Patch Update

Patch Mgmt > Patch Update

• Print a report of similar information using Reports > Patch Management.

The Patch Update page updates missing Microsoft patches on all machines displayed in the paging area. Patch Update overrides the Patch Approval Policy but obeys the Reboot Action policy. If you're using Automatic Update, then Patch Update is used on an exception basis to apply individual patches to multiple machines or to re-apply patches that originally failed on certain machines. See Methods of Updating Patches, Configuring Patch Management, Patch Processing, Update Classification and Patch Failure for a general description of patch management.

Patches Displayed

The display of patches on this page are based on:

• The Machine ID/Group ID filter.
• The patches reported using Scan Machine. Managed machines should be scanned daily.
• The patches of machines using Automatic Update. If the Hide machines set for Automatic Update box is checked, these patches are not listed here. These patches are automatically applied at the Automatic Update scheduled time for each machine.
• If the Hide patches denied by Patch Approval box is checked, patches that are denied or pending approval are not listed here.
• The patches of machines being processed by Initial Update. These patches are excluded from this page until Initial Update completes.

Duplicate Entries

Microsoft may use a common knowledge base article for one or more patches, causing patches to appear to be listed more than once. Patch Update displays patches sorted by Update Classification or Product first and knowledge base article number second. Check the Product name or click the KB Article link to distinguish patches associated with a common knowledge base article.

Superceded Patches

A patch may be superceded and not need to be installed. See Superceded Patches for more information.

Using Patch Update

1. Optionally click the KB Article link to display a Details page about the patch. The Details page contains a link to display the knowledge base article.
2. Patches classified as security updates have a security bulletin ID (MSyy-xxx). Optionally click the Security Bulletin link to review the security bulletin, if available.
3. Optionally click the box next to a KB Article to schedule that patch on all managed machines missing that patch.
4. Optionally click the Machines... button to schedule a patch on individual machines or to set machines to ignore a patch. The Ignore setting applies to the selected patch on the selected machines. If Ignore is set, the patch is considered Denied. Patches marked as Ignore on the selected machines cannot be installed by any of the installation methods. To be installed, the Ignore setting must be cleared.

   Note: A warning icon indicates the patch status for one or more machines should be checked before installing this patch. Click the Machines button and review the Status column for each machine missing this patch.

5. Select install parameters.
6. Click the Schedule button to install the patches using the install parameters.
7. Click the Cancel button to remove any pending patch installs.

Hide machines set for Automatic Update

If checked, hides patches missing from machine IDs set to Automatic Update.

Hide patches denied by Approval Policy

If checked, hides patches denied by Patch Approval Policy.

Patch Group By

Display patch groups by Classification or Product.

Schedule

Click Schedule to schedule a update of selected patches on all machine IDs missing this patch, using the schedule options previously selected.

Date/Time

Enter the year, month, day, hour, and minute to schedule this task.

Cancel

Click Cancel to cancel execution of this task on selected managed machines.

Stagger by

You can distribute the load on your network by staggering this task. If you set this parameter to 5 minutes, then the task on each machine ID is staggered by 5 minutes. For example, machine 1 runs at 10:00, machine 2 runs at 10:05, machine 3 runs at 10:10, ...

Skip if Machine Offline

Check to perform this task only at the scheduled time, within a 15 minute window. If the machine is offline, skip and run the next scheduled period and time. Uncheck to perform this task as soon as the machine connects after the scheduled time.

Show Details

Click the Show Details checkbox to display the expanded title and installation warnings, if any, of each patch.

Select All/Unselect All

Click the Select All link to check all rows on the page. Click the Unselect All link to uncheck all rows on the page.

Status Warning Icon

A warning icon indicates the patch status for one or more machines should be checked before installing this patch. Click the Machines button and review the Status column for each machine missing this patch.

Machines...

Click Machines... to list all machines missing this patch. On the details page, the following status messages can appear next to a patch:

• Pending
• Install Failed - See Patch Failure.
• Awaiting Reboot
• User not logged in
• User not ready to install
• Install Failed - Missing Network Credential
• Install Failed - Invalid Network Credential or LAN Server Unavailable
• Install Failed - Invalid Credential
• Missing
• Denied by Patch Approval
• Denied (Pending Patch Approval)
• Manual install to VSA database server only - Applies to SQL Server patches on the database server where our database is hosted
• Manual install to KServer only - Applies to Office or any "install-as-user" patches on the KServer
• Patch Location Pending - Applies to patches with an invalid patch location. See Invalid Patch Location Notification in System > Configure.
• Missing Patch Location
• Ignore

KB Article

The knowledge base article describing the patch. Click the KB Article link to display a Details page about the patch. The Details page contains a link to display the knowledge base article.

Missing

The number of machines missing this patch.

Auto

Displays only if the Hide machines set for Automatic Update box is not checked. The number of machines scheduled to install this patch by Automatic Update.

Ignore

The number of machine set to ignore a patch using the Machines button. The Ignore setting applies to the selected patch on the selected machines. If Ignore is set, the patch is considered Denied. Patches marked as Ignore on the selected machines cannot be installed by any of the installation methods. To be installed, the Ignore setting must be cleared.

Product

The Product column helps identify the product category associated with a specific patch. If a patch is used across multiple operating system families (i.e., Windows XP, Windows Server 2003, Vista, etc.), the product category is Common Windows Component. Examples include Internet Explorer, Windows Media Player, MDAC, MSXML, etc.

Update Classification

See Update Classification for an explanation of Classification and Type.

Topic 346: Send Feedback. Download a PDF of this online book from the first topic in the table of contents.