• No results found

Patch Manager. Overview. LabTech

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Patch Manager. Overview. LabTech"

Copied!
17
0
0

Loading.... (view fulltext now)

Download now ( 17 Page )

Full text

(1)

Patch Manager

PATCH MANAGER 1

Overview ... 1

Using the Patch Manager ... 7

Using the Patch Manager for Groups ... 8

Ignoring Patches ... 11

Denying Patches ... 12

Removing Patch Approvals from Groups... 12

Applying Patches to Different Groups ... 12

Copy Approval from One Group to Another ... 13

Daily Approval to an Update Group ... 16

Document Revision History ... 17

Overview

The Patch Manager simplifies the patching process: automatically discovering new updates, detecting missing patches and allowing you to approve and install them in an efficient manner.

The Patch Manager has two functional levels: one for groups and one for

computers. Group mode will approve and set the patch on the group selected and it will only show patches on that group. In computer mode, you will see the computers and can approve patches directly to that machine.

TIP: You can set the Patch Manager to default to a specific group when opening by

adding the property ‘DefaultPatchManagementGroup’ with the groupID as the value. Adding the property will also set the Listing Style to ‘Group Assigned Updates’. For more information, refer to the Properties documentation.

(2)

Figure 1: Patch Manager

IMPORTANT: It is important to note when approving or installing patches, if you are

in global mode (the Apply to: setting is set to ‘Global’), the selected patch(es) will be approved on all machines with LabTech agents that you have permission to access,

(3)

Table 1: Field/Menu Options

Option Description

Listing Style

Missing Updates Shows all patches that are missing from one of the computers you have permission to access.

Missing Critical Updates Shows all patches that have any severity level and is missing from one of the computers you have permission to access.

Detected Updates Shows only patches for computers that you have permission to access. For example, if you do not have access to any Windows 2000 machines, you will not see any patches for Windows 2000.

Detected Critical Updates Shows all critical patches (as defined by Microsoft) that have been installed on computers that you have permission to access and were not installed by LabTech.

All Updates Shows all available patches except detected and ignored patches, if those options are enabled in the

Options list.

Ignored Updates Shows all globally ignored patches and will be excluded from all reports.

Unapproved Detected Updates Shows all patches that are detected on computers you have permission to access, that have not been approved to any group.

Unapproved Detected Critical Updates

Shows all critical patches (as defined by Microsoft) that are detected on computers you have permission to access, that have not been approved to any group. Unapproved Updates Shows all unapproved patches that have not been

approved to any group. The difference between ‘unapproved detected’ and ‘unapproved’, is ‘unapproved detected’ will only display unapproved patches for computers that you are responsible for. The

‘unapproved’ will show all updates regardless of OS. Group Assigned Updates Shows all updates for the selected group that have

been assigned (e.g., approved to install, denied, ignored, etc.)

Group Unassigned Updates Shows all updates for the selected group that have not been assigned yet.

Operating System

Windows 7,Windows Vista, Windows 2008, Windows 2003, Windows XP, 32 Bit OS, 64 Bit OS

You can filter the list of updates based on operating system. Click on each operating system (a check mark will display) to show that it is included in the filter. Remove the checkmark to eliminate from the filter.

Category

CAPICOM, Critical Updates, Definition Updates, Drivers, Exchange Server, Expression Web 3, Feature Packs, Microsoft Lync, Microsoft Online Services Sign-In Asst., Office, Office Communications Server, Office

You can filter the list of updates based on the category. Click on each category (a check mark will display) to show that it is included in the filter. Remove the checkmark to eliminate from the filter.

(4)

Communicator, Report Viewer, Security Updates, Service Packs, Update Rollups, Updates

Options

Detected Patches Will not display detected patches by default. To view detected patches, select ‘Detected Updates’ from the

Listing Style drop-down or if you want to see detected

patches for your current listing, remove the checkmark from the Detected Patches option. Returns to the default when Patch Manager window is closed. Hide Ignored Patches Will not display ignored patches by default. To view

ignored patches, select ‘Ignored Updates’ from the

Listing Style drop-down or if you want to see ignored

patches for your current listing, remove the checkmark from the Hide Ignored Patches option.

Refresh Group Detection If you change from group to group, use this to refresh the listing.

Show Missing Automatically Enable this to automatically load update information in the lower half of the screen (e.g., groups, computer missing updates, etc.). Otherwise, use the Show

Missing button to display this information.

Show Only Security Patches Enable this to automatically display only security patches.

Apply to:

Apply to: Choose from the drop-down list to apply patch based on groups that are set up or globally to apply to all clients, in all groups, for all machines that the logged in user has access to. It is important to note that the ‘global’ option while in group mode, will apply directly to the machine not the group.

Approve

Selected Updates This will approve all selected (highlighted) patches selected in the window.

Security Updates in List Security Updates in List will only approve those patches with a category of ‘Security Updates’

All Updates in List This will approve all patches in the list. If the entire list is 15 pages, it will approve all.

Assign

Deny Selected Updates This will deny all selected (highlighted) patches to the selected group or globally.

Ignored Selected Updates This will ignore all selected (highlighted) patches to the selected group or globally.

Remove Selected Updates This will attempt to remove selected (highlighted) patches from the machines in the selected group or globally, if the update has been installed. This is only applicable if the agent is attached to WSUS server. Clear Selected Updates This will remove any setting on that group or globally,

effectively clearing the setting.

Install

(5)

globally.

Security Updates in List Installs only the updates that have the category ‘Security Updates’ to the selected group or globally. All Updates in List Installs all updates in the list to the selected group or

globally.

Column Descriptions (top half of window)

KB Article Displays the KB article number. Click on the magnifying glass to view the details of the article.

Title Displays the patch title.

Category Displays the category the patch is associated with (e.g., security updates, feature packs, updates, etc.)

Missing Update Shows you the number of agents that are missing the update. These values will only count for the group members in the selected group.

Updates Installed Displays the number of updates that have been installed. These values will only count for the group members in the selected group.

Group Approval Displays the group approval status (e.g., install, remove, denied or ignored) on the Group Assigned Updates or the All Updates listing. A global status of ‘not applicable’ indicates that global is selected instead of a group.

Severity Displays the severity of the patch based on Microsoft’s determination.

Operating System Displays the operating system the selected patch affects.

Date Discovered Displays the date that Microsoft released the patch.

Viewing Options (top half of window)

No Filter You can apply additional filters to the data by selected the desired criteria from the No Filter button. Select the appropriate filter to apply, a checkmark will display to the left of the option and then click the No Filter button. The text will change to ‘Filtered’ to indicate that the data has been filtered. Click again to show all data.

Search The search feature allows you to search all patches for any criteria (e.g., OS, partial description, severity, etc.). Wildcard search is set by default to allow for wildcards at the beginning and end of your search criteria. You can also set your search to search all columns and to clear the search field when finished by selecting the desired option from the pull-down.

Clear Clears the search criteria and returns the default data. Refresh The refresh button will only refresh the listing after

performing a search and clearing the search criteria. For refreshing group information after changing from group to group, use the Refresh Group Detection under the Options menu.

Options The page size can be modified to show more or less updates on a page. You can change the number using your keyboard (not the number keypad).

(6)

The auto refresh option can be set for the data to auto-refresh every 30 seconds up to 10 minutes.

List Settings allow you to set the default settings, to

save or clear your custom settings when closing the Patch Manager.

Export all to Excel will export the data to an .xls file to be opened by Excel.

Column Descriptions (bottom half of window)

KB ID Displays the ID of the KB article.

Title Displays the patch title associated to the KB article. Description Displays the description of the patch.

OS Displays the operating system the selected patch affects.

Category Displays the category the patch is associated with (e.g., security updates, feature packs, updates, etc.)

Severity Displays the severity of the patch based on Microsoft’s determination.

Update Type Displays the type of update that the patch is (e.g., software update, driver update, etc.)

Uninstallable Will display yes or no, on whether the patch can be uninstalled once it is installed.

Date Added Displays the date that Labtech added the patch. Group window This is the white box in the lower right-hand side of the

screen. This will show all groups that the selected patch is approved for. You can double-click to remove this group or right-click to select a new group to apply this patch to.

Globally Ignore If this checkbox is selected, the selected patch is on the global ignore list.

Show Missing If Show Missing Automatically is not enabled under the Options (top half of screen), click the Show

Missing button to show the computers that are missing

the selected patch. This will only show computers that have you permission to access.

Show All Show all will show all of the computers that are missing the selected patch or that have been detected for computers that you have permission to access. Location Displays the location of the computer that is missing the

patch. Double-click to open the Computer screen for the selected computer.

Computer Displays the computer name of the computer that is missing the patch.

Update Approved Displays yes or no based on whether the patch has been approved.

Update Installed Displays yes or no based on whether the patch has been installed.

Date Detected Displays the date that LabTech detected the patch. Update Day Displays the day that automatic patching takes place. If

(7)

automatic patching is disabled, this will be indicated.

Using the Patch Manager

Initially, when you open the Patch Manager, it will show all missing updates for at least one computer that you have permission to access unless you have set the default patch management group. If an update is missing for more than one computer that you have permission to access, you will see the actual number of the missing updates.

TIP: You can set the Patch Manager to default to a specific group when opening by

adding the property ‘DefaultPatchManagementGroup’ with the groupID as the value. Adding the property will also set the Listing Style to ‘Group Assigned Updates’. For more information, refer to the Properties documentation.

1. You can access the Patch Manager from the Control Center by clicking on Patch Manager from the main toolbar or if you are using the navigation menus,

by clicking on Patch Management.

Figure 2: Menu—Patch Manager

NOTE: The list will be sorted by the patch that is missing the most.

2. Select the Listing Style from the drop-down list. The ‘Group Assigned Updates’

and ‘Group Unassigned Updates’ options are the only two options that will put you in group mode. All other options will list patches pertaining to the computers in the system (computer mode). To use group mode, refer to the Using the

Patch Manager for Groups section.

(8)

Operating System: Allows you to filter your search results down to the

operating system (e.g., show only operating systems Windows 2008 and 64 bit OS).

Category: Allows you to filter your search results down to the type of update

(e.g., critical, definition, feature packs, security, service packs, silverlight, update rollups and update).

4. From this listing, you can deny, ignore, remove, approve or install patches.

Deny: Highlight the patch(es) to deny. Right-click and select Set Deny

Patch or select Assign > Deny Selected Updates. Once denied, it will show

‘denied’ in the computer’s Patching tab.

Ignore: Highlight the patch(es) to ignore. Right-click and select Set Ignore

Patch or select Assign > Ignore Selected Updates. Once ignored, it will

show ‘ignore’ in the Computer’s Patching tab.

NOTE: You can also globally ignore a patch by right-clicking on the patch and

selecting Global Ignore. This will hide the patch from all screens and effectively remove the patch from the system. To remove from global ignore, go to the ‘Ignored Updates' listing and right-click in the Patch Manager window and select Global

Ignore Remove.

Remove. Highlight the patch(es) to remove. Right-click and select Set

Remove Patch or select Assign > Remove Selected Updates. This will

cause the patch to be uninstalled if it is already installed, only if the agent is attached to a WSUS server. Removing patches is not recommended. Once removed, it will show ‘remove’ in the Computer Patching tab.

Approve: Highlight the patch(es) to approve. Right-click and select Set

Approve Patch or select Approve > Approve Selected Updates. You can

also approve just the critical updates or all updates by selecting these options from the Approve menu. If the group is set to ‘Global’, the patch will be approved for all computers that you have permission to access. If a group is chosen, then all computers in that group will be approved.

NOTE: If you have automatic patching enabled, the approved patches will be

installed on the day specified. Automatic patching can be enabled by double-clicking on the client and going to the Info tab and selecting the Enable Patching checkbox and selecting the hotfix window. If you need to install the patch(es) immediately proceed to step 7 in the Using the Patch Manager for Groups section. Please note that if you have a fresh 2012 installation of LabTech, this will be different. Please refer to the Ignite documentation for more information.

Install: Highlight the patch(es) to install. Right-click and select Install Patch

Now or select Install > Selected Updates. You can also install just the

critical updates or all updates by selecting these options from the Install menu. By selecting install, an install command will be issued to install the patches now on the computer.

Using the Patch Manager for Groups

Group mode will approve and set the patch on the group selected and will only show patches on that group. It is important to note when approving or installing patches, if you are in global mode (Apply to: setting is set to ‘Global’, the selected patch(es) will be approved on all machines with LabTech agents, that you have permission to access, NOT a group.

(9)

TIP: You can limit the number of groups that appear in the Patch Manager to just

the original LabTech groups and a patching group, by assigning a group to the ‘Patching’ type. You can do this by right-clicking on a group and selecting Edit

Group. In the Group window, select ‘patching’ as the Type and click Save. Please

note that if this group has sub-groups, their type will also change to ‘patching’. For additional information, please see the Group Management documentation.

Additionally, you can set the Patch Manager to default to a specific group when opening by adding the property ‘DefaultPatchManagementGroup’ with the groupID as the value. Adding the property will also set the Listing Style to ‘Group Assigned Updates’. For more information, refer to the Properties documentation.

1. You can access the Patch Manager from the Control Center by clicking on Patch Manager from the main toolbar.

Figure 3: Menu—Patch Manager

2. Upon opening the Patch Manager, all missing updates will display by default.

Select the Listing Style from the drop-down list. The ‘Group Assigned Updates’ and ‘Group Unassigned Updates’ options are the only two options that will put you in group mode. All other options will keep you in computer mode.

3. If in group mode, select the desired group from the Apply to: drop-down. For

example, if you chose ‘Group Unassigned Updates’ from the Listing Style and chose ‘Windows Updates.Approved’ from the Apply to: drop-down it will display any unassigned updates for that particular group as shown by the following example.

IMPORTANT: It is important to note when approving or installing patches, if you are

in global mode (Apply to: setting is set to ‘Global’, the selected patch(es) will be approved on all machines with LabTech agents, that you have permission to access,

(10)

Figure 4: Sample Unassigned Group Updates

4. You can narrow your list down even further, if desired.

Operating System: Allows you to filter your search results down to the

operating system (e.g., show only operating systems Windows 2008 and 64 bit OS).

Category: Allows you to filter your search results down to the type of update

(e.g., critical, definition, feature packs, security, service packs, silverlight, update rollups and update).

5. You can deny, ignore, remove or clear updates by selecting the appropriate

patch and selecting the corresponding option from the Assign menu. The selected patch(es) will move from the ‘Group Unassigned Updates’ to the ‘Group Assigned Updates’ and the Group Approval column will display the appropriate assignment based on what you selected as shown by the following example.

NOTE: You can also globally ignore a patch by right-clicking on the patch and

selecting Global Ignore. This will hide the patch from all screens and effectively remove the patch from the system. To remove from global ignore, go to the ‘Ignored Updates' listing and right-click in the Patch Manager window and select Global

(11)

Figure 5: Patch Manager—Group Approval Denied

NOTE: To clear from the assigned updates if you made a mistake, select the

appropriate patch, and select Clear Selected Updates from the Assign menu. The patch will be moved back to the unassigned updates list.

6. The next step is to approve. There are a few different methods to approve

patches:

 Approve individually: To approve individually, right-click on each individual patch and select Approve.

 Approve Selected Updates: Highlight the patch(es) you want to approve and select Approve Selected Updates from the Approve menu.

 Approve All Critical Updates in List: To approve all patches that are critical as defined by Microsoft (security updates), select Approve All Critical Updates from the Approve menu.

 Approve All Updates in List: To approve all patches in the list, select

Approve All Updates in List from the Approve menu.

NOTE: If you have automatic patching enabled, the approved patches will be

installed on the day specified. Automatic patching can be enabled by double-clicking on the client and going to the Info tab and selecting the Enable Patching checkbox and selecting the patch window. If you need to install the patch(es) immediately proceed to step 7. Please note that if you have a fresh 2012 installation of LabTech, this will be different. Please refer to the Ignite documentation for more information.

7. The Install menu works the same way as the Approve menu, but issues an

install command to install the patches right NOW on the computer. If a group is selected then only the members of the group will be issued the install command. Remember, that if global is selected then it will attempt to install on all

computers.

Ignoring Patches

To ignore patches, right-click on a patch and select Set Ignore Patch. This will ignore the patch on the group level. If global is selected from the Apply to: it will ignore the patch for all computers that you have permission to access. If you are in group mode and you select Set Ignore Patch is selected, it will ignore the patch for that group.

(12)

The patch will not display in the current listing if the Hide Ignored Patches is selected from the Options menu. By default, Hide Ignored Patches will always be selected.

If Global Ignore is selected, it will ignore that patch for everything (all groups and all computers). If a patch has been globally ignored, the Global Ignore checkbox in the bottom half of the window will be selected. All globally ignored patches can be viewed under the ‘Ignored Updates’ Listing Style. Right-click on patch and select

Global Ignore Remove or uncheck the Global Ignore checkbox to remove the

global ignore.

Denying Patches

To deny patches, right-click on a patch and select Set Deny Patch. The patch is removed from the current listing. This is used to set the patch approval policy by denying a patch and not counting the patch as missing.

Removing Patch Approvals from Groups

When you select a patch, the patch information will display in the lower-half of the window, including the group that this patch has been applied to, if any. You can find the group in the lower right-hand corner of the screen. In the example shown below, this patch was applied to the Windows Updates. Approved group.

To remove this patch approval from this group, double-click on the group.

Figure 6: Patch Applied to Group

Applying Patches to Different Groups

When you select a patch, the patch information will display in the lower-half of the window, including the group that this patch has been applied to, if any. You can find the group in the lower right-hand corner of the screen. In the example shown below, this patch was applied to the Bronze service plan.

(13)

Figure 7: Patch Applied to Group

1. Right-click in the group box to select a different group. The list of groups will

display, select the desired group to apply this patch to. This will add the selected group to any groups already listed in this box as shown by the following example.

Figure 8: Applying Patch(es) to Multiple Groups

Copy Approval from One Group to Another

1. From the ‘Group Assigned Updates’, select the group you want to copy from the Apply To: drop-down. In this example, we want to copy the approval from the

(14)

Figure 9: Group Assigned Updates—Windows Updates.Approved Group

2. You will be prompted to reload the patch list. Click Yes. Figure 10: Reload Patch List

(15)

Figure 11: Copy Approval from One Group to Another

4. Click No when prompted to reload patch list with selected group.

5. Select Approve > All Updates in List. The settings will be applied to the

selected group.

Figure 12: Settings Applied to Patch

(16)

Figure 13: Approval Applied to Multiple Groups

The group you copied the approvals to will now show up in the Group box in the bottom half of the Patch Manager window as shown in the above example.

Daily Approval to an Update Group

1. From the ‘Group Unassigned Updates’, select the patch approval group you use (e.g., Windows Updates.Approved). This will display all updates that are detected on the computers and are NOT approved for this group.

(17)

Figure 14: Group Unassigned: Patch Approval Group

2. Select Approve > Critical Updates in List or Approve > All Updates in List

depending on your patch approval policies. You also have the option to go through the list and approve each patch manually after evaluating them.

TIP: By approving the critical or all updates the list should be empty when you are

done, and the next time you access this window you will only have new items to tend to.

Document Revision History

Date

Notes

04/07/ 2011 New in 2011 release

08/01/ 2011 Updated for 2011.2 release. Missing and Installed values will count for only the group members in a selected group. 03/19/2012 Updated for 2012. Added ‘DefaultPatchManagementGroup’

property information.

03/08/2013 Updated Remove Selected Updates to indicate that this is only applicable if the agent is attached to a WSUS server.

References

Download now ( PDF - 17 Page - 0.91 MB )

Related documents

VEX EVENT MANAGER USER GUIDE. March 15, 2015

1. Within Tournament Manager, open the Mobile Devices dialog via Tools->Mobile Devices 2. Right click on the device that owns the lock.. 3. Click Remove Lock.. Match

Operation Tools. S&C IntelliTeam CNMS Communication Network Management System. Table of Contents. Overview... 2 Tools. Section Page Section Page

Click Edit icon , or right click on the selected File Server and select Edit.. The Edit File Server

Tivoli Endpoint Manager for Patch Management - Windows - User's Guide

The Patches Overview dashboard displays a summary of patch information in your deployment through tables and graphs for all Tivoli Endpoint Manager patch solutions, not just

SOLARWINDS ORION. Patch Manager Evaluation Guide

SolarWinds Patch Manager extends native Microsoft Windows Server Update Services (WSUS) and Microsoft System Center Configuration Manager.. (ConfigMgr) functionality using an

Mapped Data Visualization and Summary

Click on the Shading Manager button (or right- click on the display and select Shading Manager) to pop-up the map legend editing window. Note that there are 7 contour intervals from

Installation instructions for the supplier VPN solution

3 In the Certificate snap-in window, select “My user account” and click “Finish”.. 4 In the Add or Remove Snap-in window select “Certificates” and click

Technical White Paper

Return to the IIS Manager (Server Manager > IIS > right-click the default server shown in the Servers section on the right side of the window, and select

5nine Manager for Hyper-V. Version 7.1

To remove any object from the 5nine Manager for Hyper-V tree, select the necessary object and click the (Delete) button on the main panel menu or use Edit → Remove Object menu