Page tree
Skip to end of metadata
Go to start of metadata

Module PatchManager

PatchManager is available as an optional module.

PatchManager allows you to control patch deployment for all managed machines from one single interface. You can use PatchManager to manage updates for software from Microsoft and other parties. Each patch can be checked for applicability, blocked, distributed or rolled back, grouped or individually.

PatchManager - Overview

The Status overview panel provides a detailed view of patches and their deployment status within the network. It lists all of the available patches, alphabetically, once for every client. The extensive list lets you check whether clients have been provided with all relevant patches and allows you to directly schedule patch deployment. A set of charts shows at-a-glance information about pending patches and can be used to quickly assess whether there are any important patches that need to be installed.

By default, the list of patches is grouped by Status, Priority, Vendor and Product, to quickly assess whether essential patches have been installed yet or not. The default display filter settings exclude full software installers from the list, as well as any blocked entries. Click Reset all filters to reset the display filter. Patches that replace a previous patch can be expanded: click the plus sign to display all superseded patches.

Per patch and client, several types of patching jobs can be planned. Right-click one or more patches and select one of the following options:

  • Check patches for applicability: Plan a job that checks if the selected patches apply to the selected client(s) using the Patch applicability job window.
  • Install patches: Plan a job that installs one or more patches on the selected client(s) using the Software distribution window.
  • Rollback: Plan a rollback job for patches that have already been deployed to the selected client(s) using the Rollback window.
  • Block patches: Block one or more patches that should not be distributed to clients. Blocked patches will be ignored when carrying out automated applicability and distribution jobs. When manually planning an applicability or distribution job, blocked patches are hidden by default.
  • Unblock patches: Unblock one or more patches.
  • Properties: View more information, including a full description and license.

The Status column displays the status of every patch and its planned or running patching jobs (e.g. Scanning while a job is being carried out or Not applicable when the patch does not apply).

PatchManager - Settings

The Settings panel controls several options related to patch deployment.

  • Enable PatchManagement: Enable or disable PatchManager.
  • Mode: Decide whether PatchManager should run any automated applicability or installation jobs:
    • Manually: PatchManager will not run any automated applicability or installation jobs.
    • Automatically check patches with high priority for applicability: Whenever a high priority patch is released, PatchManager will automatically run an applicability job on all clients. This saves the effort of planning separate patch applicability jobs.
    • Automatically install patches with high priority: Whenever a high priority patch is released, PatchManager will automatically run an installation job on all clients (which installs the patch if it is applicable). Patch deployments can potentially cause compatibility problems. It is recommended to test patches on a non-production system before deploying them to production clients.
  • Allow the user to view and request patches: Allow end users to view available patches and submit a request for deployment.
  • Allow the user to refuse patch installation: Allow end users to (temporarily) refuse patch installation. You can select how many refusals are allowed until installation is forced, and how often patch installation should be attempted.

PatchManager - Patch configuration

The Patch configuration panel lists all available patches and lets you configure them. A set of charts shows statistics about patches, products, and vendors.

By default, the list of patches is grouped by Vendor, Product and Priority, allowing you to quickly find patches by product. The default display filter settings exclude full software installers from the list, as well as any blocked entries. Click Reset all filters to reset the display filter. Patches that replace a previous patch can be expanded: click the plus sign to display all superseded patches.

Per patch, several types of patch jobs can be planned. Right-click one or more patches and select one of the following options:

  • Check patches for applicability: Plan a job that checks if the selected patch(es) apply to client(s) using the Patch applicability job window.
  • Install patches: Plan a job that installs one or more patches on client(s) using the Software distribution window.
  • Block patches: Block one or more patches that should not be distributed to clients. Blocked patches will be ignored when carrying out automated applicability and distribution jobs. When manually planning an applicability or distribution job, blocked patches are hidden by default.
  • Unblock patches: Unblock one or more patches.
  • Properties: View more information, including a full description and license.

The Priority column displays the priority of every patch. The default priority is based on the PatchManager database, but can be edited (Low, Normal, or High).

  • No labels