SCCM ADR – Automatic Deployment Rules

System Center Logo

SCCM ADR (short for Automatic Deployment Rules) were introduced with ConfigMgr 2012 to fill a gap in the updates deployment process that existed since SCCM 2007 as by then there was no way to automatically download and assign updates, this usually was not a big deal when managing the monthly updates release but the shortcoming were more evident when dealing with components like Forefront Endpoint Protection which definition updates are released multiple times a day, in this article I will use this as the starting point to explain how ADR are configured.

Configure ADR for Forefront Client Protection Definitions

First of all open the ConfigMgr console and navigate to [Software Library] –> [Software Updates] –> [Automatic Deployment Rules] as you will notice by default no ADR is defined

Configure ADR

To create a new ADR simply click on [Automatic Deployment Rules] and select Create Automatic Deployment Rule  which will launch a wizard similar to the one used to deploy updates

Create ADR

In the General page you can specify a name for the new ADR, if the ADR should use an updates deployment template (that needs to be created beforehand) and finally if SCCM should use an existing or new update group

ADR General Page

[su_note note_color=”#ffff96″ text_color=”#000000″ radius=”5″]Note: When you chose to use a New Software Update Group a new group is created each time the ADR is evaluated this option is better suited for Patch Tuesday deployment scenarios, on the other hand if you chose to use an existing group a new one is created the first time the ADR is evaluated and reused for any subsequent re-evaluation which is better suited for frequent updates deployment like when deploying Endpoint Protection definition updates.[/su_note]

In the Deployment Settings page you can define parameters like use of Wake-on-LAN and set the detail level for status messages I left all values to their default

ADR Deployment Settings

In the Software Updates page you can define which updates will be evaluated by the ADR as you can see I’ve specified Definition updates as the Update Classification  and filtered by updates not superseded so I am sure to always deploy the latest version of the definitions clicking on the preview button you can make review the list of updates returned by the filter

ADR Software Updaes

ADR preview Updates

In the Evaluation Schedule you can specify how often the ADR will be evaluated as here we’re deploying Definition updates I’ve set it to run every 4 hours of course in a production environment ADR evaluation is generally speaking run after the SUP Synchronization

ADR Evaluation Schedule

In the Deployment Schedule I’ve used the option As soon as possible both for updates availability and their deployment generally speaking in a production environment you should allow enough time for content to be available to all distribution points so the availability should be something around 2 hours

ADR Deployment Schedule

[su_note note_color=”#ffff96″ text_color=”#000000″ radius=”5″]Note: In a production environment it is considered a best practice to select Time based on UTC in the Schedule Evaluation section so to allow all clients in the hierarchy to install updates at the same time. Note howewer that software updates deadlines are randomized over a 2 hour period to prevent all clients to request the update concurrently.[/su_note]

In the User Experience, Alerts and Download Settings I’ve just accepted the defaults so just skim through those pages clicking on next, in the Deployment Package page I have chosen the option to create a new deployment package (you can use an existing one if that has been configured)

ADR Deployment Package

Remaining pages are identical to the ones that used for Software Updates Deployment so I will not go through them once again as you can refer to my previous article.

In the Summary page review chosen settings and make any change as appropriate eventually saving the updates deployment definition as a Template for future deployments that need identical settings

ADR Summary

Navigating back to the [Software Update Groups] node you will find the newly defined ADR group for Definitions updates which was created by the ADR engine

Software Update Group

You can monitor ADR activities through the ruleengine.log file which, as the rest of the logs, is located under <install path>Microsoft Configuration ManagerLogs

[su_note note_color=”#ffff96″ text_color=”#000000″ radius=”5″]Note: While writing this article I have set ADR to run every 4 hours it has to be kept in mind that ADR assess software updates metadata using what’s in the ConfigMgr database, in other words if metadata is not up to date ADR will be assessing rules against stale data. Generally speaking you should set ADR evaluation frequency to no less than the WSUS synchronization so assuming the process run every 24 hours also ADR should be set at a similar schedule. [/su_note]

Advertisements

2 thoughts on “SCCM ADR – Automatic Deployment Rules

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s