Assessing software updates with a Windows Software Update Assessment task

book

Article ID: 184954

calendar_today

Updated On:

Products

Patch Management Solution for Windows

Issue/Introduction

In addition to detection of applicable and installed software updates with Windows System Assessment Scan policy, Patch Management Solution lets you use a Windows Software Update Assessment task for update assessment. This feature is available starting from IT Management Suite version 8.5 RU3.

Resolution

The task assesses applicability of the selected single or multiple software updates, or all updates in the selected bulletin. The task detects if the updates are already installed on client computers. You can create and run a Windows Software Update Assessment task for a software update before you install the update with a Windows Software Update Installation task.

  • You can create a separate Windows Software Update Assessment task, and then manually sequence the task in a single client job with a Windows Software Update Installation task.
  • You can also use a wizard to perform the following actions from patch management reports, Patch Remediation Center reports, or Resource Manager reports for a selected resource:
    • Create one or both software update tasks (Windows Software Update Assessment and Windows Software Update Installation tasks) together with a client job that contains the tasks.
    • Create one or both software update tasks separately, and then manually include the tasks into an existing client job.


 

Comparison of Run System Assessment Scan on Windows Computers task and Windows Software Update Assessment task

Criteria Run System Assessment Scan on Windows Computers task Windows Software Update Assessment task
Update assessment. Assesses applicability of all imported updates. Assesses applicability of the selected single or multiple software updates, or all updates in the selected bulletin.
Compliance information. Updates patch management compliance reports located at Home > Patch Management > Windows. Updates a Windows Software Update Assessment task page with the task status details, task instance details, and statuses of included updates.
Interaction with a Windows Software Update Installation task. Cannot interact with a Windows Software Update Installation task in a single client job. Can be sequenced with a Windows Software Update Installation task and other pre- and post-installation tasks in a single client job


 

Before you run a Windows Software Update Assessment task, consider the following:

  • When you sequence a Windows Software Update Assessment task with a Windows Software Update Installation task in a single client job, ensure that you have selected the same updates in both tasks.
  • When you sequence a Windows Software Update Assessment task with other tasks in a single client job, you need to add a condition to the task that is based on return codes. You can view a return code in task instance details.
  • If you sequence the assessment and installation tasks in a single client job with other pre- and post-installation tasks, and the assessment task detects that the selected for installation update is not applicable or already installed, you can choose to skip the installation of the update and running the pre- and post-installation tasks on the client computers that have the updates already installed or not applicable.
  • Upon Windows Software Update Assessment task completion, you can view the status of software updates assessment on the Notification Server computer, in the Symantec Management Console, on the task page.
  • Updates that once have been added to a Windows Software Update Assessment task may be deleted by the Import Patch Data background task or after you change the list of vendors and products and choose to delete unselected updates.
    • If you have successfully run a Windows Software Update Assessment task for a list of updates, and later some update gets deleted, you can still view the assessment status that the update had upon the task completion. However, the message Update has been deleted replaces the deleted update name.
    • In the following scenario, the task fails to run with an error "Selected updates no longer exist":
      1. You create but not run a Windows Software Update Assessment task for a list of updates.
      2. Some update gets deleted.
      3. You try to run the task.
      To run the task, you need to remove the deleted update from the task and save the task.

 

Sample client job with a Windows Software Update Assessment task

If you want to perform an operating system back up before software update installation, you can create a client job with the following tasks:

  1. A Windows Software Update Assessment task to assess applicability of software updates and detect if the updates are already installed on client computers.
    Note: You need to add a condition to the task that is based on return codes.
  2. A script task to back up an operating system.
  3. A Windows Software Update Installation task to install software updates.
  4. A power control task to restart target client computers if required after software update installation.
    Note: Depending on Windows Software Update Installation task configuration, you may need to add a condition to the power control task that is based on the Windows Software Update Installation task return codes 1 or 6.

 

To create a Windows Software Update Assessment task

  1. In the Symantec Management Console, on the Manage menu, click Jobs and Tasks.
  2. In the left pane, right-click the folder where you want to create the task, and then click New > Task.
  3. In the Create New Task dialog box, in the left pane, expand Software > Patch Management, and then click Windows Software Update Assessment.
  4. In the right pane, configure the following task option:
  • Software Updates Assessment
    Lets you select software updates that you want to assess.
    The task must have at least one update selected.
  1. (Optional) To specify the timeout period for the task and other task options, click Advanced, configure the options according to your needs, and then click OK.
    Note: The task timeout period should not be less than the time that is required for update assessment.
  2. Click OK.

 

To create software update tasks from patch management reports

  1. In the Symantec Management Console, on the Home menu, click Patch Management.
  2. On the Patch Management home page, in the left pane, expand Windows, and then under Compliance and Remediation, click one of the following reports:
  • Compliance by Update
  • Compliance by Bulletin
  1. In the right pane, select the required update or the bulletin that contains the required update.
    You can select multiple items while holding down the Shift or Ctrl key.
  2. Right-click the selected updates or bulletins, and then click one of the following actions:
  • Create Software Update tasks only for selected updates
  • Create Software Update tasks for all updates in bulletins
  1. In the dialog box, give a descriptive base name for the task(s) and job, specify the target folder, and under Create, select at least one software update task.
    Note: Disable the option Client job that contains the selected task(s) if you want to create separate software update tasks, and then manually include the tasks into an existing client job.
  2. Click OK.
  3. In the dialog box, click the created task(s) or job, and then on the task or job page, configure the task(s) or job to run.

 

To add a condition to a Windows Software Update Assessment task in a job based on return codes

  1. In the Symantec Management Console, on the Manage menu, click Jobs and Tasks.

  2. In the left pane, navigate to the folder that contains the job with a Windows Software Update Assessment task that you require and click the job.

  3. In the right pane, on the job page, click the task after which you want to add a condition, and then click New > Condition.

  4. In the Edit Condition dialog box, create a rule that defines next actions in the job depending on the Windows Software Update Assessment task return codes.
    Configure the Where clause of the rule as follows, and then click OK:

    1. In the first drop-down list, select Windows Software Update Assessment - Return Value.

    2. In the second drop-down list, select the operation for the rule to perform.
      For example, select Equals.

    3. In the third field, enter the Windows Software Update Assessment task return code that is a condition for performing next actions on the task.

For example, if you enter the return code 0 or 1, the next actions in the job will occur under the following condition:
The Windows Software Update Assessment task has successfully completed assessment of all its updates, some applicable updates are detected as not installed, and (code 1) target computer restart is required.

  1. On the  job page, under the condition, add one or more tasks to run as a result of the condition.



     

To view the status of software updates assessment

  1. In the Symantec Management Console, on the Manage menu, click Jobs and Tasks.
  2. In the left pane, navigate to the folder that contains the Windows Software Update Assessment task that you require and click the task.
    For example, expand System Jobs and Tasks > Software > Patch Management > Windows Software Update Assessment.
  3. In the right pane, view the status of assessment tasks.
    To view task status details and task instance details along with statuses of included updates, under Task Status, double-click a  task, and then double-click the computer name that you require.
    The task return codes let you analyze the task instance details.

 

Windows Software Update Assessment task return codes

Return code Description
 -1

Task failed for one of the following reasons:

  • The user canceled the task.
  • An internal error occurred.
  • Selected updates no longer exist.
  • Count of product license is exceeded.
  • A client computer has the software update plug-in version prior to 8.5.4200.
 0

Task succeeded.
Some applicable updates are not installed.

 1 Task succeeded.
Some applicable updates are not installed. Restart is required.
 2 Task succeeded.
Updates are not applicable or already installed.
Note: To prevent double installation of updates, the return code 2 also appears if installation of an update is in progress at the time of assessment.
 3 Task succeeded.
Updates are not applicable or already installed. Restart is required.

Note: Restart is required means that some applicable update requires restart and at the time of assessment the restart has not happened yet. After restart, the update state may change. To receive final assessment results, do restart, and then run the Windows Software Update Assessment task again.

Attachments