Starting from 8.5 RU3, in addition to the general task creation way, you can also use a wizard to perform the following actions from patch management reports, Patch Remediation Center reports, or Resource Manager reports for a selected resource:
- Create one or both software update tasks (Windows Software Update Installation and Windows Software Update Assessment tasks) together with a client job that contains the tasks.
- Create one or both software update tasks separately, and then manually include the tasks into an existing client job.
Before you run a Windows Software Update Installation task, consider the following:
- The hierarchy and replication functionality is not supported for Windows Software Update Installation tasks and jobs that contain Windows Software Update Installation tasks.
- Target client computers can receive the Windows Software Update Installation task only after the required software updates are downloaded from vendors to the Notification Server computer and prepared for distribution (staged). Large update size can delay the actual start of update deployment on target client computers. To speed up the task delivery to target client computers, you can stage the required updates before you create the task.
- After a target client computer receives a Windows Software Update Installation task, the task waits until the software update plug-in has time to process the task separately from other software update cycles/policies and patch management tasks. For this reason, Symantec recommends that you limit the number of software update policies and patch management tasks that run on a target client computer at the same time.
- A Windows Software Update Installation task does not start update installation if a notification message is still pending from the previous software update cycle on a target client computer. To proceed with the task, the user needs to defer the pending restart.
- The Windows Software Update Installation task settings override all Default Software Update Plug-in Policy options, except for the notification options.
- The software update plug-in prevents computer restarts that this plug-in initiates and that are related to other patch processes while a Windows Software Update Installation task runs on a target client computer and until the update of the Symantec Management Agent configuration occurs.
Note that the following target client computer restarts are not suppressed and can cause failure of a Windows Software Update Installation task:
- Restarts that were initiated before the Windows Software Update Installation task starts running its software update cycle.
- Other restarts that are not initiated by the software update plug-in.
- If a Windows Software Update Installation task contains multiple updates that supersede each other, only superseding updates are installed.
- Upon a Windows Software Update Installation task completion, you can view the status of software update installation.
Sample client jobs with a Windows Software Update Installation task
A. If you want to disable the File Based Write Filter (FBWF) for Windows Embedded before software update installation, you can create a client job with the following tasks:
- A script task to disable the FBWF.
- A power control task to restart target client computers.
- A Windows Software Update Installation task to install software updates.
- A power control task to restart target client computers if required after software update installation.
Note: Depending on task configuration, you may need to add a condition to the power control task that is based on the Windows Software Update Installation task return codes 1 or 6.
- A script task to enable FBWF.
- A power control task to restart target client computers.
B. If you want to back up configuration file before software update installation, you can create a client job with the following tasks:
- A script task to back up a configuration file.
- A Windows Software Update Installation task to install software updates.
- A script task to restore a configuration file.
- A power control task to restart target client computers if required after software update installation.
Note: Depending on task configuration, you may need to add a condition to the power control task that is based on the Windows Software Update Installation task return codes 1 or 6.
C. If you want to perform an operating system back up before software update installation, you can create a client job with the following tasks:
- A script task to back up an operating system.
- A Windows Software Update Installation task to install software updates.
- A power control task to restart target client computers if required after software update installation.
Note: Depending on task configuration, you may need to add a condition to the power control task that is based on the Windows Software Update Installation task return codes 1 or 6.
- In the Symantec Management Console, on the Home menu, click Patch Management.
- On the Patch Management home page, in the left pane, expand Windows, and then under Compliance and Remediation, click the report that you want to view. For example, click Compliance by Update or Compliance by Bulletin.
- In the right pane, select the required update or the bulletin that contains the required update.
You can select multiple items while holding down the Shift or Ctrl key.
- Right-click the selected updates or bulletins, and then click Download Packages.
You can close the status dialog box or leave it open in a new window; the download continues in the background.
-
In the Symantec Management Console, on the Manage menu, click Jobs and Tasks.
-
In the left pane, right-click the folder where you want to create the task, and then click New > Task.
-
In the Create New Task dialog box, in the left pane, expand Software > Patch Management, and then click Windows Software Update Installation.
-
In the right pane, configure the following task options:
-
Software Updates Installation
Lets you select software updates that you want to install. The task must have at least one update selected.
Note: Symantec recommends that you limit the number of updates in the task. The more updates a single task contains, the longer timeout period the task requires.
-
Restart after updates installation
Lets you configure restart options for the task while the task runs and after the task completes installation of software updates.
-
Suppress restart during task execution
No restart of a target computer occurs even if the task contains one or many software updates that require computer restart. The task completes with success.
Note: You need to ensure that the computer gets restarted at some time. Otherwise the update installation stays unfinished and Patch Management Solution reports show the update as not installed.
You can analyze the task return codes to check if the restart is required.
You can also use a registry value to check the status of the update that is pending restart (such an update gets the status REBOOT_PENDING) as follows:
HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris
Agent\Patch Management
"RebootRequired"=1
Note: If you enable this option, and use a power control task in the same job, the option Restart computer only if it is pending reboot of the power control task cannot detect the REBOOT_PENDING status of the installed update. For this reason, you need to add a condition to the power control task that is based on the Windows Software Update Installation task return codes 1 and 6.
-
Restart if required at the end of task execution
If the task contains one or many software updates that require computer restart, a target computer is restarted once upon task completion.
If a single job contains multiple tasks with software updates that require computer restart, a target computer is restarted every time when such task completes.
-
(Optional) To specify the timeout period for the task and other task options, click Advanced, configure the options according to your needs, and then click OK.
Note: The task timeout period should not be less than the time that is required for update installation.
-
Click OK.
- In the Symantec Management Console, on the Home menu, click Patch Management.
- On the Patch Management home page, in the left pane, expand Windows, and then under Compliance and Remediation, click one of the following reports:
- Compliance by Update
- Compliance by Bulletin
- In the right pane, select the required update or the bulletin that contains the required update.
You can select multiple items while holding down the Shift or Ctrl key.
- Right-click the selected updates or bulletins, and then click one of the following actions:
- Create Software Update tasks only for selected updates
- Create Software Update tasks for all updates in bulletins
- In the dialog box, give a descriptive base name for the task(s) and job, specify the target folder, and under Create, select at least one software update task.
Note: Disable the option Client job that contains the selected task(s) if you want to create separate software update tasks, and then manually include the tasks into an existing client job.
- Click OK.
- In the dialog box, click the created task(s) or job, and then on the task or job page, configure the task(s) or job to run.
- In the Symantec Management Console, on the Manage menu, click Jobs and Tasks.
- In the left pane, navigate to the folder that contains the job with a Windows Software Update Installation task that you require and click the job.
- In the right pane, on the job page, click the task after which you want to add a condition, and then click New > Condition.
- In the Edit Condition dialog box, create a rule that defines next actions in the job depending on the Windows Software Update Installation task return codes.
Configure the Where clause of the rule as follows, and then click OK:
- In the first drop-down list, select Windows Software Update Installation - Return Value.
- In the second drop-down list, select the operation for the rule to perform.
For example, select Equals.
- In the third field, enter the Windows Software Update Installation task return code that is a condition for performing next actions on the task.
For example, if you enter the return code 1, the next actions in the job will occur under the following condition:
The Windows Software Update Installation task has successfully completed installation of all its updates, and target computer restart is required.
- On the job page, under the condition, add one or more tasks to run as a result of the condition.
- In the Symantec Management Console, on the Manage menu, click Jobs and Tasks.
- In the left pane, navigate to the folder that contains the Windows Software Update Installation task that you require and click the task.
For example, expand System Jobs and Tasks > Software > Patch Management > Windows Software Update Installation.
- In the right pane, view the status of installation tasks.
To view task status details and task instance details along with statuses of included updates, under Task Status, double-click a task, and then double-click the computer name that you require.
The task return codes let you analyze the task instance details.
For example, on the Task Instance Details page below, the task return code 0 means that the task is completed, the software update 7z1514.msi is successfully installed, target client computer restart is not needed.
Return code |
Description |
TASK_RESULT_POLICY_NOT_FOUND = -2 |
Task failed.
Internal task error occured.
|
TASK_RESULT_PLUGIN_NOT_FOUND = -1 |
Task failed for one of the following reasons:
- The software update plug-in is not found or its state is Not Ready.
- The user canceled the task.
|
TASK_RESULT_EXECUTED_ALL_SUCCESS = 0 |
Task succeeded.
All updates were successfully installed. Restart is not required.
|
TASK_RESULT_EXECUTED_ALL_SUCCESS_REBOOT_REQUIRED = 1 |
Task succeeded.
All updates were successfully installed. Restart is required. |
TASK_RESULT_NOTHING_TO_INSTALL = 3 |
Task succeeded.
No applicable updates are found, or all applicable updates are already installed. |
TASK_RESULT_NOTHING_TO_EXECUTE_DOWNLOAD_FAILED = 4 |
Task failed.
One of the updates is not ready (i.e., update package cannot be downloaded). |
TASK_RESULT_EXECUTED_SOME_FAILED = 5 |
Task failed.
Some updates failed to install. No updates required restart. |
TASK_RESULT_EXECUTED_SOME_FAILED_REBOOT_REQUIRED = 6 |
Task failed.
Some updates failed to install. Installed updates required restart.
|
TASK_RESULT_EXECUTED_ALL_FAILED = 7 |
Task failed.
All updates failed to install. |