One more script from me today. In System Center 2012 Configuration Manager we have deprecated our old COM interface from 2007 (this one here). This has been replaced, along with a few other legacy COM interfaces, with a new set of WMI classes in the appropriately name root\CCM\ClientSDK namespace. This namespace existing on each Configuration Manager client, and can be accessed using standard WMI interfaces (PowerShell, WMIC, WbemTest, VBScript, WinRM, .NET or old school C++). The classes were are interested are the following:

The method we need to call is under CCM_SoftwareUpdatesManager, the also aptly named InstallUpdates J (documentation). The process is relatively straightforward of a logical WMI point of view:

  1. Get all instances of CCM_SoftwareUpdate where ComplianceState is 0 (Missing/ciNotPresent)
  2. Stick the instances in an array (if they aren't already)
  3. Call InstallUpdates passing the array of missing software updates

That's it! Job done, the client will do the rest of the work. You can check CCM_SoftwareUpdate instances to validate installation progress (or potentially use WMI events – though I haven't bothered to play around with this). I've taken the liberty to create a PowerShell sample script and placed it up on the TechNet Script Center (Note: step 2 in the above has a bit more work to devolve some of the PowerShell variable nicety to keep InstallUpdates and Invoke-WmiMethod happy): http://gallery.technet.microsoft.com/scriptcenter/Install-All-Missing-8ffbd525

Happy security update deployment! ;)

Saud.