The Automatic Deployment Rules is a very nice feature which allows administrators to distribute updates automatically according to their policies.
Most of the time two rules are created:
- A rule that runs daily for System Center Endpoint Protection 2012 definition updates
- A rule that runs once a month after Patch Tuesday
On a regular basis I notice that many companies download all available updates.
Many of those are not required by any machines, SCCM 2012 is able to check how many machines require a specific update.
Basically this is a waste of time, bandwidth consumption and disk space.
Fortunately, it is possible not to include any update that is not required.
During the creation of the Automatic Deployment Rule, it is possible to choose the property filter ‘Required’.
In the screenshot below the criteria has been set that the update should be downloaded and deployment if at least 1 machine requires it.
The other search criteria are pretty common, notice that the date released has not been set. In the rare circumstance that a very old update is required it will still be downloaded and deployed.
The effects on this are very minimal, this rule is scheduled to run once per month (in this example every second Friday of the month).
This rule is very simple and straightforward. Depending on your organization the criteria might change but the Required option only downloads the needed updates.
NOTE: Offline Servicing of updates will also run much shorter since this feature only attempts to insert updates which have been downloaded