Documentation forPatch Manager

Manage software package rule sets

WSUS uses software publishing rules to evaluate if a package is installed and can be deployed to a specific client. This section describes each type of software publishing rule set and provides a corresponding example.

The Rule Editor is the same regardless of the rule type or whether you launch it from the Package Wizard or the New Rule task in the Administration and Reporting > Software Publishing > Rules view in the Patch Manager Administrator Console.

Prerequisite rule set

Common prerequisite rules define the prerequisite Windows version, language, and processor architecture for the target computers.

See the Microsoft TechNet website to identify the specific version for your Windows Server operating system.

For example, to add a rule to include only workstations running Windows Server 2008:

  1. Expand Administration and Reporting > Software Publishing and select Rules.
  2. In the center pane, double-click a rule.
  3. In the Rule Editor dialog box, select Create Basic Rule.

  4. Click the Rule Type drop-down menu and select Windows Version.

  5. Complete the Windows Version tab options.

    1. Click the Rule Type drop-down menu and select Windows Version.
    2. In the Comparison field, select Greater Than or Equal To.
    3. In the Major Version field, select 6.
    4. In the Minor Version field, select 0.
    5. In the SP Major Version field, select 1.
    6. In the SP Minor Version field, select 0.
    7. In the Product Type field, select Server.
  6. Click OK.

Applicability rule set

Common applicability rules check to see whether certain registry keys or values exist on the target computer. Generally, applicability ruleset works together with the installed rule set to define whether or not a target computer requires the update.

The difference between the applicability and installed rules in these examples is that the applicability rule is checking for installed versions prior to the update installer version, and the installed rule is checking for the existence of the same version. As a result, the two rule sets combined determine whether the update is required.

For example, to add a rule to check whether the Firefox version is 10.0 or earlier.

  1. Expand Administration and Reporting > Software Publishing and select Rules.
  2. In the Rule Editor window, select Create Basic Rule.

  3. Click the Rule Type drop-down menu and select File Version with Registry Value.

  4. Complete the File Version with Registry Value tab options.

    1. In the Registry Key field, enter:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe

    2. In the Registry Value field, enter Path, and then select Use 32-bit registry.
    3. In the Sub-path field, enter firefox.exe.
    4. In the Comparison field, select Less Than.
    5. In the Version field, enter 10.0.0.441.
  5. Click OK.

Installed rule set

Common installed rules check to see whether certain registry keys or values exist on the target computer. Generally, installed ruleset works hand-in-hand with the applicability rule set to define whether or not a target computer requires the update.

For example, to add a rule to check whether the Firefox version is 10.0 or earlier.

  1. In the Rule Editor window, select Create Basic Rule.

  2. In the center pane, double-click a rule.
  3. In the Rule Type field, select File Version with Registry Value.

  4. Complete the File Version with Registry Value tab options.

    1. In the Registry Key field, enter:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe

    2. In the Registry Value field, enter Path, and then select Use 32-bit registry.
    3. In the Sub-path field, enter firefox.exe.
    4. In the Comparison field, select Equal To.
    5. In the Version field, enter 10.0.0.441.
  5. Click OK.