First time setup for Patch Management Solution for Windows 7
Article ID: 181819
Patch Management Solution for Windows
Question What are the steps required to get Patch Management Solution 7 configured with basic settings and be able to be actively update computers?
Patch Management Solution Recommended initial work flow
Install the solution - This is accomplished through SIM as part of an initial installation. NOTE: if this is an upgrade\Migration look at the Patch Management Solution documentation and KB45539 for additional steps and processes that need to be evaluated.
Configure the core solution policy - From the menu bar select Settings> All Settings. In the left hand tree view select Software> Patch Management> ‘Patch Management Core Solution’. - Use this policy to add managed languages, set up custom severities and specify a location that the Updates will be downloaded to.
Configure the Microsoft specific configuration policy - From the menu bar select Settings> All Settings. In the left hand tree view select Software> Patch Management> Microsoft Settings> ‘Microsoft’ - There are many options available for this policy split out into three tabs (Software Update Options, Policy and Package Settings and Programs).Look at the options on all three tabs and make any desired changes.
Note:On the programs tab if the Agent Events options ‘Send Package Events’ and ‘Send Status Events’ are not checked some reports will not be able to display all data.
Configure the Microsoft Vulnerability Analysis Policy - From the menu bar select Settings> All Settings. In the left hand tree view select Software> Patch Management> Microsoft Settings> ‘Microsoft Vulnerability Analysis’. - This policy is used to gather the inventory from the client. The inventory then determines if an update is Applicable and currently Installed.This information used to populate the associated filters\targets allowing updates to only run on computers that require it. - Use this policy to define the desired target, scan interval and events to be sent
Download the PMImport cab file - From the menu bar select Manage> Jobs and Tasks.In the left hand tree view select System Jobs and Tasks> Software> Patch Management> ‘Microsoft Patch Management Import’. -This must run before Bulletins can be enabled and Updates rolled out. - The default schedule is not seen in the GUI but runs daily at 2:55 AM.Configure any desired settings and save the changes.
Install the Software Update Agent\Plug-in - From the menu bar select Settings> Agents/Plug-ins> All Agents/Plug-ins.In the left hand tree view select Software> Windows Software Update Agent> ‘Software Update Agent Install’. - Use this policy to define a schedule with the desired options and select the target it will be applied to.
Configure the Software Update Agent - From the menu bar select Settings> Agents/Plug-ins> All Agents/Plug-ins, In the left hand tree view select Agents/Plug-ins> Software> Windows Software Update Agent> Settings> ‘Default Software Update Agent Policy’. - Use this to configure the following. 1. Schedule time for updates to install on the client computers 2. Reboot options 3. Overrides of the Maintenance window settings 4. Notifications that can be displayed on the client computers.These also include options for the user to defer a reboot or to notify the user that a reboot will occur in a specified amount of time.
Stage bulletins and KB’s to be deployed - To access this page go to the menu bar and select Manage> Policies.In the tree view open Software> Patch Management> ‘Patch Remediation Center’ - Bulletins must be staged , this includes downloading the Bulletin to the Notification Server, creating the needed Packages, filters, command lines, associations etc that need to be created and defined. - To stage a bulletin either right click the desired bulletin and select ‘Stage’ from the menu or click the Actions drop down box and select ‘Stage’.
Create Software Update Policies to deploy the updates - To access this page go to the menu bar and select Manage> Policies.In the tree view open Software> Patch Management> Patch Remediation Center’. - Software Update Policies are used to distribute the updates to managed computers. - To deploy\distribute desired bulletins\updates either right click the desired bulletin\s and select ‘Software Update Policy Wizard’ from the menu or click the Actions drop down box and select ‘Software Update Policy Wizard’. Note: Multiple bulletins can be selected (See screen shot above)
Run reports to see the Compliance status, state of agent rollouts etc - See the screen shot below for the location of the reports and a list of the available reports.Each report has a description below the name and is described in more detail in the Patch Management user guide.