Setting up automatic detect and deploy actions consists of the following workflow:
• |
Identify critical patches: Create a patch Smart Label to automatically identify critical patches for laptops. See Using Smart Labels for patching. |
• |
Schedule Detect actions: Create and run a schedule to periodically detect critical patches on laptops. See Configuring patch schedules. |
• |
Schedule Deploy actions: Create and run a schedule to periodically deploy critical patches on laptops. See Configuring patch schedules. |
• |
Check patching status: Periodically check patching status using reports and the patch. See Viewing patch schedules, status, and reports. |
• |
Notify users: Notify users of the patching schedule. You can notify users by sending email and other messaging services outside the appliance Administrator Console. See "Notify users when devices are being patched" in Best practices for patching. |
You can configure the appliance to install non-critical patches according to a schedule.
To schedule non-critical patches:
• |
Detect patches: Create a patching schedule to detect patches on all devices to determine the size of the patching job. See Configuring patch schedules. |
• |
Inactivate patches: If there are patches you do not want to deploy, mark them as Inactive. |
• |
Test patches: Create a schedule to detect and deploy patches to your test devices. See Configuring patch schedules. |
• |
Identify patches for desktops and servers: Create a patch Smart Label to automatically capture the patches to deploy on servers. See Using Smart Labels for patching. |
• |
Check patching status: Periodically check the patching status. See Viewing patch schedules, status, and reports. |
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
On the Patch Management panel, in the Schedules section, click Detect, Deploy, Rollback missing patches. |
d. |
▪ |
▪ |
To edit an existing schedule, click the schedule name in the list, then on the Patch Schedule Summary page that appears, click Edit. |
2. |
In the Schedule Detail wizard, in the General Information tab, specify the general details for this schedule. |
A name that identifies the schedule. This name appears on the Patch Schedules page. | |
3. |
4. |
The action associated with the patch schedule.
The following actions are available:
◦ |
Detect: Detects patches that are installed on, or missing from, managed devices. Detect-only actions are recommended when the Patch Download Settings are configured to download only . Running a detect-only action before the deploy creates a list of patch files to download before deployment begins. |
◦ |
Detect and Stage: Detects patches that are installed or missing from managed devices, and downloads patch files to the agent device for later deployment. |
◦ |
Detect and Deploy: Detects and deploys patches to managed devices. These types of actions are used when managing desktops and servers. Detect and Deploy patching jobs require a connection between the device and the appliance; they do not run offline. For more information about messaging protocol connections, see Configure Agent communication and log settings. |
◦ |
Detect, Stage and On-demand Deploy: Detects patches that are installed or missing from managed devices, downloads patch files to the agent device, and causes the Windows system tray on the agent device to alert the user that the patches are ready for deployment. The user can then initiate the deployment process at their convenience. |
▪ |
The Agent Status Icon On Device option must be enabled in the agent communication settings. You can find these settings on the Organization Detail page, under Communication and Agent Settings (if one or more Organization components are enabled), or on the Communication Settings page (if you do not have an Organization component). For more information, see Configure Agent communication and log settings. |
◦ |
Deploy: Deploys applicable patches to managed devices. This is useful when you know that specific patches need to be deployed to managed devices. A final Detect job runs either after the patch is deployed or, if a reboot is required, after the device reboots and the Agent reconnects to the appliance. |
◦ |
Detect and Rollback: Detects and removes unwanted patches from managed devices. Rollbacks may not be available for some patches. See Determine whether a patch can be rolled back. |
◦ |
Rollback: Removes unwanted patches from managed devices. Rollbacks may not be available for some patches. See Determine whether a patch can be rolled back. |
5. |
Detect, Detect and Stage, Detect and Deploy, Detect, Stage and On-demand Deploy, Detect and Rollback schedules only. On the Action page, in the Detect section, specify the detection options for the schedule. |
Detect all available patches. This process can take a long time. Also, it might detect patches for software that is not installed on, or required by, managed devices. For example, if managed devices use anti-virus applications from only one vendor, you might not need to detect patches for all anti-virus vendors. All Patches, however, detects all missing patches regardless of whether they are required by managed devices. To refine patch detection, set up labels for the patches you want to detect, then use the Patch Labels option. | |||||
To use this option, you must already have Smart Labels for the applicable patches. See Using Smart Labels for patching. | |||||
| |||||
The amount of time, in hours, for the patching action to complete. |
6. |
Detect and Deploy, Detect, Stage and On-demand Deploy, and Deploy schedules only. In the Deploy section, specify the detection options for the schedule. |
To use this option, you must already have Smart Labels for the applicable patches. See Using Smart Labels for patching. | |||||
| |||||
The amount of time, in hours, for the patching action to complete. |
7. |
Detect and Rollback and Rollback schedules only. In the Rollback tab, specify the rollback options for the schedule. |
To use this option, you must already have Smart Labels for the applicable patches. See Using Smart Labels for patching. | |||||
| |||||
The amount of time, in hours, for the patching action to complete. |
8. |
Detect, Stage and On-demand Deploy schedules only. In the OnDemand Deployment Timeout Settings section, specify the deployment timeout option for the Detect, Stage and On-demand Deploy schedule. |
9. |
10. |
To use this option, you must already have Smart Labels for the applicable patches. See Using Smart Labels for patching. | |||||
Run patch actions on the devices that you select.
| |||||
|
11. |
12. |
Detect and Deploy, Deploy, Detect and Rollback, and Rollback schedules only. On the Notification page, configure the notification options for the schedule. |
13. |
14. |
The options for rebooting the managed device:
| |||||||
Automatically reboot the managed device if no users are logged in. | |||||||
The message to be displayed to the user before the device reboots. For information about adding a custom logo to the message dialog, see Configure appliance General Settings with the Organization component enabled. | |||||||
The amount of time, in minutes, for the dialog to be displayed before an action is performed. If this time period elapses without the user pressing a button, the appliance performs the action specified in the Timeout drop-down list. When Force Reboot is selected, the timeout behavior takes into consideration the KUSerAlert and global KACE Agent process timeouts. The global timeout, set through the Agent and Communication Settings section, always determines how long any agent-launched processes can run for, including the KUserAlert timeout. For example, if the KUserAlert timeout is set to two hours, and you set the global timeout to one hour, the agent will stop the KUserAlert because it runs too long. Therefore the global timeout must be set to the desired timeout that is longer than the KUserAlert timeout. This value must be set accordingly. For more information about agent settings, see Configure Agent communication and log settings. | |||||||
The action to be performed when the Timeout period elapses without the user choosing an option. | |||||||
Postpone the reboot using a countdown. The countdown is in minutes. | |||||||
The number of prompts the user receives before the device reboots. For example, if you enter a value of 5, the device automatically reboots the fifth time the user receives the reboot prompt. In other words, the user can delay the reboot only four times if the Number of prompts value is set to 5. | |||||||
The time that elapses before the user is reprompted to reboot. |
15. |
16. |
Run daily at a specified time, or run on a designated day of the week at a specified time. | |||||||||||
Run on the nth of every month/specific month at HH:MM |
Run on the nth day every month, (for example, the first or the second) day of every month, or a specific month, at the specified time. | ||||||||||
Run on the nth weekday of every month/specific month at HH:MM |
Run on the specific weekday of every month, or a specific month, at the specified time. | ||||||||||
Run according to a custom schedule. Use standard 5-field cron format (extended cron format is not supported): Use the following when specifying values:
| |||||||||||
Click to view the task schedule. The Task Schedule dialog box displays a list of scheduled. Click a task to review the task details. For more information, see View task schedules. | |||||||||||
The timezone to use when scheduling the action. Select Server to use the timezone of the appliance. Select Agent to use the timezone of the managed device. | |||||||||||
The time limit for patching actions. For example, if you schedule patches to run at 04:00, you might want all patching actions to stop at 07:00 to prevent bandwidth issues when users start work. To do so, you could specify 180 in the minutes box. |
17. |
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Termini di utilizzo Privacy Cookie Preference Center