In the Patch Action drop-down list, select a patch action for the schedule The patch action behavior is dependent on the combination of reboot, detect, deploy, and rollback

selections you make. Whenever a patch action does both a Detect pass and something else, as is the case with Detect and Deploy and Detect and Rollback, the action is repeated cyclically until the Detect action finds no further patches to deploy or roll back. This might result in multiple Reboot actions for a single scheduled run. In addition, the type of machine you are patching affects the type of patch action to use.

Detect and Deploy patching jobs require an AMP (Agent Messaging Protocol) connection between the machine and K1000 Management Appliance; they do not run offline. For more information about the Agent and AMP

Option Description

Detect Perform Detect-only actions. This is useful when you want to detect patches that are installed on or missing from managed machines.

Detect-only actions are most useful for laptops. Detect actions can be run anytime, but they should be run at least one day before Deploy actions, which might require a reboot. Detect and

Deploy

Perform Detect and Deploy actions. This is usually appropriate for desktops and servers.

Note: If patch deployment is unsuccessful after the maximum number of attempts, the deployment fails and the machine is skipped. For more information about the maximum number of deploy attempts, see Select Deploy Patch Label Selection options or Rollback Patch Label Selection options: on page 39. For information on viewing patch status, including failures, see Viewing patch status by machine on page 44.

Detect and Deploy with Force Reboot

When you select Detect and Deploy and choose Force Reboot in the Reboot Options section, the following occurs according to the patching schedule:

• A Detect job runs.

• All patches are deployed and the machine is rebooted as needed.

• After the last reboot, a final Detect job runs.

Detect and Deploy with Force Reboot works well with servers because they usually have no dedicated users. However, it is important to warn users that services will not be available when servers are being patched and rebooted. For more information, see Notify users when machines are being patched on page 12.

Detect and Deploy with Prompt User

When you select Detect and Deploy and choose Prompt User in the Reboot Options section, the following occurs according to the patching schedule:

• A Detect job runs.

• Patches are deployed until a reboot is required, then the user is prompted to reboot.

• If no user is logged in, the machine is rebooted immediately.

• If the user clicks OK, the machine reboots. The patching process continues until another reboot is required and the user is prompted again. The pattern continues until the patch list is exhausted.

• If the user snoozes or cancels the reboot, patching stops until a reboot occurs. When a reboot occurs, patching continues until the next reboot is needed, and the user is prompted again. The pattern continues until the patch list is exhausted.

• A final Detect job runs to verify patch status.

Detect and Deploy with Prompt User is risky because deploying patches without rebooting when required can leave systems unstable. Further, patches that require reboots only shown as deployed after the reboot.

Detect and Deploy with No Reboot

When you select Detect and Deploy and choose No Reboot in the Reboot Options section, the following occurs according to the patching schedule:

• A Detect job runs. • Patches are deployed.

• If no reboot is required, and the patch list is exhausted, a final Detect job runs to verify patch status.

• If a reboot is required, patching stops. When the machine is rebooted, patching continues until either the patch list is exhausted, or a reboot is needed and patching stops. • When the patch list is exhausted, a final Detect job runs to

verify patch status.

Detect and Deploy with No Reboot is not recommended because deploying patches without rebooting when required can leave systems unstable. Further, patches that require reboots are only shown as deployed after the reboot.

Deploy Perform Deploy-only actions. This is useful when you know that specific patches need to be deployed to managed machines. A final Detect job runs either after the patch is deployed or, if a reboot is required, after the machine reboots and the Agent reconnects to the appliance.

Note: If patch deployment is unsuccessful after the maximum number of attempts, the deployment fails and the machine is skipped. For more information about the maximum number of deploy attempts, see step 9 on page 39. For information on viewing patch status, including failures, see Viewing patch status by machine on page 44.

Deploy with Force Reboot

When you select Deploy and choose Force Reboot in the

Reboot Options section, the following occurs according to the patching schedule:

• All patches are deployed and the machine is rebooted as needed.

• A Detect job runs. Patching continues at the next scheduled patch deployment time.

• A final Detect job runs either after the last patch is deployed or, if a reboot is required, after the machine reboots and the Agent reconnects to the appliance. Deploy with

No Reboot

When you select Deploy and choose No Reboot in the Reboot Options section, the following occurs according to the patching schedule:

• Patches are deployed until a reboot is required, then patching stops.

• A Detect job runs. Patching continues at the next scheduled patch deployment time.

• A final Detect job runs either after the last patch is deployed or, if a reboot is required, after the machine reboots and the Agent reconnects to the appliance. Detect and

Rollback

Find and remove unwanted patches.

Detect and Rollback with Prompt User

When you select Detect and Rollback and choose Prompt User in the Reboot Options section, the following occurs according to the patching schedule:

• A Detect job runs to identify unwanted patches.

• If unwanted patches are found, the appliance attempts to remove them.

• If removal is unsuccessful after the maximum number of attempts, the rollback fails and the machine is skipped. For more information about the maximum number of

attempts, see step 9 on page 39.

• If the rollback is successful, the user is prompted to reboot. • If no user is logged in, the machine is rebooted

immediately.

• If the user clicks OK, the machine reboots. The rollback process continues until another reboot is required and the user is prompted again. The pattern continues until the patch list is exhausted.

• If the user snoozes or cancels the reboot, patching stops until a reboot occurs. When a reboot occurs, rollback continues until the next reboot is needed, and the user is prompted again. The pattern continues until the patch list is exhausted.

Rollback Roll back patches that have been applied. Rollback

with Prompt User

When you select Rollback and choose Prompt User in the

Reboot Options section, the following occurs according to the patching schedule:

• The appliance attempts to remove the unwanted patches • If removal is unsuccessful after the maximum number of

attempts, the rollback fails and the machine is skipped. For more information about the maximum number of

attempts, see step 9 on page 39.

• If rollback is successful, the user is prompted to reboot. • If no user is logged in, the machine reboots immediately. • If the user clicks OK, the machine reboots. The rollback process continues until another reboot is required and the user is prompted again. The pattern continues until the patch list is exhausted.

• If the user snoozes or cancels the reboot, the rollback process stops until a reboot occurs. When a reboot occurs, rollback continues until the next reboot is needed, and the user is prompted again. The pattern continues until the patch list is exhausted.