Inventory Tool for Microsoft Updates General FAQ

Published: September 5, 2005 | Updated: November 2, 2006

 


Q. What is the Systems Management Server Inventory Tool for Microsoft Updates?

A. SMS administrators can use the Inventory Tool for Microsoft Updates (ITMU) to determine the compliance of Microsoft products on managed systems for updates that are security related. At this time, the Inventory Tool for Microsoft Updates does not determine compliance for non-security related updates. The Inventory Tool for Microsoft Updates deploys security updates released through Microsoft Security Response Center, update roll-ups, and service packs.

Inventory Tool for Microsoft Updates includes the following components:

  • Scan tool for Microsoft product updates to scan Windows desktops and servers for compliance to Microsoft security updates for Microsoft Windows and Microsoft Applications

  • Synchronization of the Windows Update catalog on a recurring schedule

  • The latest Windows Update Agent. On the first scan, if managed systems do not have the most recent Windows Update Agent (version 5.8.0.2694 or later) it can be installed to support Microsoft Update detection and deployment

  • New SMS Advanced Client release, reports, and an updated Distribute Software Update Wizard

Q. What is the Microsoft Update Catalog? What are Microsoft Update and Windows Update? What is the Windows Update Agent?

A. The Microsoft Update Catalog is a repository for Microsoft software updates and contains updates that address security and reliability issues. Microsoft Update and Windows Update are services from Microsoft that deliver required updates from the Microsoft Update Catalog. The Microsoft Update service queries the Microsoft Update Catalog to determine what updates are available for the PC that Microsoft Update is installed on. The Windows Update services functions the same way but provides updates only for Microsoft operating systems and Windows-based hardware.

By default, the Windows Update Agent runs on Microsoft operating systems and tells end-users when new updates are available from Windows Update.  Consumers are familiar with the Microsoft Update website where they can download updates to ensure the health of their computers based on alerts provided by the Windows Update Agent.  The Agent can also be configured to automatically download and install updates.  Consumers can chose to opt-in to receive updates from the entire Microsoft Update catalog from the Microsoft Update website.

Corporations require more control over provisioning of updates and use additional products and tools like Microsoft Systems Management Server (SMS) or Windows Server Update Services (WSUS) to control the deployment of updates ensuring the health of their corporate network.

Q. What versions of SMS does Inventory Tool for Microsoft Updates support? What is required to install Inventory Tool for Microsoft Updates?

A. SMS 2003 service pack 1 (and later) with certain hotfixes applied. Be sure to read the Pre-installation Guide for details on the hotfixes and corresponding pre-requisites when installing Inventory Tool for Microsoft Updates.

Q. What version of the Windows Update Agent does Inventory Tool for Microsoft Updates v1.0 integrate with?

A. Inventory Tool for Microsoft Updates v1.0 currently uses Windows Update Agent version 5.8.

Q. Does Inventory Tool for Microsoft Updates, Windows Server Update Services (WSUS), and Microsoft Baseline Security Analyzer (MBSA) use the same scan agent?

A. Inventory Tool for Microsoft Updates v1.0, WSUS 2.0, and MBSA 2.0 use the same scan agent, the Windows Update Agent v5.8. Older versions of MBSA use their own scan tool for update compliance. Review the Windows Server Update Services Frequently Asked Questions and MBSA 2.0 Frequently Asked Questions for more information.

Q. Which products can the Inventory Tool for Microsoft Updates integration with SMS 2003 provide updates for?

A. Inventory Tool for Microsoft Updates synchronizes its update catalog with Windows Update and Microsoft update and integrates with the Windows Update Agent version 5.8 to provide security update detection and deployment for:

Windows Update and Microsoft Update provide security updates for:

  • Microsoft Windows 2000 Service Pack 4 and later

  • Microsoft Windows 64-bit edition (based on Windows Server 2003 SP1 code)

  • Microsoft Windows XP Embedded

  • All Windows components (such as MSXML, MDAC, and Microsoft Virtual Machine)

  • Microsoft Office XP and Office 2003

  • Microsoft Exchange 2000 and Exchange 2003

  • Microsoft SQL Server 2000 SP4 and later

  • Additional products as published to Microsoft Update and Windows Update

Q. How do I continue to update legacy applications that aren’t supported by the Microsoft Update catalog?

A. Continue to use the SMS 2003 Software Update Scanning Tools for products that are not supported by Microsoft Update. These tools use MBSA 1.2, UpdateScan.exe, and Office detection scan engines for assessing current update compliance.

Q. Does Inventory Tool for Microsoft Updates replace the SMS 2003 Software Update Scanning Tools?

A. Yes, over time. The Window Update Agent and catalog will support updating Windows operating systems and many Microsoft products adding additional Microsoft products over time. Learn more about the SMS 2003 Software update Scanning Tools.

Q. What are the benefits of using Inventory Tool for Microsoft Updates over the existing technologies in SMS 2003 i.e. the SMS Software Update Scanning Tools?

A. Inventory Tool for Microsoft Updates synchronizes with Microsoft Update supporting the Windows operating system and many Microsoft products. By synchronizing with Microsoft Update Inventory Tool for Microsoft Updates adds support to SMS for updating products like Exchange Express, the Microsoft .NET Framework, MSDE, MSN Messenger, Project Server 2002, SQL Server 2005, Windows XP Embedded and Windows Server x64 bit servers. This list of supported products by Microsoft Update will grow rapidly over the course of the next few quarters.

In addition, Inventory Tool for Microsoft Updates now shares the same security update, update rollup, and service pack data as offered by Microsoft Windows Server Update Services (WSUS) by leveraging a common scan agent, the Windows Update Agent. This ensures consistent results, updates, and content based on what is published in Microsoft Update and Windows Update regardless of which tool is used.

By standardizing on a single scan tool, administration costs are greatly reduced resulting in fewer packages and therefore fewer deployments and potentially fewer client reboots.

Inventory Tool for Microsoft Updates also simplifies the deployment of packages by automating tedious command line processes for implementing silent deployments and unattended reboots.

Prior to Microsoft Update, different groups within Microsoft published their own disparate update catalogs on the Windows Download Center. As a result, administrators have had to work with numerous scan agents and corresponding catalogs resulting in a lot of administrative overhead.

Overall, Inventory Tool for Microsoft Updates with the new Windows Update Agent, and the Microsoft Update catalog is a more flexible architecture than previous solutions and will be able to scan for almost any security update in the suite of Microsoft products.

Q. Are the SMS 2003 Software Update Scanning Tools needed in addition to Inventory Tool for Microsoft Updates?

A. Users who have update requirements for legacy products not supported by the Windows Update Agent. The SMS 2003 Software Update Scanning Tools integrate with (MBSA) v1.2 and the Office Update scan tool. Below is a list of products supported by the SMS Software Update Scanning Tools that are not currently covered by the Microsoft Update Catalog:

  • BizTalk Server 2000, 2002, and 2004

  • Commerce Server 2000 and 2002

  • Content Management Server 2001 and 2002

  • Excel 2002

  • Exchange 5.5

  • Office 2000

  • Office Web Components 2000

  • Host Integration Server 2000, 2004 and SNA Server 4.0

  • Windows 2000 Advanced Server < SP3

  • Windows Data Center Server < SP3

  • Windows 2000 Server < SP3

  • Windows Media Services 4.0, 4.1

    Learn more about the SMS 2003 Software update Scanning Tools.

Q. If I am using SMS and Inventory Tool for Microsoft Updates, do I also need WSUS?

A. No. SMS 2003 can provide the same basic services that WSUS can, in addition to the advanced controls for update management, so you will not need WSUS if you have SMS 2003.

Q. If WSUS is free, why do I need SMS?

A. SMS 2003 provides a number of capabilities in the areas of advanced administrator control and awareness that WSUS does not include. In particular, SMS users can create collections based on inventory characteristics of machines, which enables administrators to better target their updates and perform functions such as:

  • Deploy updates based on service windows (advertisement)

  • Better manage the user experience by displaying a customizable user interface and maintain fine-grained control over enforcement settings such as restart and install.

  • Fully understand compliance of their environment through inventory information and get detailed status about the system state with respect to an update.

Q. Should customers still use the MBSA v1.2 scanning agent for software updates?

A. The software updates support in MBSA is using a deprecated scanning technology. Customers may need to continue to use MBSA within SMS and standalone to scan for updates on legacy products.

Q. Does SMS Inventory Tool for Microsoft Updates integrate with MBSA 2.0?

A. No. SMS Inventory Tool for Microsoft Updates does not directly integrate with MBSA 2.0. However, SMS uses the Windows Update agent and the Windows Update Catalog for scanning which is the same underlying technology that MBSA 2.0 uses for update compliance.

Q. What is the relationship between Inventory Tool for Microsoft Updates and SMS Extended Update Inventory Tool

A. The SMS Enterprise Update Scan Tool was designed to provide additional support for vulnerabilities not detectable by MBSA 1.2. ITMU obsoletes the need for the SMS Extended Update Inventory Tool and corresponding scan agent for products supported by Microsoft Update. Customers may still need to use the Enterprise Update Scan Tool in some cases for products not supported by Microsoft Update. Read the MSRC bulletin to keep current on updates supported by the Enterprise Update Scan Tool.


For More Information

Top of page Top of page