The patch profile is a collection of Patch Management configuration options that determine how a device interacts with Patch Manager and the Windows update server. With a profile, you can apply similar settings across devices and even across multiple customers or sites.
For more information, see Patch Management profiles.
Windows Update Access
N-able N-central does not block the Windows Update API from functioning with the Windows Update Access options when creating a patch profile. The options do limit the availability of the Windows Update UI for users to interact with.
The three options are:
Allowed for all User accounts and Applications - All users have access to the missing patches icon that appears in the Taskbar tray. N-able N-central does not add any restrictions to this.
Limited to Administrators and applications only - Only administrators have access to the missing patches icon that appears in the Taskbar tray, and blocked for standard users. This does not block the Windows Update API from functioning however.
Restricted to MSP N-central activity only - Suppresses the missing patches icon that appears in the Taskbar tray and blocks the Windows Update Agent. This does not completely prevent Windows Update from functioning, it only blocks the Windows update GUI access for local users.
Use this option if you are using a typical weekly patch schedule. It will briefly open access to Windows Update for Administrators and Applications while N-able N-central performs patch related tasks such as installs, new patch detections and daily asset scans. Access will last between five minutes and an hour or more depending on the activity being performed.
N-able recommends that you schedule patch activity outside of customer core hours as much as possible to avoid this situation.
How to Create a Patch Management Profile
- Click Configuration > Patch Management.
- Scroll down to the Patch Profiles section.
- Click Manage Patch Profiles, then click Add.
- Complete the profile options.
- When Pop-Up Messages appear, select to alert users. The agent can display messages to the user, alerting them that there are patches to be installed and giving them the opportunity to install them sooner.
- Set the Patch Detection Method. Select how Patch Manager scans for Windows updates, either a full online scan using standard Windows Update scanning, or offline scan if the device does not have Internet access. For more information, see Offline Patching.
- Enable the Automatically Wake Up System for Patch Installation option to ensure that devices that are in sleep or hibernation mode can receive scheduled updates.
Windows must be configured to allow Wake Timers. This can be achieved by navigation to the Advanced Power Options and enabling Allow Wake Timers. Ensure the device wakes a few minutes before the maintenance window.
You can also set the Run Missed Install Window When Device Comes Back Online time. This ensures that Patch Manager installs missed patches when a device has missed its scheduled install time, either because it was turned off, or in sleep mode.
- If you disable the Force Missed Patch Installation on Boot option, if the patch being installed requires a reboot to complete, it will do so rather than follow any reboot windows. For example, with certain Windows updates. For more information, see the Support Knowledge Base article Device Rebooting Outside of Patch Maintenance Window.
- Select a Windows Update Access option.
This implementation does not cover Modern Standby mode as it does not generate standard Power Events.
The new profile will be available to apply to a device and when creating a patch rule.