none
Find High Priority updates with Windows Update Agent API

Answers

  • There is another thread: http://www.eggheadcafe.com/software/aspnet/35026049/scripting-api-find-high.aspx

    In this thread you menthioned that "HighPriority" includes all SecurityUpdates, all CriticalUpdates, and *some* UpdateRollups or Updates classifications.

    Generally speaking this is a true statement.
    I want to know how windows update class the updates to "High priority"(Important in vista) or"Optional".
    "Windows Update" doesn't make those determinations, the human beings that publish the updates do. I don't know the criteria they use to make that determination, and since it only affects WU/MU and not WSUS, I really haven't given it much consideration. I would assume, though, that it's documented in the same sources I have already cited.
    Then I can update the "High priority" updates through Update Agent API by myself.

    Yeah.. the point that I'm trying to make here is that you, as an IT Admin, are assumed to have a higher level of sophistication than the average home computer user, so the categories of "High Priority" and "Optional" are irrelevant. Those cosmetic categories are presented to WU/MU users so they don't have to deal with the *real* list of categories.

    As a Patch Administrator you need to identify the updates that you *NEED* and approve them for installation (or select them if you're scripting against the API). It shouldn't matter what the artificial classification of the update actually is.

    But, if you really want to play that game -- then you should install ALL Service Packs, ALL Security Updates, ALL Critical Updates, ALL Update Rollups, and any updates in the "Updates" classification that impact functionality that you need.

    Or, to consider it another way: Install everything except the updates you don't need.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2010)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com
    Sunday, June 13, 2010 2:31 PM

All replies

  • The concept of "High Priority" and "Optional" is a cosmetic categorization exclusive to the Windows Update and Microsoft Update realms.

    In the Windows Update Agent API, when you are communicating with a WSUS Server, those categories are irrelevant.

    An update has two attributes that exist in the metadata:

    Update Classification: [Security Update, Critical Update, Update, Update Rollup, Service Pack, Feature Pack, Definition Update, Driver, Tool]

    These terms are defined in the Systems Management | Update Management chapter of the Technet Library, in the section titled Update Management Process. See Table 7. Microsoft Terminology for Software Updates, in the subsection How Microsoft Fixes Software After Release.

    The second attribute, which only applies to Security Updates, is the MSRC Severity, which has one of four values: Critical, Important, Moderate, or Low.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2010)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com
    Saturday, June 12, 2010 7:31 PM
  • Hi Lawrence,

     Thanks for your reply.

    There is another thread:

    http://www.eggheadcafe.com/software/aspnet/35026049/scripting-api-find-high.aspx

    In this thread you menthioned that

    "HighPriority" includes all SecurityUpdates, all CriticalUpdates,
    and *some* UpdateRollups or Updates classifications.

    I want to know how windows update class the updates to "High priority"(Important in vista) or"Optional".

    Then I can update the "High priority" updates through Update Agent API by myself.

    Thanks.

    Hai

     

     

    Sunday, June 13, 2010 1:26 AM
  • There is another thread: http://www.eggheadcafe.com/software/aspnet/35026049/scripting-api-find-high.aspx

    In this thread you menthioned that "HighPriority" includes all SecurityUpdates, all CriticalUpdates, and *some* UpdateRollups or Updates classifications.

    Generally speaking this is a true statement.
    I want to know how windows update class the updates to "High priority"(Important in vista) or"Optional".
    "Windows Update" doesn't make those determinations, the human beings that publish the updates do. I don't know the criteria they use to make that determination, and since it only affects WU/MU and not WSUS, I really haven't given it much consideration. I would assume, though, that it's documented in the same sources I have already cited.
    Then I can update the "High priority" updates through Update Agent API by myself.

    Yeah.. the point that I'm trying to make here is that you, as an IT Admin, are assumed to have a higher level of sophistication than the average home computer user, so the categories of "High Priority" and "Optional" are irrelevant. Those cosmetic categories are presented to WU/MU users so they don't have to deal with the *real* list of categories.

    As a Patch Administrator you need to identify the updates that you *NEED* and approve them for installation (or select them if you're scripting against the API). It shouldn't matter what the artificial classification of the update actually is.

    But, if you really want to play that game -- then you should install ALL Service Packs, ALL Security Updates, ALL Critical Updates, ALL Update Rollups, and any updates in the "Updates" classification that impact functionality that you need.

    Or, to consider it another way: Install everything except the updates you don't need.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2010)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com
    Sunday, June 13, 2010 2:31 PM
  • Hi,

    We had the same problem at developing WuInstall ...

    We came up with a rule of thumb that those are all updates with classification S (Security Update), C (Critical Update), R (Update Rollup)

    OR

    with Severity C (Critical), I (Important), whereas severity is often not filled

    so we run wuinstall first with /classification SCU and then with severity /CI, in order to get the high priority updates

    see http://www.wuinstall.com/index.php/howto#2_5

    but however, this is also just a (quite good working) rule of thumb to get the high priority ones

    Thursday, June 24, 2010 9:10 AM
  • OR

    with Severity C (Critical), I (Important), whereas severity is often not filled

    Severity, as documented, only applies to SECURITY UPDATES, so including "Security Updates" AND "with Severity..." is redundant.
    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2010)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com
    Thursday, June 24, 2010 3:35 PM
  • You are right, thank you very much for that info, should have been obvious to us :-) We adopted our documentation accordingly.

    Friday, June 25, 2010 7:03 AM