Remote Monitoring & Management Help

Enable and apply Patch Management Policies

Patch Management is configurable across multiple devices (on all servers and workstations or servers and workstations at specific clients and sites) or on individual computers.

As part of the Patch Management deployment, a Patch Status Check (Scan) is automatically added to the device.

To ensure you are made aware of any problems with the Patch Management Windows Service, for device's using the LanGuard engine from 10.3.4 to 10.8.0 RC, we include a GFI LanGuard Attendant Service Windows Service Check by default.

Migrating from the manual Patch Management settings configuration to Patch Management Feature Policy is a single direction process.

Once using Patch Management Feature Policies for an entity (at device type, Client, Site or specific Device level) you cannot go back to manually configuring its Patch Management Settings.

The Patch Management engine included from Windows Monitoring Agent 10.8.0 RC takes administrative control of Windows Update to download files and install the patches.

As Patch Management controls this function, it cannot co-exist in the same environment as WSUS. Where both products are in use on the same device, conflicts can occur between Patch Management and WSUS, with Patch Management altering the registry to ensure WSUS will not attempt to download and install updates on its own.

Examples of the amended Registry strings include:

HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU UseWUServer
"WUServer"="servername:8530"
"WUStatusServer"="servername:8530"

Multiple Devices

Servers and workstations inherit their configuration from the site, which will in turn inherits from the client, which will in turn inherits the default configuration for all servers and workstations.

  1. Log into the Dashboard
  2. Go to Settings > Patch Management > Settings
  3. Select the Entity type to apply the configuration to (all servers and workstations or servers and workstations at specific clients and sites)
  4. We use dots in the Settings dialog to make it easier to spot if the feature is enabled or disabled at the entity level, and whether devices under an entity have the same settings.

     

    • Green - Feature or functionality enabled for all devices under that entity. This includes device level settings
    • Gray - Feature or functionality disabled on at least one device under that entity. This includes device level settings
    • Orange – One of the child entities has a different configuration to the parent. Where a Client only has one Site, its status indicator reflects that of the Site.

    For further information on each of these states, please refer to Feature and Functionality Settings Iconography.

  5. Choose the Setting from On, Off or Use Parent (only for Client or Site)
  6. Setting: On - Select the Patch Management Configuration Method

    Please be aware that if you select Patch Management Feature Policy, you can select a different policy but you cannot switch to manual configuration. For new Dashboard accounts only Patch Management Feature Policy is available.

    1. Tick Use Patch Management policies (Recommended)
    2. Select the relevant default or custom policy from the drop-down. Where workstations are selected, you can select different policies for desktops and laptops
  7. OK to save and apply

Individual Device

You can enable Patch Management for specific servers and workstations, for example to exclude the device from the default entity policy or only apply Patch Management on certain computers.

Once selected device level settings take precedence over those set at the policy level. Where the device settings have changed, to place the device back under policy control please select Use Policy Settings

  1. Log into the Dashboard
  2. Right-click on the device in the north pane (or from the Edit Server, Workstation or Device drop-down)

  3. Go to Edit <Device Type> and Patch Management
  4. Choose the Setting from On, Off or Use Parent (only for Client or Site)
  5. Setting: On - Select the Patch Management Configuration Method

  6. If you select Patch Management Feature Policy, you can select a different policy but you cannot switch to manual configuration.

    1. Tick Use Patch Management policies (Recommended)
    2. Select the relevant default or custom policy from the drop-down. Where workstations are selected, you can select different policies for desktops and laptops
  7. OK to save and apply