Next Topic

Previous Topic

Initial Update

Patch Mgmt > Initial Update

Initial Update is a one-time processing of all approved Microsoft patches applicable to a managed machine based on the Patch Approval policy. Initial Update ignores the Reboot Action policy and reboots the managed machine without warning the user as often as necessary until the machine has been brought up to the latest patch level. Initial Update should only be performed during non-business hours and is typically performed on newly added machines. See Methods of Updating Patches, Configuring Patch Management, Patch Processing and Patch Failure for a general description of patch management.

Note: The agent for the KServer is not displayed on this page. Initial Update cannot be used on the KServer.

Sequence of Updates

When a machine is scheduled, a patch scan is performed to ensure the latest scan results are available. Then updates are installed as required in successive groups in the following order:

  1. The Windows Installer.
  2. Operating system related service packs. 
  3. Non-security patches.
  4. Microsoft security patches (MSyy-xxx).  
  5. Office related service packs, when applicable. These may require a CD on the local machine.
  6. Office related patches, when applicable. These may require a CD on the local machine.

Note: Reboots are forced after each upgrade, service pack and at the end of each patch group without warning. This is necessary to permit the re-scan and installation of the subsequent groups of patches.

Scripting

Scripts can be configured to be executed just before an Initial Update begins and/or after completion. For example, you can run scripts to automate the preparation and setup of newly added machines before or after Initial Update. Use Patch Mgmt > Pre/Post Script to configure these scripts on a per-machine basis.

Schedule

Click Schedule to schedule a update of selected machine IDs using the schedule options previously selected.

Cancel

Click Cancel to clear a scheduled update.

Stagger by

You can distribute the load on your network by staggering this task. If you set this parameter to 5 minutes, then the scan on each machine ID is staggered by 5 minutes. For example, machine 1 runs at 10:00, machine 2 runs at 10:05, machine 3 runs at 10:10, ...

Skip if Machine Offline

Check to perform this task only at the scheduled time. If the machine is offline, skip and reschedule for the next day at the same time. Uncheck to perform this task as soon as the machine connects after the scheduled time.

Select All/Unselect All

Click the Select All link to check all rows on the page. Click the Unselect All link to uncheck all rows on the page.

Check-in status

These icons indicate the agent check-in status of each managed machine:

Agent has checked in

Agent has not recently checked in

Agent has never checked in

Online but waiting for first audit to complete

The agent is online but remote control is disabled

Machine ID.Group ID

The list of Machine ID.Group IDs displayed is based on the Machine ID / Group ID filter and the machine groups the administrator is authorized to see using System > Group Access.

Scheduled

This timestamp shows the scheduled Initial Update.

Updated

If checked, an Initial Update has been performed successfully on the machine ID.

Status

During processing, the Status column displays the following types of messages, if applicable:

  • Started
  • Processing Windows Installer
  • Processing operating system service packs
  • Processing non-security patches
  • Processing Microsoft security patches
  • Processing Office service packs
  • Processing Office patches

When all processing has been completed, the Status column displays either:

  • Completed - fully patched
  • Completed - remaining patches require manual processing

If the latter status displays, select the appropriate machine ID in Patch Mgmt > Machine Update to determine why all patches were not applied. Some patches might require manual install or for the user to be logged in. In the case of patch failures, manually schedule failed patches to be reapplied. Due to occasional conflicts between patches resulting from not rebooting after each individual patch, simply reapplying the patches typically resolves the failures.

Topic 2183: Send Feedback