How can I deploy missing patches to my Microsoft Systems Management Server (SMS) clients?

A. After you scan your systems to determine missing patches, perform these steps to deploy them:

1. Start the Microsoft Management Console (MMC) SMS Administrator Console snap-in (Start, Programs, Systems Management Server, SMS Administrator Console).
2. Click the Software Updates branch. Doing so displays which patches are missing on your systems as well as how many systems are missing the patch and how many have it installed.
3. Right-click Software Updates and select Distribute Software Updates from the All Tasks context menu.
4. The Distribute Software Updates Wizard will open. Click Next. The wizard asks for the software update type. For OS fixes, the update type is MBSA.
5. Click Next.
6. Select an SMS package. You need to either create a new package or add fixes to an existing patch package. For our example, select New and click Next.
7. Enter a package name. Give it an intuitive name that identifies the package contents (e.g., Windows XP fixes). Click Next.
8. You can customize the notification that users receive (e.g., add the organization name). Click Next.
9. Select the scanning tool you use to inventory your systems (e.g., Software Scanning Tools). Click Next.
10. Select the fixes you want to include in the package, as the figure shows. Click Next.
11. Enter a source location for the fixes. By default, this will be the root of the C drive. You might want to create a patch share and modify the default path, as the figure shows. You can opt to download the fixes automatically, or you can download them manually by selecting "I will download the source files myself." Click Next.
12. You'll see a list of fixes and their ready status. Select each fix in turn and click Properties to view the properties for each fix, as the figure shows. You can see the path where you can download each fix in the Binary Path field. You can cut and paste this download link value to download from another box that does have Internet connectivity. You need to manually add the parameters for the fixes. The Microsoft article "Summary of command-line syntax for software updates in Systems Management Server" lists the available parameters. For most fixes, you can use the /quiet /passive /norestart options, but you can confirm the required parameters on a patch-by-patch basis by opening a command line and entering the patch followed by the /? option, as the following example shows:

    WindowsXP-KB891711-x86-ENU.exe /?
    

    This command displays a list of the patch's options. If you manually download the fixes, you need to place them in the package source folder (e.g., E:\patchsource\mbsa - windows xp fixes\windows xp sp1\1033).
13. After you add the parameters to all the fixes, and they're marked Ready, as the figure shows, click Next.
14. The wizard displays a list of distribution points. Select the distribution points you want to deploy the fixes to and click Next.
15. Specify the actions that the installation agent should take after installing the updates. (For example, Select "Collect client inventory immediately," if you want to send up-to-date information back to the SMS server as quickly as possible.) You can also choose how to handle system restarts (e.g., let the user postpone restarting until a convenient time). Click Next.
16. Select Countdown options for how much time users have before execution begins and how long the patch execution can run (e.g., after 30 minutes, assume execution has failed and give up). Click Next.
17. Select whether to notify users about the patch activity (for Advanced clients only) and whether to let users postpone the installation. If you previously selected the option to make the installation unattended, you can't chose to set a maximum postponement time. Click Next.
18. Select whether to automatically create an advertisement for the new patch package, and if so, select a collection to target (e.g., all Windows XP Systems) and click Next.
19. Click Finish.