Deploying Windows Update (.msu) with SCCM

Sarah Lean -

I was recently packaging up an application for SCCM and one of the prerequisites of this application was that a Windows Update (.msu) had to be installed.

In order to package up this Windows Update and deploy it as an application I did the following:

  • To silently install the update I ran the following command within the application deployment -wusa.exe KBxxxxxx.msu /quiet /norestart
  • In the detection method tab, set the option to "Use a custom script to detect the presence of this deployment type" and select Edit
  • Change the script so that it is set to Powershell and enter the following command -
    get-hotfix | Where-Object {$_.HotFixID -match "KBxxxxxx"}

The deployment ran fine after that.  If you have any execution errors from the script you can change the PowerShell Execution Policy to bypass the SCCM agent client settings.