Manage Patches on Multiple Devices through the Patch Management for Windows Workflow

The Patch Management for Windows Workflow provides a consolidated process for handling patches on multiple devices. This dialog lists all patches discovered across all of servers and workstations running Patch Management for Windows. As the number of entries may easily stretch to tens of thousands, we have included both dialog and column filters to assist in the identification and management of these patches to provide a more targeted view.

Once configured, this patch policy setting is applied to any instance of the patch (both now and in the future) that matches the selected Entity criteria.

Settings Menu

  1. Log into the Dashboard
  2. Go to Settings > Patch Management > Management Workflow

Patches tab

  1. Log into the Dashboard
  2. Select the device in the North-pane
  3. Go to its Patches tab
  4. Select one or more patches
  5. Click the Management Workflow button

The Management Workflow dialog opens with these patches pre-selected.

Filter the selection or Choose Patch Action.

Filter results and select Patches

  1. Use the filters to return information on the target patch(es):
  2. Filters Notes


    The Patch name search supports partial string searches and returns those patches that contain an element of the entered string in their name.

    Please note that the returned results are based on the Date and Filter by Status selection with the search immediately applied.


    Choose the patch Release Date range to display from: Last 24 hours | Last 7 days | Last 3 months | Last 6 months | Last year | All time

    Client or Site Display Patches for the selected Clients and Sites.

    Filter by Status

    Return patches that meet the selected Status criteria with this setting immediately applied:

      State Description
    Missing A patch available for the device and awaiting approval for installation
    Pending Patch was approved and awaiting manual or scheduled installation
    Installing Patch currently installing
    Installed Patch successfully installed. The Date Installed is populated where the patch was deployed via Patch Management
    Failed Patch installation unsuccessful on a small number of occasions an unreported reboot may be required to complete an installation.
    Ignored Patch available for the device, but marked as Ignored. Ignored patches are not listed as missing in future Patch Checks on this server or workstation.
    Reboot Required Patch installed but requires a reboot to complete the installation process
    Filter by Classification

    Choose whether to filter based on Classification of the patch:

    Select one or more from:

    Critical Updates Security Updates Definition Updates Updates
    Service Packs Update Rollups Drivers Tools
    Feature Packs Upgrades Other Vendor
    Filter by Device Type Choose whether to filter based on whether the patches apply to servers and/or workstations.

    Apply filters

    Display the patch information based on the filter selection

    Reset filters

    Remove all filters and return to the defaults. Date: Last Month | Filter by Status: Missing

  3. Click on the link pm_vendor (where available) to visit the vendor's site for more information on a patch
  4. Click Apply filters to view the results or Reset filters to remove all filters and return to the defaults. Date: Last Month | Filter by Status: Missing
  5. Use the Columns drop-down to refine the results, providing the required information to make a considered patch selection
  6. Click on the left-column link (where available) to visit the vendor's site for more information on a patch.
  7. Multi-select the patches (Shift and left-click for a range, Control and left-click for specific patches)
  8. Choose Patch Action

  9. After selecting the Patches click Proceed to continue
  10. Select the required action:
  11. Patch Option Description
    Approve Authorizes the patch for installation at the next scheduled installation time
    Ignore Applied to patches that explicitly are not to be installed. When a patch is ignored, it is not identified on the Dashboard or Reports as missing.

    Reasons for ignoring a patch include those circumstances where its installation is known to cause issues, the patch is outside of the Client's service contract or where installing the patch would have licensing implications for the product.

    Do Nothing Sets the patch to NOT have any Patch Approval Action apply to it. The patch status will instead reflect what is set in the applied Patch Management for Windows Policy.
    Reprocess Failed Where problems were experienced installing a patch it is marked as Failed in the South-pane. Selecting a Failed patch brings up the additional option to Reprocess Failed, which will attempt to install the patch again during the next installation cycle (either scheduled or manual).
    Uninstall Only available for Microsoft patches with Yes in the Uninstallable column.

    Supports the removal of up to ten patches at any one time. For more information on patch removal please refer to the section Uninstall Microsoft Patches.

    Visit Patch Approval Actions for information on the patch approval hierarchy.

  12. Click Next
  13. Select the device type Servers and/or Workstations as well as the Client and Site combination to apply the Patch action to
  14. This dialogue allows you to quickly view the current Server and Workstation action statuses for the selected Patches. The New Status column dynamically updates based on the Client and Site selection to reflect the impact of any changes.

  15. For Ignore, Do Nothing, Reprocess Failed and Uninstall patch actions click Apply
  16. For the Approve patch action click Next and choose when to install the patch
    • Use existing schedule (for information, the current schedule is displayed)
    • Schedule for a new time 
      • Now
      • Set a new Schedule Does not replace schedule set in the active policy.
    • All patches with a Pending status will be installed on the schedule set.

  17. Configure the installation time and patch reboot behavior. Enter the password of the account you have logged into the Dashboard under to confirm this action.
  18. Close to exit the dialog

The scheduled time refers to the local time of the computer the Agent is installed on. Please take this into consideration where your Dashboard contains Clients, Sites or Devices in different timezones, to ensure Patches are not installed at an inappropriate time. One suggestion is to set a custom Installation Schedule at the Client, Site or Device level based on their timezone.