Patch Management - How To's

1. How do I automate the patch-deployment process?

To automate the patch deployment process, follow the steps given below:

  1. Define the scope of management to include the computers that you want to manage using Desktop Central
  2. Configure the proxy server settings to download the patches from vendor Web sites
  3. Schedule an interval for a vulnerability update to synchronize the details of the latest patches that are made available by vendors
  4. Schedule the frequency to scan the computers in the network to:
    • Access the vulnerability database
    • Deploy the relevant patches
  5. Automate the patch-deployment process by selecting the Automate Patch Deployment option from the Patch Settings section
  6. Configure the mail server settings to be notified when the patches are deployed

You have automated the patch-deployment process.

Questions

2. How do I view the details of the latest patches and the missing patches in the computers in my network?

Before you view the details of the latest and missing patches in the computers in your network you have to scan them. To scan the computers in your network, follow the steps given below:

  1. Define the scope of management to include the computers that you want to manage using Desktop Central
  2. Configure the proxy server settings to download the patches from vendor Web sites
  3. Schedule an interval for a vulnerability update to synchronize the details of the latest patches that are made available by vendors

    Note: You can synchronize vulnerability data manually by using the Sync Now link available in the Vulnerability DB Update Details section on the Patch Mgmt home page.

  4. Scan the computers to identify missing patches. Follow the steps given below:
    1. Click the Patch Mgmt tab
    2. In the View Systems section, click Scan Systems
    3. On the Scan Systems page, select the computers you want to scan
    4. Click Scan Systems

You can now view the latest and missing patches.

Viewing Details of Latest and Missing Patches in Computers

To view the latest and missing patches, follow the steps given below:

Viewing Latest Patches

  1. Click the Patch Mgmt tab
  2. In the View Patches section, click Latest Patches

You can now view the latest patches.

Viewing Missing Patches

  1. Click the Patch Mgmt tab
  2. In the View Patches section, click Missing Patches

You can now view the missing patches.

You have viewed the details of the latest and missing patches in computers in your network.

Questions

3. How do detect the vulnerable systems in the network?

Before you view the health status of all the computers in your network you have to scan them. To scan the computers in your network, follow the steps given below:

  1. Define the scope of management to include the computers that you want to manage using Desktop Central
  2. Configure the proxy server settings to download the patches from vendor Web sites
  3. Schedule an interval for a vulnerability update to synchronize the details of the latest patches that are made available by vendors

    Note: You can synchronize vulnerability data manually by using the Sync Now link available in the Vulnerability DB Update Details section on the Patch Mgmt home page.

  4. Scan the computers to identify missing patches. Follow the steps given below:
    1. Click the Patch Mgmt tab
    2. In the View Systems section, click Scan Systems
    3. On the Scan Systems page, select the computers you want to scan
    4. Click Scan Systems

You can now view the health status of all the computers you are managing.

Viewing the Health Status of Computers

To view the health status of all the computers in your network, follow the steps given below:

  1. Click the Patch Mgmt tab
  2. In the View Systems section, click All Managed Systems
  3. In the System Health Summary section, you can view details of the health of all the computers in your network

You have viewed the health status of all the computers in your network.

Questions

4. How do I install a security update manually?

Before you install a security update, you must determine which patches are missing. After you determine which patches are missing you can deploy either all the patches that are missing in a specific computer or specific patches that are missing, in all the affected computers.

Installing Missing Patches in Specific Computers

To install missing patches in specific computers, follow the steps given below:

  1. Click Patch Mgmt
  2. In the View Systems section, click Highly Vulnerable
  3. Select a specific computer
  4. Click Deploy Missing Patch

    Note: You can view the details of missing patches by clickin on the patch count in the Missing Patches column.

  5. Create a configuration to deploy the missing patches. Follow the steps given below:
    1. Enter a name and description for the configuration
    2. Select the required deployment settings
    3. Choose a target
    4. Make the required execution settings
  6. Click Deploy

You have deployed a configuration to install all the missing patches in a specific computer. The settings will reflect in the client computers during the agent's 90-minute refresh cycle, during startup or during logon whichever takes place earlier.

Installing Specific Missing Patches in Affected Computers

To install specific missing patches in affected computers, follow the steps given below:

  1. Click Patch Mgmt
  2. In the View Patches section, click Missing Patches
  3. Select specific patches that are missing
  4. Click Install Patches
  5. Create a configuration to deploy the missing patches. Follow the steps given below:
    1. Enter a name and description for the configuration
    2. Select the required deployment settings
    3. Choose the affected computers as targets
    4. Make the required execution settings
  6. Click Deploy

You have deployed a configuration to install specific missing patches in affected computers. The settings will reflect in the client computers during the agent's 90-minute refresh cycle, during startup or during logon whichever takes place earlier.

Questions

5. How do I download patches manually and enter them in a configuration created to install patches?

To download patches manually and enter them in a configuration, follow the steps given below:

  1. Click the Patch Mgmt tab
  2. In the View Patches section, click All Supported Patches
  3. Select specific patches from the table
  4. Click Download Patches
  5. Rename the patches using the <PatchID-PatchName> format
  6. Copy the downloaded patches to the computer on which Desktop Central is installed <Install_dir>/DesktopCentral_Server/webapps/DesktopCentral/store directory.

    Note: This directory is called the Patch Store. If this directory is not there create it and copy the patches into it. You can change the location of this store from the Downloaded Patches view.

You have downloaded specific patches. You can now created a configuration to deploy them.

Creating a Configuration to Deploy Patches

  1. Click the Patch Mgmt tab
  2. In the Deployment section, click Install Patch
  3. Enter a name and description for the configuration
  4. Click Add More Patches
  5. Select specific patches
  6. Click OK
  7. Make the required deployment settings
  8. Choose specific targets
  9. Make the required execution settings
  10. Click Deploy

You have created a configuration, manually added specific patches and deployed the configuration. The settings will reflect in the client computers during the agent's 90-minute refresh cycle, during startup or during logon whichever takes place earlier.