I’ll share some of the issues we faced along the way, we already deployed WSUS into our network that pushes Microsoft updates according to your GPO settings on the domain level.
I came across another product, Microsoft System Center Essentials (link), which also includes WSUS technology but adds to that updates of third parties software, how cool is that 
If you have problems installing the management software from a media, go to Microsoft website and download it from there along with SP1 (link). That solved the first problem I faced.
Upon the configuration, it’ll ask you if you want to automatically create a domain policy, you’ll need administrative privileges and then go ahead search for computers and add manually or in a bulk.
One advice, when choosing the server, take care it has enough hard disk space, for all the software updates and deployment packages it needs to store.
Pushing agents to computers, is through the management console, where you select a computer and provide administrator credentials. You can create package from .exe or .msi files.
You can group computers and approve package installation. For msi packages you can provide installation properties, The executable program that interprets packages and installs products is Msiexec.exe. To see the list of parameters, run this on a command prompt window Msiexec, the below should appear.
On a single domain, you can have only one Microsoft System Center, it’ll give you an error if you try to install another System Center on a network already managed by one.
You can force end computers to communicate with the system center to check for updates or software that needs to be downloaded through running this command on end machines.
wuauclt.exe /detectnow
If indeed there is something to be downloaded, the yellow shield will appear next to the time and date, machines may face problems downloading, check this out:
- Windows update service is running
- All antivirus applications are up to date, because if they are not, they will block such activities. Check if windows defender is installed, that was one of the problems that caused download to fail
After the download is complete and according to your global setting the installation should start, to check the time of installation, check your local windows update settings, which can be access through the control panel or on the domain level settings.
This product offers so much more, details about the machines it managing through their agents, it triggers alerts, and generates reports.
But for now, I was really glad to be able to push third party packages silently to end machines and check the status as successful
References:
#1 by MBH on June 16, 2009 - 2:08 PM
We push our 3rd party packages through Kaspersky’s Administration kit. Awesome tool.
#2 by Bloggylife on June 19, 2009 - 8:59 PM
is it for free??
I like this solution, because we discontinued WSUS and we added monitoring to managed devices. Though managing updates through WSUS is so much easier and simpler.
#3 by MBH on June 20, 2009 - 8:42 AM
Our Windows guru did configure WSUS to push the never ending MS packages, and because we have about 400 PCs, many get formatted so they pull updates again.
We use Kaspersky’s Admin Kit to push softwares through the network rather than repackage it to fit MS’s taste.
Kaserpsky’s Admin Kit is not free. It’s part of the corporate antivirus deal.
#4 by Bloggylife on June 20, 2009 - 10:27 AM
MBH, how do you go about formatting PCs? Do you take images or what?
#5 by MBH on June 20, 2009 - 10:52 AM
We use IBM PCs, so they all come with a recovery partition that contains the original OS with its own MS Windows license.
<3 IBM