With Configuration manager 1606 ,new feature was added to software updates section which is called ‘Run software updates compliance scan immediately after a client installs software updates and restarts’ . This feature really helps to run a software update compliance scan immediately after a client installs software updates and restarts.This feature enables the client to check for additional software updates that become applicable after the client restarts, and then to install them (and become compliant) during the same maintenance window.
To set this up for a deployment, on the User Experience page of the Deploy Software Updates Wizard, select If any update in this deployment requires a system restart, run updates deployment evaluation cycle after restart. This enables the client to check for additional software updates that become applicable after the client restarts, and then to install them (and become compliant) during the same maintenance window.
For newly created deployments ,you set this option during the user wizard but what about if you have migrated your environment from SCCM Configmgr 2012 R2 to SCCM Configmgr 1606 or Current Branch 1610 ?
For existing deployments after you migrated from CM12 to 1606 or above ,you need to right click on the software update deployment ,go to user experience tab, at the bottom you will see “software update deployment re-evaluation behaviour upon restart” as shown below.
If you have fewer deployments, you can set this option manually but what if you have large number of deployments and setting up manually is not good option and for that, we will use powershell script.
To enable this option using powershell for all the software update deployments , we need to identify this property in wmi .I use WMI explorer connect to SCCM site ,ROOT\SMS,Root\SMS\site_Sitecode , filter with SMS_UpdateGroupAssignment ,select any update group assignment ,on the right side of wmi explorer ,you will find list of properties that are associated with each deployment.
In order to select this option for large number of deployments, we will use powershell script to set RequirePostRebootFullScan to TRUE. RequirePostRebootFullScan can accept only Boolean either False or True.
This property is not yet included in the configmgr powershell cmdlet but as per Configmgr User voice , this will be available in 1701 Technical preview which means we can expect this in the next current branch update .
Until this is available in the Configmgr powershell cmdlet ,we will set RequirePostRebootFullScan to true using powershell for all the deployments that are not enabled this option.
This powershell script basically go through the list of all software update deployments and check if RequirePostRebootFullScan is set to false ,change it to TRUE and pipe the deployment information to log file.
Download the powershell script from Technet Gallary here