For how long we was waiting for this feature? 🙂
First, let’s take a look back: In SCCM 2007 we had the choice between make Deployments over and over again, or to use the WSUS Console and make an Automatic Approval. In SCCM 2012 there’s no need to use the WSUS Console, when you want to deploy Updates automatically, and the best: You’ve got control over the Updates, because everthing is handled within SCCM.

Now enough of words, take a look:

In the wunderbar (I will only poke once on this: @Microsoft o.O) under the Software Library you will find the tree Software Updates, which gives you access to the Automatic Deployment Rules. Let us make an example, and create a rule for the Exchange Anti-Spam Update, because the rule for Endpoint Protection is already done.

When you choose to create a rule, you will be asked for a name of the rule. I chosen a template for creating the rule, so the targeted collection is already filled out. If you chose to “Create a new Software Update Group” every time the rule deploy updates, the update group name will contain the name of the rule and the date and time when the rule was applied. The checkbox “Enable the deployment after this rule is run” should be activated.

The next screen presents normal settings, just click “Next”.

In the following screen you have to decide which type of updates should automatically be deployed. It’s a good idea to set a “Date released or Revised” Date, this will not deploy all updates ever published, when the rule runs for the first time.

If you don’t enable the rule to run on a schedule, you have to execute the rule manually. The threshold of running the rule should be lower than running the synchronisation. As you might recognize, with these settings, it is possible, that some Updates will be deploymed more than once. This is true, but not a problem, the rule will check, if an updates is already deployed for the collection, and will just skip it.

Next screen is simple, I want to install the Update as soon as possible and with no deadline.

This next screen is important, because it defines how the update is deployed. In my environment, i haven’t any maintenance windows, so I didn’t need to use the checkboxes. But even the updates should only be defintion updates, I want to suppress restarts on servers.

Want to get alerted if the compliance is below a defined percentage? Well, just configure it here:

The Donwload Setting screen is not that interesting, so I will not show it. The screen “Deployment Package” is also not new. Pay attention, that when you chose to create a new package, the rule will create the update deployment package once, and when the rule has to deploy new updates, it uses the same package.

The rest of the wizard is “Next”, “Next” and again “Next” 😉

The rule is created, and it waits now for the first execution, which will processed at the configured schedule, or manually by a click on “Run Now”.

And if everthing went fine, you will see, that the update is deployed. If the status of the update is not going to “Yes” in the row “Deployed”, check the Automatic Deployment Rules Logfile. The logfile is named “ruleengine.log”, and you will find it in the following directory: [SCCMInstallationPath]Logsruleengine.log