After 4 weeks’ vacation I started working again and the first thing I planned to do was to implement the new feature in FEP 2010 Update Rollup 1 for automating approval of FEP 2010 definition updates in SCCM instead of doing it separately in WSUS on the SCCM server as many of us do today.

UPDATE:! ——————————————————
A new version of the SoftwareUpdateAutomationtool.exe has been released it can be downloaded here: http://www.microsoft.com/download/en/details.aspx?id=26613
When using this updated tool the challenges with the original version has been solved, the command line below in the .cmd file using the new version used should be:
“e:\program files (x86)\Microsoft Configuration Manager\AdminUI\bin\SoftwareUpdateAutomation.exe” /AssignmentName FEP2010SignatureUpdates /PackageName FEP2010Signature

The rest of this article is still valid.

——————————————————————

I found that the documentation was not that clear and that included using a Scheduled task which I cannot simply use when we have Status Filter Rules in SCCM which is so cool ;-)

The guide on Technet describes how to create the necessary Software Update packages and copy the softwareupdateautomation.exe file to the correct location so I will not go into detail about that. You can find the installation instructions here: http://technet.microsoft.com/en-us/library/hh297450.aspx

This is what I ended up doing to get it to work:

1. Follow the instructions on the Technet article until it is time to create the Schedule task.

2. Then copy the softwareupdateautomation.exe as described to the correct location(it must be executed from the AdminUI\Bin directory:
%ProgramFiles%\Microsoft Configuration Manager\AdminUI\bin, if the computer is a 32-bit operating system.
%ProgramFiles(x86)%\Microsoft Configuration Manager\AdminUI\bin, if the computer is a 64-bit operating system.

3. Then I created a simple .cmd file which I placed in a directory on the SCCM Primary Site server, E:\sccmtools.
I run all my status filter rules script from the same location. It is really easy to test that the command line works, just execute it with Admin privileges and check the SoftwareUpdateAutomation.log file for status information. The log file can be found here:
%ProgramData%\SoftwareUpdateAutomation.log.

4. The following command was the one I used in the .cmd file, replace the AssignmentName and PackaegName to reflect your environment:

"e:\program files (x86)\Microsoft Configuration Manager\AdminUI\bin\SoftwareUpdateAutomation.exe" /AssignmentName FEP2010SignatureUpdates /PackageName FEP2010Signature /UpdateFilter "articleid='2461484' AND IsSuperseded=0 AND IsEnabled=1 AND IsExpired=0" /refreshdp

5. Then I created a Status filter rule on the Primary SCCM Site Server which looks like this:

FEPUA1
FEPUA2

6. Using this status filter rule the SoftwareUpdateAutomation.exe will be triggered each time the WSUS Sync Manager reports that synchronization is completed. No schedule task needed!

7. Change your FEP policies to use the new update option below and you are good to go:

FEPUA3

The command line took a while to get to work as the documentation is not correct on the Technet webpage as I am writing this at least.
Also the help information for the softwareupdateautomation.exe tool states that /refreshdp is default true but it is not so /refreshdp must be used.
I strongly recommend reading this article with some other known errors.

http://blogs.technet.com/b/clientsecurity/archive/2011/07/18/errors-when-using-the-fep-2010-definition-update-automation-tool.aspx