Patch Update
Patch Management > Patch Update
- This page applies to the following products: On Premises, Kaseya Advanced, Kaseya Essentials, IT Center
The Patch Update page updates missing Microsoft patches on all machines displayed in the paging area. Patch Update overrides the Patch Approval Policy but obeys the Reboot Action policy. If you're using Automatic Update, then Patch Update is used on an exception basis to apply individual patches to multiple machines or to re-apply patches that originally failed on certain machines. See Methods of Updating Patches, Configuring Patch Management, Patch Processing, Superseded Patches, Update Classification and Patch Failure for a general description of patch management.
Patches Displayed
The display of patches on this page are based on:
- The Machine ID/Group ID filter.
- The patches reported using Scan Machine. Managed machines should be scanned daily.
- The patches of machines using Automatic Update. If the Hide machines set for Automatic Update box is checked, these patches are not listed here. These patches are automatically applied at the Automatic Update scheduled time for each machine.
- If the Hide patches denied by Patch Approval box is checked, patches that are denied or pending approval are not listed here.
- The patches of machines being processed by Initial Update. These patches are excluded from this page until Initial Update completes.
Duplicate Entries
Microsoft may use a common knowledge base article for one or more patches, causing patches to appear to be listed more than once. Patch Update displays patches sorted by Update Classification or Product first and knowledge base article number second. Check the Product name or click the KB Article link to distinguish patches associated with a common knowledge base article.
Superseded Patches
A patch may be superseded and not need to be installed. See Superseded Patches for more information.
Using Patch Update
- Optionally click the KB Article link to display a Details page about the patch. The Details page contains a link to display the knowledge base article.
- Patches classified as security updates have a security bulletin ID (
MSyy-xxx ). Optionally click the Security Bulletin link to review the security bulletin, if available. - Optionally click the box next to a KB Article to schedule that patch on all managed machines missing that patch.
- Optionally click the Machines... button to schedule a patch on individual machines or to set machines to ignore a patch. The Ignore setting applies to the selected patch on the selected machines. If Ignore is set, the patch is considered
Denied . Patches marked as Ignore on the selected machines cannot be installed by any of the installation methods. To be installed, the Ignore setting must be cleared.Note: A warning icon indicates the patch status for one or more machines should be checked before installing this patch. Click the Machines button and review the Status column for each machine missing this patch.
- Click the Schedule button to install the patches using the install parameters.
- Click the Cancel button to remove any pending patch installs.
Hide machines set for Automatic Update
If checked, hides patches missing from machine IDs set to Automatic Update.
Hide patches denied by Approval Policy
If checked, hides patches denied by Patch Approval Policy.
Patch Group By
Display patch groups by Classification or Product.
Schedule
Click this button to display the Scheduler window, which is used throughout the VSA to schedule a task. Schedule this task once. Options include:
- Distribution Window - Reschedules the task to a randomly selected time no later than the number of periods specified, to spread network traffic and server loading.
- Skip if offline - If checked and the machine is offline, skip and run the next scheduled period and time. If blank and the machine is offline, run the task as soon as the machine is online again.
- Power up if offline - Windows only. If checked, powers up the machine if offline. Requires Wake-On-LAN or vPro and another managed system on the same LAN.
- Exclude the following time range - If checked, specifies a date/time range to not perform the task.
Cancel
Click Cancel to cancel execution of this task on selected managed machines.
Note: Patches that are currently being processed (status of Pending - Processing Now) cannot be canceled.
Show Details
Click the Show Details checkbox to display the expanded title and installation warnings, if any, of each patch.
Select All/Unselect All
Click the Select All link to check all rows on the page. Click the Unselect All link to uncheck all rows on the page.
Status Warning Icon
A warning icon indicates the patch status for one or more machines should be checked before installing this patch. Click the Machines button and review the Status column for each machine missing this patch.
Machines...
Click Machines... to list all machines missing this patch. On the details page, the following status messages can appear next to a patch:
Pending (Processing Now) Pending (Scheduled to run at <date>) Install Failed - See Patch Failure.Awaiting Reboot User not logged in User not ready to install Install Failed - Missing Network Credential Install Failed - Invalid Network Credential or LAN Server Unavailable Install Failed - Invalid Credential Missing Denied by Patch Approval Denied (Pending Patch Approval) Manual install to database server only - Applies to SQL Server patches on the database server where the KServer database is hostedManual install to KServer only - Applies to Office or any "install-as-user" patches on the KServerPatch Location Pending - Applies to patches with an invalid patch location. See Invalid Patch Location Notification in System > Configure.Missing Patch Location Ignore
KB Article
The knowledge base article describing the patch. Click the KB Article link to display a Details page about the patch. The Details page contains a link to display the knowledge base article.
Security Bulletin
Patches classified as security updates have a security bulletin ID (MSyy-xxx ). Clicking this link displays the security bulletin.
Missing
The number of machines missing this patch.
Auto
Displays only if the Hide machines set for Automatic Update box is not checked. The number of machines scheduled to install this patch by Automatic Update.
Ignore
The number of machine set to ignore a patch using the Machines button. The Ignore setting applies to the selected patch on the selected machines. If Ignore is set, the patch is considered Denied . Patches marked as Ignore on the selected machines cannot be installed by any of the installation methods. To be installed, the Ignore setting must be cleared.
Product
The Product column helps identify the product category associated with a specific patch. If a patch is used across multiple operating system families (i.e., Windows XP, Windows Server 2003, Vista, etc.), the product category is Common Windows Component . Examples include Internet Explorer, Windows Media Player, MDAC, MSXML, etc.
Update Classification
See Update Classification for an explanation of Classification and Type.
|