Patch update through ITCM is not happening if "Windows update Service "disabled on agent machine. Does this service required for installing the patches using patch manager ?

book

Article ID: 15605

calendar_today

Updated On:

Products

CA Automation Suite for Data Centers - Configuration Automation CA Client Automation - Asset Management CA Client Automation - IT Client Manager CA Client Automation CA Client Automation - Remote Control CA Client Automation - Asset Intelligence CA Client Automation - Desktop Migration Manager CA Client Automation - Patch Manager

Issue/Introduction



Patch update through ITCM is not happening if "Windows update Service" disabled on agent machine. Does this service required for installing the patches using patch manager ? 

Environment

Release: UASIT.99000-12.9-Asset Intelligence
Component:

Resolution

Since Vista the MS OS patches (.msu) are installed by Wusa.exe. 

As you can see from this doc Wusa needs access to the "Windows Update Agent API" 

What you actually need to make sure is that the Service "Windows Update" is started. The description of this service states 

Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API. 

Windows Update itself can be configured to "Never Check for updates (not recommended)" and as long as that service is running Wusa can still apply .msu patches to the OS. I recommend you enforce this in Group Policy as well as enforcing that service is started and this will prevent you from