Download LabTech today!

LabTech Support

 

Important Message about LabTech Software's Online Documentation!

Please be advised that the online documentation for LabTech 2013 and later resides at http://docs.labtechsoftware.com/documentation/. The documentation below is only applicable to LabTech 2012 and will not be maintained moving forward.

Patch Manager

Was this information helpful?
(0 votes)
  1. Overview
  2. Using the Patch Manager
  3. Using the Patch Manager for Groups
    1. Ignoring Patches
    2. Denying Patches
    3. Removing Patch Approvals from Groups
    4. Applying Patches to Different Groups
    5. Copy Approval from One Group to Another
    6. Daily Approval to an Update Group
  4. Document Revision History

Overview

The Patch Manager simplifies the patching process: automatically discovering new updates, detecting missing patches and allowing you to approve and install them in an efficient manner.  

The Patch Manager has two functional levels:  one for groups and one for computers.  Group mode will approve and set the patch on the group selected and it will only show patches on that group.  In computer mode, you will see the computers and can approve patches directly to that machine. 


tip icon TIP:You can set the Patch Manager to default to a specific group when opening by adding the property 'DefaultPatchManagementGroup' with the groupID as the value.  Adding the property will also set the Listing Style to 'Group Assigned Updates'.  For more information, refer to the Properties documentation.

Figure 1: Patch Manager

Fig01 5.50.159Patchmanager


Important! IMPORTANT: It is important to note when approving or installing patches, if you are in global mode (the Apply to: setting is set to 'Global'), the selected patch(es) will be approved on all machines with LabTech agents that you have permission to access, NOT a group.   

Table 1: Field/Menu Options

Option Description
Listing Style
Missing Updates Shows all patches that are missing from one of the computers you have permission to access. 
Missing Critical Updates Shows all patches that have any severity level and is missing from one of the computers you have permission to access. 
Detected Updates Shows only patches for computers that you have permission to access.  For example, if you do not have access to any Windows 2000 machines, you will not see any patches for Windows 2000. 
Detected Critical Updates Shows all critical patches (as defined by Microsoft) that have been installed on computers that you have permission to access and were not installed by LabTech.
All Updates Shows all available patches except detected and ignored patches, if those options are enabled in the Options list. 
Ignored Updates Shows all globally ignored patches and will be excluded from all reports.
Unapproved Detected Updates Shows all patches that are detected on computers you have permission to access, that have not been approved to any group.    
Unapproved Detected Critical Updates Shows all critical patches (as defined by Microsoft) that are detected on computers you have permission to access, that have not been approved to any group.    
Unapproved Updates Shows all unapproved patches that have not been approved to any group.   The difference between 'unapproved detected' and 'unapproved', is 'unapproved detected' will only display unapproved patches for computers that you are responsible for.  The 'unapproved' will show all updates regardless of OS.
Group Assigned Updates Shows all updates for the selected group that have been assigned (e.g., approved to install, denied, ignored, etc.)
Group Unassigned Updates Shows all updates for the selected group that have not been assigned yet.
Operating System
Windows 7,Windows Vista, Windows 2008, Windows 2003, Windows XP, 32 Bit OS,
64 Bit OS
You can filter the list of updates based on operating system.  Click on each operating system (a check mark will display) to show that it is included in the filter.  Remove the checkmark to eliminate from the filter. 
Category
CAPICOM, Critical Updates, Definition Updates, Drivers, Exchange Server, Expression Web 3, Feature Packs, Microsoft Lync, Microsoft Online Services Sign-In Asst., Office, Office Communications Server, Office Communicator, Report Viewer, Security Updates, Service Packs, Update Rollups, Updates You can filter the list of updates based on the category.  Click on each category (a check mark will display) to show that it is included in the filter.  Remove the checkmark to eliminate from the filter.
Options
Detected Patches Will not display detected patches by default. To view detected patches, select 'Detected Updates' from the Listing Style drop-down or if you want to see detected patches for your current listing, remove the checkmark from the Detected Patches option.  Returns to the default when Patch Manager window is closed.
Hide Ignored Patches Will not display ignored patches by default.  To view ignored patches, select 'Ignored Updates' from the Listing Style drop-down or if you want to see ignored patches for your current listing, remove the checkmark from the Hide Ignored Patches option. 
Refresh Group Detection If you change from group to group, use this to refresh the listing. 
Show Missing Automatically Enable this to automatically load update information in the lower half of the screen (e.g., groups, computer missing updates, etc.).  Otherwise, use the Show Missing button to display this information. 
Show Only Security Patches Enable this to automatically display only security patches.
Apply to:
Apply to: Choose from the drop-down list to apply patch based on groups that are set up or globally to apply to all clients, in all groups, for all machines that the logged in user has access to.  It is important to note that the 'global' option while in group mode, will apply directly to the machine not the group.
Approve
Selected Updates This will approve all selected (highlighted) patches selected in the window. 
Security Updates in List Security Updates in List will only approve those patches with a category of 'Security Updates'
All Updates in List This will approve all patches in the list.  If the entire list is 15 pages, it will approve all. 
Assign
Deny Selected Updates This will deny all selected (highlighted) patches to the selected group or globally. 
Ignored Selected Updates This will ignore all selected (highlighted) patches to the selected group or globally.    
Remove Selected Updates This will attempt to remove selected (highlighted) patches from the machines in the selected group or globally, if the update has been installed.  This is only applicable if the agent is attached to WSUS server.
Clear Selected Updates This will remove any setting on that group or globally, effectively clearing the setting.
Install
Selected Updates Installs the selected updates to the selected group or globally.
Security Updates in List Installs only the updates that have the category 'Security Updates' to the selected group or globally.
All Updates in List Installs all updates in the list to the selected group or globally.
Column Descriptions (top half of window)
KB Article Displays the KB article number.  Click on the magnifying glass to view the details of the article.
Title Displays the patch title.
Category Displays the category the patch is associated with (e.g., security updates, feature packs, updates, etc.)
Missing Update Shows you the number of agents that are missing the update.  These values will only count for the group members in the selected group. 
Updates Installed Displays the number of updates that have been installed. These values will only count for the group members in the selected group.  
Group Approval Displays the group approval status (e.g., install, remove, denied or ignored) on the Group Assigned Updates or the All Updates listing.  A global status of 'not applicable' indicates that global is selected instead of a group.
Severity Displays the severity of the patch based on Microsoft's determination.
Operating System Displays the operating system the selected patch affects.
Date Discovered Displays the date that Microsoft released the patch.
Viewing Options (top half of window)
No Filter You can apply additional filters to the data by selected the desired criteria from the No Filter button. Select the appropriate filter to apply, a checkmark will display to the left of the option and then click the No Filter button.  The text will change to 'Filtered' to indicate that the data has been filtered. Click again to show all data. 
Search The search feature allows you to search all patches for any criteria (e.g., OS, partial description, severity, etc.).  Wildcard search is set by default to allow for wildcards at the beginning and end of your search criteria. You can also set your search to search all columns and to clear the search field when finished by selecting the desired option from the pull-down.
Clear Clears the search criteria and returns the default data.
Refresh The refresh button will only refresh the listing after performing a search and clearing the search criteria.  For refreshing group information after changing from group to group, use the Refresh Group Detection under the Options menu.
Options The page size can be modified to show more or less updates on a page.  You can change the number using your keyboard (not the number keypad). 
The auto refresh option can be set for the data to auto-refresh every 30 seconds up to 10 minutes. 
List Settings allow you to set the default settings, to save or clear your custom settings when closing the Patch Manager
Export all to Excel will export the data to an .xls file to be opened by Excel. 
Column Descriptions (bottom half of window)
KB ID Displays the ID of the KB article.
Title Displays the patch title associated to the KB article.
Description Displays the description of the patch.
OS Displays the operating system the selected patch affects.
Category Displays the category the patch is associated with (e.g., security updates, feature packs, updates, etc.)
Severity Displays the severity of the patch based on Microsoft's determination.
Update Type Displays the type of update that the patch is (e.g., software update, driver update, etc.)
Uninstallable Will display yes or no, on whether the patch can be uninstalled once it is installed.
Date Added Displays the date that Labtech added the patch.
Group window This is the white box in the lower right-hand side of the screen.  This will show all groups that the selected patch is approved for.  You can double-click to remove this group or right-click to select a new group to apply this patch to. 
Globally Ignore If this checkbox is selected, the selected patch is on the global ignore list.  
Show Missing If Show Missing Automatically is not enabled under the Options (top half of screen), click the Show Missing button to show the computers that are missing the selected patch.  This will only show computers that have you permission to access.  
Show All Show all will show all of the computers that are missing the selected patch or that have been detected for computers that you have permission to access. 
Location Displays the location of the computer that is missing the patch.  Double-click to open the Computer screen for the selected computer.
Computer Displays the computer name of the computer that is missing the patch.
Update Approved Displays yes or no based on whether the patch has been approved. 
Update Installed Displays yes or no based on whether the patch has been installed.
Date Detected Displays the date that LabTech detected the patch. 
Update Day Displays the day that automatic patching takes place.  If automatic patching is disabled, this will be indicated. 

Using the Patch Manager

Initially, when you open the Patch Manager, it will show all missing updates for at least one computer that you have permission to access unless you have set the default patch management group.  If an update is missing for more than one computer that you have permission to access, you will see the actual number of the missing updates. 


Tip TIP: You can set the Patch Manager to default to a specific group when opening by adding the property 'DefaultPatchManagementGroup' with the groupID as the value.  Adding the property will also set the Listing Style to 'Group Assigned Updates'.  For more information, refer to the Properties documentation.

  1. You can access the Patch Manager from the Control Center by clicking on Patch Manager from the main toolbar or if you are using the navigation menus, by clicking on Patch Management.
    Figure 2: Menu - Patch Manager
    Fig02 5.50.159Patchmanager

    Note NOTE: The list will be sorted by the patch that is missing the most. 

  2. Select the Listing Style from the drop-down list.  The 'Group Assigned Updates' and 'Group Unassigned Updates' options are the only two options that will put you in group mode.  All other options will list patches pertaining to the computers in the system (computer mode).  To use group mode, refer to the Using the Patch Manager for Groups section. 
  3. You can narrow your list down even further, if desired. 
    • Operating System:  Allows you to filter your search results down to the operating system (e.g., show only operating systems Windows 2008 and 64 bit OS).
    • Category: Allows you to filter your search results down to the type of update (e.g., critical, definition, feature packs, security, service packs, silverlight, update rollups and update).
  4. From this listing, you can deny, ignore, remove, approve or install patches. 
    • Deny:  Highlight the patch(es) to deny.  Right-click and select Set Deny Patch or select Assign > Deny Selected Updates. Once denied, it will show 'denied' in the computer's Patching tab. 
    • Ignore:  Highlight the patch(es) to ignore.  Right-click and select Set Ignore Patch or select Assign > Ignore Selected Updates.  Once ignored, it will show 'ignore' in the Computer's Patching tab. 

Note NOTE: You can also globally ignore a patch by right-clicking on the patch and selecting Global Ignore.  This will hide the patch from all screens and effectively remove the patch from the system.  To remove from global ignore, go to the 'Ignored Updates' listing and right-click in the Patch Manager window and select Global Ignore Remove.

    • Remove.  Highlight the patch(es) to remove.  Right-click and select Set Remove Patch or select Assign > Remove Selected Updates. This will cause the patch to be uninstalled if it is already installed, only if the agent is attached to a WSUS server. Removing patches is not recommended. Once removed, it will show ‘remove’ in the Computer Patching tab.
    • Approve:  Highlight the patch(es) to approve.  Right-click and select Set Approve Patch or select Approve > Approve Selected Updates.  You can also approve just the critical updates or all updates by selecting these options from the Approve menu.  If the group is set to 'Global', the patch will be approved for all computers that you have permission to access.  If a group is chosen, then all computers in that group will be approved.

Note NOTE: If you have automatic patching enabled, the approved patches will be installed on the day specified.  Automatic patching can be enabled by double-clicking on the client and going to the Info tab and selecting the Enable Patching checkbox and selecting the hotfix window. If you need to install the patch(es) immediately proceed to step 7 in the Using the Patch Manager for Groups section. Please note that if you have a fresh 2012 installation of LabTech, this will be different. Please refer to the Ignite documentation for more information. 

    • Install:  Highlight the patch(es) to install.  Right-click and select Install Patch Now or select Install > Selected Updates.  You can also install just the critical updates or all updates by selecting these options from the Install menu.  By selecting install, an install command will be issued to install the patches now on the computer. 

Using the Patch Manager for Groups

Group mode will approve and set the patch on the group selected and will only show patches on that group.  It is important to note when approving or installing patches, if you are in global mode (Apply to: setting is set to 'Global', the selected patch(es) will be approved on all machines with LabTech agents, that you have permission to access, NOT a group.   


Tip TIP: You can limit the number of groups that appear in the Patch Manager to just the original LabTech groups and a patching group, by assigning a group to the 'Patching' type.  You can do this by right-clicking on a group and selecting Edit Group.  In the Group window, select 'patching' as the Type and click Save. Please note that if this group has sub-groups, their type will also change to 'patching'.   For additional information, please see the Group Management documentation. Additionally, you can set the Patch Manager to default to a specific group when opening by adding the property 'DefaultPatchManagementGroup' with the groupID as the value.  Adding the property will also set the Listing Style to 'Group Assigned Updates'.  For more information, refer to the Properties documentation.

  1. You can access the Patch Manager from the Control Center by clicking on Patch Manager from the main toolbar.  
    Figure 3: Menu - Patch Manager
    Fig03 5.50.159Patchmanager
  2. Upon opening the Patch Manager, all missing updates will display by default. Select the Listing Style from the drop-down list.  The 'Group Assigned Updates' and 'Group Unassigned Updates' options are the only two options that will put you in group mode.  All other options will keep you in computer mode.
  3. If in group mode, select the desired group from the Apply to: drop-down.  For example, if you chose 'Group Unassigned Updates' from the Listing Style and chose 'Windows Updates.Approved' from the Apply to: drop-down it will display any unassigned updates for that particular group as shown by the following example. 
    Important! IMPORTANT: It is important to note when approving or installing patches, if you are in global mode (Apply to: setting is set to 'Global', the selected patch(es) will be approved on all machines with LabTech agents, that you have permission to access, NOT a group.   

    Figure 4: Sample Unassigned Group Updates
    Fig04 5.50.159Patchmanager
  4. You can narrow your list down even further, if desired. 
    • Operating System:  Allows you to filter your search results down to the operating system (e.g., show only operating systems Windows 2008 and 64 bit OS).
    • Category: Allows you to filter your search results down to the type of update (e.g., critical, definition, feature packs, security, service packs, silverlight, update rollups and update).
  5. You can deny, ignore, remove or clear updates by selecting the appropriate patch and selecting the corresponding option from the Assign menu.  The selected patch(es) will move from the 'Group Unassigned Updates' to the 'Group Assigned Updates' and the Group Approval column will display the appropriate assignment based on what you selected as shown by the following example. 
    Note NOTE: You can also globally ignore a patch by right-clicking on the patch and selecting Global Ignore.  This will hide the patch from all screens and effectively remove the patch from the system.  To remove from global ignore, go to the 'Ignored Updates' listing and right-click in the Patch Manager window and select Global Ignore Remove.

    Figure 5: Patch Manager - Group Approval Denied
    Fig05 5.50.159Patchmanager

    Note NOTE: To clear from the assigned updates if you made a mistake, select the appropriate patch, and select Clear Selected Updates from the Assign menu.   The patch will be moved back to the unassigned updates list.

  6. The next step is to approve.  There are a few different methods to approve patches: 
    • Approve individually: To approve individually, right-click on each individual patch and select Approve
    • Approve Selected Updates:  Highlight the patch(es) you want to approve and select Approve Selected Updates from the Approve menu.
    • Approve All Critical Updates in List: To approve all patches that are critical as defined by Microsoft (security updates), select Approve All Critical Updates from the Approve menu.
    • Approve All Updates in List: To approve all patches in the list, select Approve All Updates in List from the Approve menu. 

    Note NOTE: If you have automatic patching enabled, the approved patches will be installed on the day specified.  Automatic patching can be enabled by double-clicking on the client and going to the Info tab and selecting the Enable Patching checkbox and selecting the patch window. If you need to install the patch(es) immediately proceed to step 7.  Please note that if you have a fresh 2012 installation of LabTech, this will be different. Please refer to the Ignite documentation for more information. 

  7. The Install menu works the same way as the Approve menu, but issues an install command to install the patches right NOW on the computer.  If a group is selected then only the members of the group will be issued the install command.  Remember, that if global is selected then it will attempt to install on all computers.

Ignoring Patches

To ignore patches, right-click on a patch and select Set Ignore Patch.  This will ignore the patch on the group level.  If global is selected from the Apply to:  it will ignore the patch for all computers that you have permission to access.  If you are in group mode and you select Set Ignore Patch is selected, it will ignore the patch for that group.  

The patch will not display in the current listing if the Hide Ignored Patches is selected from the Options menu.  By default, Hide Ignored Patches will always be selected.

If Global Ignore is selected, it will ignore that patch for everything (all groups and all computers).  If a patch has been globally ignored, the Global Ignore checkbox in the bottom half of the window will be selected.  All globally ignored patches can be viewed under the 'Ignored Updates' Listing Style.  Right-click on patch and select Global Ignore Remove or uncheck the Global Ignore checkbox to remove the global ignore.

Denying Patches

To deny patches, right-click on a patch and select Set Deny Patch.  The patch is removed from the current listing.  This is used to set the patch approval policy by denying a patch and not counting the patch as missing. 

Removing Patch Approvals from Groups

When you select a patch, the patch information will display in the lower-half of the window, including the group that this patch has been applied to, if any.  You can find the group in the lower right-hand corner of the screen.  In the example shown below, this patch was applied to the Windows Updates. Approved group. 

To remove this patch approval from this group, double-click on the group. 

Figure 6:  Patch Applied to Group

Fig06 5.50.159Patchmanager

Applying Patches to Different Groups

When you select a patch, the patch information will display in the lower-half of the window, including the group that this patch has been applied to, if any.  You can find the group in the lower right-hand corner of the screen.  In the example shown below, this patch was applied to the Bronze service plan. 

Figure 7:  Patch Applied to Group

Fig07 5.50.159Patchmanager

  1. Right-click in the group box to select a different group.  The list of groups will display, select the desired group to apply this patch to.  This will add the selected group to any groups already listed in this box as shown by the following example. 

Figure 8:  Applying Patch(es) to Multiple Groups

Fig08 5.50.159Patchmanager

Copy Approval from One Group to Another

  1. From the 'Group Assigned Updates', select the group you want to copy from the Apply To: drop-down.  In this example, we want to copy the approval from the 'Windows Updates.Approved' group.
    Figure 9: Group Assigned Updates - Windows Updates.Approved Group
    Fig09 5.50.159Patchmanager
  2. You will be prompted to reload the patch list.  Click Yes.
    Figure 10: Reload Patch List
    Fig10 5.50.159Patchmanager
  3. Select the group you want to copy TO. 
    Figure 11: Copy Approval from One Group to Another
    Fig11 5.50.159Patchmanager
  4. Click No when prompted to reload patch list with selected group.
  5. Select Approve > All Updates in List.  The settings will be applied to the selected group.
    Figure 12: Settings Applied to Patch
    Fig12 5.50.159Patchmanager
  6. Click OK to close this message.
    Figure 13:  Approval Applied to Multiple Groups
    Fig13 5.50.159Patchmanager
    The group you copied the approvals to will now show up in the Group box in the bottom half of the Patch Manager window as shown in the above example. 

Daily Approval to an Update Group

  1. From the 'Group Unassigned Updates', select the patch approval group you use (e.g., Windows Updates.Approved).  This will display all updates that are detected on the computers and are NOT approved for this group. 
    Figure 14:  Group Unassigned: Patch Approval Group
    Fig14 5.50.159Patchmanager
  2. Select Approve > Critical Updates in List or Approve > All Updates in List depending on your patch approval policies. You also have the option to go through the list and approve each patch manually after evaluating them. 

Tip TIP: By approving the critical or all updates the list should be empty when you are done, and the next time you access this window you will only have new items to tend to. 

Document Revision History

Date Notes
04/07/ 2011 New in 2011 release
08/01/ 2011 Updated for 2011.2 release.  Missing and Installed values will count for only the group members in a selected group. 
03/19/2012 Updated for 2012.  Added 'DefaultPatchManagementGroup' property information.
03/07/2013 Updated Remove Selected Updates to indicate that this is only applicable if the agent is attached to a WSUS server.

Bonnie Whitmire Approved

Last modified on Thursday, 07 March 2013 15:18
There are currently no Video for this item
There are currently no Blueprint for this item
There are currently no Related Materials for this item
Comments (0)Add Comment

Write comment

busy

Awards

inc 500

2013 Inc. 500│5000

XChange Xcellence
Award 2013: Best Service-Based Solution

Business Solutions Best Channel Vendor 2012: Managed Services

IT Nation Partners' Choice Awards 2011: Outstanding Software Solution