This practice reduces the amount of time to apply software updates to the image. It also enables the next recommendation to reduce the image size.

Automate this process when you add an OS image to the site. For more information, see Add an OS image.

Reduce image size

When you apply software updates to the image, optimize the output by removing any superseded updates. Use the DISM command-line tool, for example:

dism /Mount-Image /ImageFile:C:\Data\install.wim /MountDir:C:\Mountdirdism /Image:C:\Mountdir /Cleanup-Image /StartComponentCleanup /ResetBasedism /Unmount-Image /MountDir:C:\Mountdir /Commit 

There's an option to automate this process. For more information, see Optimized image servicing.

Image engineering decisions

When you design your imaging process, there are several options that can affect the installation of software updates:

  • Periodically recapture the image
  • Use offline servicing
  • Use default image only

Periodically recapture the image

You have an automated process to capture a custom OS image on a regular schedule. This capture task sequence installs the latest software updates. These updates can include cumulative, non-cumulative, and other critical updates such as servicing stack updates (SSU). The deployment task sequence installs any other updates since capture.

For more information on this process, see Create a task sequence to capture an OS.

Advantages: recapture image

  • Fewer updates to apply at deployment time per client, which saves time and bandwidth during deployment
  • Fewer updates to worry about causing restarts
  • Customized image for the organization
  • Fewer variables at deployment time

Disadvantages: recapture image

  • Time to create and capture image, even though it's mostly automated
  • Increased time to distribute the image to distribution points, which can be seen as outage for active deployments
  • Time to test through pre-production environments may be longer than OS patch cycle, which can make the updated image irrelevant

Use offline servicing

Schedule Configuration Manager to apply software updates to your images.

(Video) SCCM 2012- WSUS and Software update point configure Part- 20

For more information, see Apply software updates to an image.

Advantages: offline servicing

  • Fewer updates to apply at deployment time per client, which saves time and bandwidth during deployment
  • Fewer updates to worry about causing restarts
  • You can schedule the servicing process at the site

Disadvantages: offline servicing

  • Manual selection of updates
  • Increased time to distribute the image to distribution points
  • Only supports CBS-based updates. It can't apply Microsoft 365 Apps updates


You can automate the selection of software updates using PowerShell. Use the Get-CMSoftwareUpdate cmdlet to get a list of updates. Then use the New-CMOperatingSystemImageUpdateSchedule cmdlet to create the offline servicing schedule. The following example shows one method to automate this action:

# Get the OS image$Win10Image = Get-CMOperatingSystemImage -Name "Windows 10 Enterprise"# Get the latest cumulative update for Windows 10 1809$OSBuild = "1809"$LatestUpdate = Get-CMSoftwareUpdate -Fast | Where {$_.LocalizedDisplayName -Like "*Cumulative Update for Windows 10 Version $OSBuild for x64*" -and $_.LocalizedDisplayName -notlike "*Dynamic*"} | Sort-Object ArticleID -Descending | Select -First 1Write-Host "Latest update for Windows 10 build" $OSBuild "is" $LatestUpdate.LocalizedDisplayName# Create a new update schedule to apply the latest updateNew-CMOperatingSystemImageUpdateSchedule -Name $Win10Image.Name -SoftwareUpdate $LatestUpdate -RunNow -ContinueOnError $True

Use default image only

Use the default Windows install.wim image file in your deployment task sequences.

Advantages: default image

  • A known good source, which reduces the risk of image corruption as a possible issue
  • Eliminates modifications to image as a possible issue

Disadvantages: default image

  • Potential for high volume of updates during the deployment
  • Increased deployment time for every device
  • May not have needed customizations, requires other task sequence steps to customize


This flowchart diagram shows the process when you include the Install Software Updates step in a task sequence.

View the diagram at full size

Install Software Updates - Configuration Manager (1)

(Video) SCCM Software Updates Tutorial

  1. Process starts on the client: A task sequence running on a client includes the Install Software updates step.
  2. Compile and evaluate policies: The client compiles all software update policies into WMI RequestedConfigs namespace. (CIAgent.log)
  3. Is this instance the first time it's called?
    1. Yes: Go to Full scan
    2. No: Is the step configured with the option to Evaluate software updates from cached scan results?
      1. Yes: Go to Scan from cached results
      2. No: Go to Full scan
  4. Scan process: either a full scan or scan from cached results, with monitoring process in parallel.
    1. Full scan: The task sequence engine calls the software update agent via Update Scan API to do a full scan. (WUAHandler.log, ScanAgent.log)
      1. SUM agent scan - full: Normal scan process via Windows Update Agent (WUA), which communicates with software update point running WSUS. It adds any applicable updates to the local update store. (WindowsUpdate.log, UpdateStore.log)
    2. Scan from cached results: The task sequence engine calls the software update agent via Update Scan API to scan against cached metadata. (WUAHandler.log, ScanAgent.log)
      1. SUM agent scan - cached: The Windows Update Agent (WUA) checks against updates already cached in the local update store. (WindowsUpdate.log, UpdateStore.log)
    3. Start scan timer: The task sequence engine starts a timer and waits. (This process happens in parallel with either the full scan or scan from cached results process.)
      1. Monitoring: The task sequence engine monitors the SUM agent for status.
      2. What's the response from the SUM agent?
        • In progress: Has the timer reached the value in task sequence variable SMSTSSoftwareUpdateScanTimeout? (Default 1 hour)
          • Yes: The step fails.
          • No: Go to Monitoring
        • Failed: The step fails.
        • Complete: Go to Enumerate update list
  5. Enumerate update list: The SUM agent enumerates the list of updates returned by the scan, determining which are available or mandatory.
  6. Are there any updates in the list of scan results?
    • Yes: Go to Install updates
    • No: Nothing to install, the step successfully completes.
  7. Deployment process: The install updates process happens in parallel with the deployment monitoring process.
    1. Install updates: The task sequence engine calls the SUM agent via Update Deployment API to install all available or only mandatory updates. This behavior is based on the configuration of the step, whether you select Required for installation - Mandatory software updates only or Available for installation - All software updates. You can also specify this behavior using the SMSInstallUpdateTarget variable.
      1. SUM agent install: Normal install process using existing cached list of updates, with standard content download. Install update via Windows Update Agent (WUA). (UpdatesDeployment.log, UpdatesHandler.log, WuaHandler.log, WindowsUpdate.log)
    2. Start deployment timer and show progress: The task sequence engine starts an installation timer, shows subprogress at 10% intervals in TS Progress UI, and waits.
      1. Monitoring: The task sequence engine polls the SUM agent for status.
      2. What's the response from the SUM agent?
        • In progress: Has the installation process been inactive for 8 hours?
          • Yes: The step fails.
          • No: Go to Monitoring
        • Failed: The step fails.
        • Complete: Go to Is the step configured with the option to Evaluate software updates from cached scan results?


The diagram includes two of the timeout variables that apply to this step. There are other standard timers from other components that can affect this process.

  • Update scan timeout: One hour (smsts.log)
  • Location request timeout: One hour (LocationServices.log, CAS.log)
  • Content download timeout: One hour (DTS.log)
  • Inactive distribution point timeout: One hour (LocationServices.log, CAS.log)
  • Total install inactive timeout: Eight hours (smsts.log)


Use the following resources and additional information to help you troubleshoot issues with this step:

  • Make sure to target your software update deployments to the same collection as the task sequence deployment.

  • Make sure to include software update points in boundary groups. For more information, see Configuration Manager clients don't get software updates.

  • To help you troubleshoot the software update management process, see Troubleshoot software update management in Configuration Manager.

  • To help improve overall performance, reduce the size of the software update catalog. For example:

    • Remove unnecessary classifications, products, and languages. For more information, see Configure classifications and products to synchronize.

    • Reindex the site database and rebuild statistics. For more information, see the FAQ for site sizing and performance.

      (Video) Installing ConfigMgr Update Packages

    • Decline unnecessary updates, for example:

      • Superseded.


        Configuration Manager does this action for you. For more information, see WSUS cleanup behavior.

      • Itanium

      • Beta

      • Version Next

        (Video) How to Deploy Software Updates Using Microsoft SCCM (ADRs, Update Groups, and More)

      • ARM

      • Versions of Windows you aren't deploying


How do I add Software Updates to SCCM? ›

In the Configuration Manager console, select Software Library. In the Software Library workspace, expand Software Updates, and then select All Software Updates. Select the software updates to be added to the new software update group.

How to deploy Windows 10 updates with SCCM? ›

In the Configuration Manager console, click Software Library. In the Software Library workspace, expand Windows 10 Servicing, and click All Windows 10 Updates. Choose the feature update(s) to deploy by using your saved search criteria. Select one or more of the feature updates returned, right click, and select Deploy.

What is software update management in SCCM? ›

Software updates in Configuration Manager provides a set of tools and resources that can help manage the complex task of tracking and applying software updates to client computers in the enterprise.

How do I install updates manually? ›

Select Start > Control Panel > Security > Security Center > Windows Update in Windows Security Center. Select View Available Updates in the Windows Update window. The system will automatically check if there's any update that need to be installed, and display the updates that can be installed onto your computer.

What is the difference between SCCM and WSUS? ›

WSUS can meet the needs of a Windows-only network at the most basic level, while SCCM offers an expanded array of tools for more control over patch deployment and endpoint visibility. SCCM also offers pathways for patching alternate OS and third party applications, but on the whole, it still leaves much to be desired.

How do I set third party updates in SCCM? ›

Subscribe to a third-party catalog and sync updates

In the Configuration Manager console, go to the Software Library workspace. Expand Software Updates and select the Third-Party Software Update Catalogs node. Select the catalog to subscribe and then select Subscribe to Catalog in the ribbon.

How do I force a software update? ›

The best way to force an Android update is to go to Settings > Software update > Download and install.

How do I enable updates for SCCM in Office 365? ›

In the Configuration Manager console, go to Administration > Overview > Client Settings. Open the client settings, choose Software Updates and select Yes for the Enable management of the Office 365 Client Agent setting.

How to deploy software using SCCM? ›

In the Configuration Manager console, go to the Software Library workspace, expand Application Management, and select either the Applications or Application Groups node. Select an application or application group from the list to deploy. In the ribbon, select Deploy.

What is the difference between SCCM and MECM? ›

While both tools have their advantages, the SCCM is more flexible, offering more tools. It is also more secure, which is crucial for larger enterprises. Despite its many features, SCCM still is the better option for small businesses. For larger organizations, SCCM is the best option.

What is SCCM and how is it used? ›

Microsoft System Center Configuration Manager (SCCM) is a Windows product that enables the management, deployment and security of devices and applications across an enterprise. Amongst other potential uses, administrators will commonly use SCCM for endpoint protection, patch management and software distribution.

What is software update management? ›

Software Update Management System (SUMS) means a systematic approach defining organizational processes and procedures to comply with the requirements for delivery of software updates according to this Regulation.

How do I force Windows 10 to install updates? ›

If you want to install the update now, select Start > Settings > Update & Security > Windows Update , and then select Check for updates. If updates are available, install them.

How do I fix updates not installed? ›

If the installation remains stuck at the same percentage, try checking for updates again or running the Windows Update Troubleshooter . To check for updates, select Start > Settings > Update & Security > Windows Update > Check for updates.

Is WSUS still necessary? ›

WSUS is still fully supported and many companies rely on it. WSUS helps maintain order: Instead of having all the Windows clients go to the internet and download the updates, you have one or more WSUS servers that centralize the job and give you control on which updates to release to the clients.

Do you have to pay for SCCM? ›

SCCM can cost anywhere from $1M over three years for a typical 5,000 endpoint deployment and up to $14M a year for 200,000 endpoints according to IBM. This greatly outweighs the initial cost of an SCCM license, which costs $1,323 or is even included in Microsoft Software Assurance licensing.

Can SCCM and WSUS coexist? ›

An interesting thing about WSUS is that this service works in tandem with SCCM (System Center Configuration Manager) to deploy, import, and install third-party security updates.

How do I get SCCM client to check for updates? ›

In the Configuration Manager console, navigate to Monitoring > Overview > Deployments. Click the software update group or software update for which you want to monitor the deployment status. On the Home tab, in the Deployment group, click View Status.

Can SCCM update firmware? ›

Starting in Microsoft System Center Configuration Manager version 1710, you can synchronize and deploy Microsoft Surface firmware and driver updates directly through the Configuration Manager client.

What is third party application patching? ›

Third-party patching (patch management) is the process of installing patches to third-party applications, that are installed on your company's endpoints, to address bugs or vulnerabilities in the software. Third-party patching is critical for the security of your organization that prevents data breaches.

Why is my system update not updating? ›

Sometimes software glitches or background apps can prevent your phone from installing software updates. Restarting your phone should help clear the local cache memory and resolve any temporary hiccups. So, if the problem persists, you can reboot your phone and then try to install the update one more time.

Is there a way to force Windows updates? ›

Follow the steps below to force Windows update with the command line: Type cmd in the search box, choose Run as administrator, and click Yes to continue. Type wuauclt.exe /updatenow and hit Enter. This command will force Windows Update to check for updates and start downloading.

How do I know if SCCM is enabled? ›

Go to Control Panel and select Configuration Manager. If the Configuration Manager item is not there, the SCCM client may not be installed. You can confirm by checking whether C:\Windows\CCM exists. If it is missing, there is no SCCM client installed.

Does SCCM use Windows Update service? ›

Windows Update – Basically for consumers. Windows Server Update Services (WSUS) – Centralized patch management application built in to Windows Server. System Center Configuration Manager (SCCM) aka “ConfigMgr” – Includes patching along with everything else ConfigMgr does. Interestingly, SCCM uses WSUS.

How does SCCM download updates? ›

In the Configuration Manager console, go to the Software Library workspace, and select the Software Updates node. Choose the software update to download by using one of the following methods: Select one or more software update groups from the Software Update Groups node. Then click Download in the ribbon.

Can you install a software from SCCM? ›

Software and updates can be remotely and silently installed on target location. SCCM is a popular deployment tool among enterprises, not only because it has a user-friendly interface, but also because deploy software with SCCM is quite easy.

How do I install an application using SCCM? ›

In the Configuration Manager console, go to the Assets and Compliance workspace, and select the Devices node. Select the target device, and then select the Install application action in the ribbon. Starting in version 2111, select the Install Application Group action for an app group.

How to install exe via SCCM? ›

In SCCM, navigate to Software Library>Overview>Application Management>Applications and click on Create Application. We will be choosing Manually specify the application information and click Next. Enter in the application details and click Next. Enter in any details to display in Software Center and click Next.

Is SCCM outdated? ›

SCCM version 2103 will go end of life on October 5, 2022. To ensure your SCCM version is fully supported it is advised to update to version 2107 or higher.

Is SCCM the same as Configuration Manager? ›

Microsoft Endpoint Configuration Manager, formerly known as System Center Configuration Manager (SCCM), is a Windows-centric endpoint management tool for devices within an Active Directory domain. Historically deployed on prem on a Windows Server, SCCM can now also be deployed as cloud-hosted within Azure.

When did SCCM become MECM? ›

Get back to basics: What is SCCM? Microsoft released SCCM, also called ConfigMgr in IT circles, in 1994, but its name has changed over time. From 1994 to 2006, it was called Systems Management Server. Microsoft switched the name to System Center Configuration Manager in 2007.

Is it easy to learn SCCM? ›

Mastery of SCCM will make you a go-to pro in your organization. It won't be easy. They don't hand out 'superhero' badges for nothing — but there are lots of places to get trained up. First, try Microsoft Docs, where you'll find a comprehensiveIntroduction to System Center Configuration Manager.

What are the main components of SCCM? ›

The important components of SCCM system configuration included are, Central Administration site, primary site, secondary site, and distribution point.

Can I install SCCM on Windows 10? ›

You can install the SCCM console on Windows 10 or Windows 11 devices and perform all the admin tasks from your local machine. I would recommend using a remote SCCM console rather than the site server console.

What is a configuration management system? ›

A Configuration management system allows the enterprise to define settings in a consistent manner, then to build and maintain them according to the established baselines. A configuration management plan should include a number of tools that: Enable classification and management of systems in groups.

Why is update management important? ›

Why do we need patch management? Patch management is important for the following key reasons: Security: Patch management fixes vulnerabilities on your software and applications that are susceptible to cyber-attacks, helping your organization reduce its security risk.

How do updates sync to SCCM? ›

To schedule software updates synchronization

On the Home tab, in the Settings group, expand Configure Site Components, and then click Software Update Point. In the Software Update Point Component Properties dialog box, select Enable synchronization on a schedule, and then specify the synchronization schedule.

How do I enable Windows Update in SCCM? ›

In the SCCM console, click Software Library > Overview > Software Updates. Now click All Software Updates. On the top ribbon click Synchronize Software Updates.

Where does SCCM pull updates from? ›

The clients download the software update content files from a content source to their local cache. Clients on the internet always download content from the Microsoft Update cloud service. The software updates are then available for installation by the client.

How do I enable Windows Update manually? ›

Open Windows Update by swiping in from the right edge of the screen (or, if you're using a mouse, pointing to the lower-right corner of the screen and moving the mouse pointer up), select Settings > Change PC settings > Update and recovery > Windows Update. If you want to check for updates manually, select Check now.


1. Configure Software Update Point in SCCM
(Carson Cloud)
2. ConfigMgr 2012 Software Updates Part II Server Configuration
3. Deploying Windows Software Updates SCCM 2012
(Tech Jacks)
4. ConfigMgr 2012 Software Updates Part IV Client
5. SCCM 2111 Upgrade | Configuration Manager 2111 Upgrade
(Prajwal Desai)
6. Deploy the Configuration Manager Client Agent to Windows Computers in SCCM
(Patch My PC)
Top Articles
Latest Posts
Article information

Author: Domingo Moore

Last Updated: 01/26/2023

Views: 6254

Rating: 4.2 / 5 (53 voted)

Reviews: 84% of readers found this page helpful

Author information

Name: Domingo Moore

Birthday: 1997-05-20

Address: 6485 Kohler Route, Antonioton, VT 77375-0299

Phone: +3213869077934

Job: Sales Analyst

Hobby: Kayaking, Roller skating, Cabaret, Rugby, Homebrewing, Creative writing, amateur radio

Introduction: My name is Domingo Moore, I am a attractive, gorgeous, funny, jolly, spotless, nice, fantastic person who loves writing and wants to share my knowledge and understanding with you.