Enable and apply Patch Management for Windows Policies
Patch Management for Windows is configurable across multiple devices (on all servers and workstations or servers and workstations at specific clients and sites) or on individual computers.
As part of the Patch Management for Windows deployment, a Patch Status Check (Scan) is automatically added to the device.
Migrating from the manual Patch Management for Windows settings configuration to Patch Management for Windows Feature Policy is a single direction process.
When using the Patch Management for Windows Feature Policies for an entity (at device type, Client, Site or specific Device level) you cannot go back to manually configuring its Patch Management for Windows Settings.
The Patch Management for Windows engine takes administrative control of Windows Update to download files and install the patches.
As Patch Management for Windows controls this function, it cannot co-exist in the same environment as WSUS. Where both products are in use on the same device, conflicts can occur between Patch Management and WSUS, with Patch Management for Windows altering the registry to ensure WSUS will not attempt to download and install updates on its own.
Examples of the amended Registry strings include:
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU UseWUServer "WUServer"="servername:8530" "WUStatusServer"="servername:8530"
Multiple Devices
Servers and workstations inherit their configuration from the site, which will in turn inherits from the client, which will in turn inherits the default configuration for all servers and workstations.
- Log into the Dashboard
- Go to Settings > Patch Management > Settings
- Select the Entity type to apply the configuration to (all servers and workstations or servers and workstations at specific clients and sites)
- Green - Enabled for all devices under that entity including device level settings
- Grey - Disabled on at least one device under that entity including device level settings
- Orange – A child entities has a different configuration to the parent. If a Client only has one Site, its status indicator reflects that of the Site.
- Choose the Setting from On, Off or Use Parent (only for Client or Site)
- Tick Use Patch Management policies (Recommended)
- Select the relevant default or custom policy from the drop-down. Where workstations are selected, you can select different policies for desktops and laptops
- OK to save and apply
Feature status indicators (colored dots) in the Settings dialog indicate if the feature is enabled or disabled at the entity level, and whether devices under an entity have the same settings:
For more information, see Feature and Functionality Settings Icons.
Setting: On - Select the Patch Management for Windows Configuration Method
Please be aware that if you select Patch Management Feature Policy, you can select a different policy but you cannot switch to manual configuration. For new Dashboard accounts only Patch Management Feature Policy is available.
Individual Device
You can enable Patch Management for Windows for specific servers and workstations, for example to exclude the device from the default entity policy or only apply Patch Management for Windows on certain computers.
Once selected device level settings take precedence over those set at the policy level. Where the device settings have changed, to place the device back under policy control please select Use Policy Settings
- Log into the Dashboard
-
Right-click on the device in the North-pane (or from the Edit Server, Workstation or Device drop-down)
- Go to Edit <Device Type> and Patch Management
- Choose the Setting from On, Off or Use Parent (only for Client or Site)
-
Setting: On - Select the Patch Management for Windows Configuration Method
- Tick Use Patch Management policies (Recommended)
- Select the relevant default or custom policy from the drop-down. Where workstations are selected, you can select different policies for desktops and laptops
- OK to save and apply
If you select Patch Management Feature Policy, you can select a different policy but you cannot switch to manual configuration.