Initial Update

Patch Mgmt > Initial Update

Initial Update is a one-time processing of all approved Microsoft patches applicable to a managed machine based on Patch Policy. Initial Update ignores the Reboot Action policy and reboots the managed machine without warning the user as often as necessary until the machine has been brought up to the latest patch level. Initial Update should only be performed during non-business hours and is typically performed on newly added machines. See Methods of Updating Patches, Configuring Patch Management, Patch Processing, Update Classification and Patch Failure for a general description of patch management.

Note: The agent for the KServer is not displayed on this page. Initial Update cannot be used on the KServer.

Sequence of Updates

When a machine is scheduled, a patch scan is performed to ensure the latest scan results are available. Then updates are installed as required in successive groups in the following order:

1. The Windows Installer.
2. Operating system related service packs. 
3. Non-security patches.
4. Microsoft security patches (MSyy-xxx).  
5. Office related service packs, when applicable. These may require a CD on the local machine.
6. Office related patches, when applicable. These may require a CD on the local machine.

Note: Reboots are forced after each upgrade, service pack and at the end of each patch group without warning. This is necessary to permit the re-scan and installation of the subsequent groups of patches.

Scripting

Scripts can be configured to be executed just before an Initial Update begins and/or after completion. For example, you can run scripts to automate the preparation and setup of newly added machines before or after Initial Update. Use Patch Mgmt > Pre/Post Script to configure these scripts on a per-machine basis.

Schedule

Click Schedule to schedule this task on selected machine IDs using the schedule options previously selected.

Cancel

Click Cancel to cancel execution of this task on selected managed machines.

Stagger by

You can distribute the load on your network by staggering this task. If you set this parameter to 5 minutes, then the task on each machine ID is staggered by 5 minutes. For example, machine 1 runs at 10:00, machine 2 runs at 10:05, machine 3 runs at 10:10, ...

Skip if Machine Offline

Check to perform this task only at the scheduled time, within a 15 minute window. If the machine is offline, skip and run the next scheduled period and time. Uncheck to perform this task as soon as the machine connects after the scheduled time.

Select All/Unselect All

Click the Select All link to check all rows on the page. Click the Unselect All link to uncheck all rows on the page.

Check-in status

These icons indicate the agent check-in status of each managed machine:

Agent has checked in

Agent has checked in and user is logged on. Tool tip lists the logon name.

Agent has not recently checked in

Agent has never checked in

Online but waiting for first audit to complete

The agent is online but remote control is disabled

The agent has been suspended

Machine.Group ID

The list of Machine ID.Group IDs displayed is based on the Machine ID / Group ID filter and the machine groups the administrator is authorized to see using System > Group Access.

Scheduled

This timestamp shows the scheduled Initial Update.

Updated

If checked, an Initial Update has been performed successfully on the machine ID. This timestamp shows when the Status being reported was completed.

Status

During processing, the Status column displays the following types of messages, if applicable:

• Started
• Processing Windows Installer
• Processing operating system service packs
• Processing non-security patches
• Processing Microsoft security patches
• Processing Office service packs
• Processing Office patches

When all processing has been completed, the Status column displays either:

• Completed - fully patched
• Completed - remaining patches require manual processing

If the latter status displays, select the appropriate machine ID in Patch Mgmt > Machine Update to determine why all patches were not applied. Some patches might require manual install or for the user to be logged in. In the case of patch failures, manually schedule failed patches to be reapplied. Due to occasional conflicts between patches resulting from not rebooting after each individual patch, simply reapplying the patches typically resolves the failures.

Topic 2183: Send Feedback. Download a PDF of this online book from the first topic in the table of contents.