Manage Patches on Individual Devices through the Patches tab
Patch Management for Windows retrieves the device's installed and available patches then uploads this information to the Dashboard where it is displayed in the device's Patches tab.
All patches display their current installation state along with their Severity, Patch Name, Product, Date Installed (if installed by Patch Management for Windows), and whether they are Installable or Uninstallable.
Patch Installation States
| State | Description | |
|---|---|---|
|
Missing | A patch available for the device and awaiting approval for installation. |
|
Pending | Patch was approved and awaiting manual or scheduled installation. |
|
Installing | Patch currently installing. |
|
Installed | Patch successfully installed. The Date Installed is populated where the patch was deployed via Patch Management. |
|
Failed | Patch installation unsuccessful on a small number of occasions an unreported reboot may be required to complete an installation. |
|
Ignored | Patch available for the device, but marked as Ignored. Ignored patches are not listed as missing in future Patch Checks on this server or workstation. |
|
Reboot Required | Patch installed but requires a reboot to complete the installation process. |
Installable and Uninstallable
The majority of patches detected by Patch Management for Windows are programmatically deployable, however there are some families of patches that are not installable via automated means. The Installable column is used to indicate whether a patch can be installed by Patch Management for Windows (Installable = Yes) or whether manual intervention is required to install the patch (Installable = No).
Some Microsoft patches support a rollback option with this indicated under the Uninstallable. This uninstall option is supported by the Windows Agent.
Patch Information
Double-click on a patch in the South-pane to view detailed information (where available):
| Section | Description |
|---|---|
| General | Patch Name | Status | Vendor | Product | More Information (link to vendor site) |
| Details | Classification | Severity | Bulletin ID | Release Date | Major Version | Installable | Uninstallable |
| Last Installation Failure (where available) | Occurrence | Status | Reason |
| Across this Client | Devices where this patch is missing | Devices where this patch is installed | Devices where this patch is ignored |
In addition to displaying details on the patch, this dialog also includes action options to specify how the patch is handled on the device. Choose from: Approve | Ignore | Do Nothing.
Patch Action at the Device Level
Device level actions are configurable for a specific device via its Patches tab. Once approved the selected patches are installed based on the Installation Schedule or via the manual deployment option.
- Go to the Patches tab.
- Use multi-select to choose the target patches (Shift and left-click for a range or Control and left-click for specific patches).
- Right click on one of the selection from the Patch drop-down.
- Select the required option. For example Approve.
| Patch Option | Description |
|---|---|
| Approve | Authorizes the patch for installation at the next scheduled installation time. |
| Ignore |
Applied to patches that explicitly are not to be installed. When a patch is ignored, it is not identified in the All Devices view or Reports as missing. Reasons for ignoring a patch include those circumstances where its installation is known to cause issues, the patch is outside of the Client's service contract or where installing the patch would have licensing implications for the product. |
| Do Nothing | Sets the patch to NOT have any Patch Approval Action apply to it. The patch status will instead reflect what is set in the applied Patch Management for Windows Policy. |
| Reprocess Failed | Where problems were experienced installing a patch it is marked as Failed in the South-pane. Selecting a Failed patch brings up the additional option to Reprocess Failed, which will attempt to install the patch again during the next installation cycle (either scheduled or manual). |
| Uninstall | Only available for Microsoft patches with Yes in the Uninstallable column. Supports the removal of up to ten patches at any one time. For more information on patch removal please refer to the section Uninstall Microsoft Patches. |
Where the patch requires a reboot to complete its installation, this is indicated in the Device's Summary tab and Reboot required column in the North-pane. If a reboot is not configured as part of the Installation Schedule, it may be initiated directly from the Dashboard using Reboot Now or Later
Patch Approval and Installation
In the Approve Patch dialog, you can determine when the patch is installed.
- Select the required patch(es) in the Patches tab, right-click the selection and select Approve
- Choose when to install the patch;
- Use existing schedule (for information, the current schedule is displayed)
- Schedule for a new time
- Now
- Set a new Schedule Does not replace schedule set in the active policy.
- Configure the installation time and patch reboot behavior, and click Approve.
- Enter the password of the account you have logged into the Dashboard under to confirm this action.
- Close to exit the dialog
The Schedule for a new time setting is only applies to this device.
All patches with a Pending status will be installed on the schedule set.
The scheduled time refers to the local time of the computer the Agent is installed on. Please take this into consideration where your Dashboard contains Clients, Sites or Devices in different timezones, to ensure Patches are not installed at an inappropriate time. One suggestion is to set a custom Installation Schedule at the Client, Site or Device level based on their timezone.
