News

SCCM 2007 Users Hit Snag with New Windows Update Model

• By Kurt Mackie
• November 09, 2016

Organizations using System Center Configuration Manager (SCCM) 2007 may feel some headaches over Microsoft's new update service model for Windows 7 and Windows 8.1 clients.

SCCM 2007 users face carrying out manual steps to temporarily resolve issues should a monthly cumulative Windows update cause problems. Those limitations were described on Friday in this Microsoft blog post.

Microsoft kicked off the new update model for all supported Windows operating systems on Oct. 11. Under this model, Microsoft releases monthly cumulative updates for Windows clients and server operating systems. That change in policy put Windows 7/8.1 users on the same cumulative update treadmill as faced by Windows 10 users. Organizations now get a "security-only quality update" and a "security monthly quality update" each month on "patch Tuesday," or the second Tuesday of the month, for Windows operating systems.

In the past, application compatibility issues that had occurred after Windows updates were installed might be resolved by rescinding a single patch. With the new model, though, that's not possible. The whole cumulative update has to be rescinded.

Organizations facing application compatibility issues after a Windows update can opt to install the security-only quality update. That's one strategy to stay patched against security issues until a solution for a problem is found. However, users of SCCM 2007 specifically lack this flexibility. Essentially, the security-only quality update shows up as "superseded" for those users because SCCM 2007 lacks patch supersedence customization capabilities. The presence of the security monthly quality update causes the security-only update to be seen as unnecessary, or superseded.

The workaround for SCCM 2007 users is to get the security-only update from the Microsoft Update Catalog. Next, they then have to manually install the security-only update using the command-line standalone installer tool (Wusa.exe).

Users of new client management solutions, such as System Center Configuration Manger 2012, do have the ability to customize supersedence rules. Consequently, they can delay the supersedence of Windows updates. Doing so will let them opt to use the security-only update, if wanted, without supersedence taking place, Microsoft's announcement explained.

Despite the limitation, SCCM 2007 currently is a supported product, which means that Microsoft continues to send security and nonsecurity patches for it. SCCM 2007 will lose support on July 9, 2019, according to Microsoft's lifecycle support description.