Next Topic

Previous Topic

Book Contents

Initial Update

Initial Update is a one-time processing of all approved Microsoft patches applicable to a managed machine based on Patch Policy. Initial Update ignores the Reboot Action policy and reboots the managed machine without warning the user as often as necessary until the machine has been brought up to the latest patch level. Initial Update should only be performed during non-business hours and is typically performed over a weekend on newly added machines. See Methods of Updating Patches, Configuring Patch Management, Patch Processing, Superseded Patches, Update Classification and Patch Failure for a general description of patch management.

Note: The agent for the KServer is not displayed on this page. Initial Update cannot be used on the KServer.

Patch Update Order

Service packs and patches are installed in the following order:

  1. Windows Installer
  2. OS related service packs
  3. OS update rollups
  4. OS critical updates
  5. OS non-critical updates
  6. OS security updates
  7. Office service packs
  8. Office update rollups
  9. All remaining Office updates

Note: Reboots are forced after each service pack and at the end of each patch group without warning. This is necessary to permit the re-scan and installation of the subsequent groups of patches.

Pre/Post Procedures

Agent procedures can be configured to be executed just before an Initial Update or Automatic Update begins and/or after completion. For example, you can run agent procedures to automate the preparation and setup of newly added machines before or after Initial Update. Use Patch Management > Pre/Post Procedures to select and assign these agent procedures on a per-machine basis.


Click Schedule to display the Scheduler window, which is used throughout the VSA to schedule a task. Schedule this task once. Options include:

  • Distribution Window - Reschedules the task to a randomly selected time no later than the number of periods specified, to spread network traffic and server loading.


Click Cancel to cancel execution of this task on selected managed machines.

Select All/Unselect All

Click the Select All link to check all rows on the page. Click the Unselect All link to uncheck all rows on the page.

Check-in status

These icons indicate the agent check-in status of each managed machine. Hovering the cursor over a check-in icon displays the agent quick view window.

Online but waiting for first audit to complete

Agent online

Agent online and user currently logged on.

Agent online and user currently logged on, but user not active for 10 minutes

Agent is currently offline

Agent has never checked in

Agent is online but remote control has been disabled

The agent has been suspended

Machine.Group ID

The list of Machine.Group IDs displayed is based on the Machine ID / Group ID filter and the machine groups the user is authorized to see using System > User Security > Scopes.

Note: Displays the following message if applicable: Not a member of a Patch Policy - All missing patches will be installed!


This timestamp shows the scheduled Initial Update.


If checked, an Initial Update has been performed successfully on the machine ID. The timestamp shows when the Status being reported was completed.


During processing, the Status column displays the following types of messages, if applicable:

  • Started
  • Processing Windows Installer
  • Processing operating system service packs
  • Processing operating system update rollups
  • Processing operating system critical updates
  • Processing operating system non-critical updates
  • Processing operating system security updates
  • Processing Office service packs
  • Processing Office update rollups
  • Processing Office updates

When all processing has been completed, the Status column displays either:

  • Completed - fully patched
  • Completed - remaining patches require manual processing

If the latter status displays, select the appropriate machine ID in Patch Management > Machine Update to determine why all patches were not applied. Some patches might require manual install or for the user to be logged in. In the case of patch failures, manually schedule failed patches to be reapplied. Due to occasional conflicts between patches resulting from not rebooting after each individual patch, simply reapplying the patches typically resolves the failures.