Patch Management Workflow

The Patch Management Workflow provides a consolidated process for handling patches on multiple devices. This dialog lists all patches discovered across all of servers and workstations running Patch Management. As the number of entries may easily stretch to tens of thousands, we have included both dialog and column filters to assist in the identification and management of these patches to provide a more targeted view.

Once configured, this patch policy setting is applied to any instance of the patch (both now and in the future) that matches the selected Entity criteria.

Settings Menu

  1. Log into the Dashboard.
  2. Go to Settings > Patch Management > Management Workflow.

Patches tab

  1. Log into the Dashboard.
  2. Select the device in the north pane.
  3. Go to its Patches tab.
  4. Select one or more patches.
  5. Click the Management Workflow button.

The Management Workflow dialog opens with these patches pre-selected.

Filter the selection or Choose Patch Action.

Dashboard 2020.01.20 introduced the ability to access the Management Workflow dialog directly from the Patches Tab. Previously this button opened the Approval Policy dialog.

Filter results and select Patches

  1. Use the filters to return information on the target patch(es):
  2. Filters Notes

    Search

    The Patch name search supports partial string searches and returns those patches that contain an element of the entered string in their name.

    Please note that the returned results are based on the Date and Filter by Status selection with the search immediately applied.

    Date

    Choose the patch Release Date range to display from: Last 24 hours | Last 7 days | Last 3 months | Last 6 months | Last year | All time

    Client or Site Display Patches for the selected Clients and Sites.

    Filter by Status

    Return patches that meet the selected Status criteria with this setting immediately applied:

    patch_missing_icon

    Missing

    A patch is available for the device and awaiting approval for installation

    patch_pending_icon

    Pending

    Patch was approved and is awaiting manual or scheduled installation

    patch_installing_icon

    Installing

    Patch is currently being installed

    patch_installed_icon

    Installed

    Patch was successfully installed.

    The Date Installed is populated where the patch was deployed via Patch Management

    patch_failed_icon

    Failed

    Installation of the patch was not completed successfully.

    On a small number of occasions a reboot may be required to complete this installation.

    patch_ignored_icon

    Ignored

    A patch is available for the device, but was marked as Ignored. Ignored patches are not listed as missing in future Patch Status Scan checks on this server or workstation.

    patch_reboot_icon

    Reboot Required

    A patch was installed but requires a reboot to complete the installation process

    Filter by Device Type Choose whether to filter based on whether the patches apply to servers and/or workstations.

    Apply filters

    Display the patch information based on the filter selection

    Reset filters

    Remove all filters and return to the defaults. Date: Last Month | Filter by Status: Missing

  3. Click on the link pm_vendor (where available) to visit the vendor's site for more information on a patch.
  4. Click Apply filters to view the results or Reset filters to remove all filters and return to the defaults. Date: Last Month | Filter by Status: Missing.
  5. Use the Columns drop-down to refine the results, providing the required information to make a considered patch selection.
  6. Click on the left-column link (where available) to visit the vendor's site for more information on a patch.
  7. Multi-select the patches (Shift and left-click for a range, Control and left-click for specific patches).
  8. Choose Patch Action

  9. After selecting the Patches click Proceed to continue
  10. Select the required action:
  11. Approve

    Approve the patch for deployment at the next installation time.

    Ignore

    Do not list the patch as missing in future Patch Status Checks.

    Do Nothing

    Indicates that you are aware of the patch but do not intend to immediately Approve it for installation.

    One example of using Do Nothing is where a Critical Operating System update is available, but due to it's potential system impact you wish to delay the roll-out until the update is fully tested internally. Once satisfied, change the action to Approve to install the patch.

    Reprocess Failed

    Attempt to reinstall the patch where the previous installation was reported as failed.

    Uninstall

    Only available for Microsoft patches with Yes in the Uninstallable column where the device is running Agent 10.2.0 or later.

    Supports the removal of up to ten patches at any one time. For more information on patch removal please refer to the section Uninstall Microsoft Patches.

    Visit Patch Approval Actions for information on the patch approval hierarchy.

  12. Click Next.
  13. Select the device type Servers and/or Workstations as well as the Client and Site combination to apply the Patch action to.
  14. This dialogue allows you to quickly view the current Server and Workstation action statuses for the selected Patches. The New Status column dynamically updates based on the Client and Site selection to reflect the impact of any changes.

    From Dashboard 2020.02.12 the Inherit option is only selectable in the Approval Policy dialog for multiple devices.

  15. For Ignore, Do Nothing, Reprocess Failed and Uninstall patch actions click Apply.
  16. For the Approve patch action click Next and choose when to install the patch.
    • Use existing schedule (for information, the current schedule is displayed).
    • Schedule for a new time, configure the installation time and patch reboot behavior. Enter the password of the account you have logged into the Dashboard under to confirm this action. The Schedule for a new time setting is only applied to the patch on this device and takes precedence over the existing installation schedule.
  17. Close to exit the dialog

The scheduled time refers to the local time of the computer the Agent is installed on. Please take this into consideration where your Dashboard contains Clients, Sites or Devices in different timezones, to ensure Patches are not installed at an inappropriate time. One suggestion is to set a custom Installation Schedule at the Client, Site or Device level based on their timezone.