Next Topic

Previous Topic

Book Contents

Machine Update

The Machine Update page manually installs Microsoft patches on individual machines. Machine Update overrides the Patch Approval Policy but obeys the Reboot Action policy. If you're using Automatic Update, then Machine Update is used on an exception basis. Machine Update is often used to test a new patch prior to approving it for general release to all machines. See Methods of Updating Patches, Configuring Patch Management, Patch Processing, Superseded Patches, Update Classification and Patch Failure for a general description of patch management.

Using Machine Update

  1. Click a machine ID to display all patches missing on that machine.
  2. The Product column helps identify the product category associated with a specific patch. If a patch is used across multiple operating system families (i.e., Windows XP, Windows Server 2003, Vista, etc.), the product category is Common Windows Component. Examples include Internet Explorer, Windows Media Player, MDAC, MSXML, etc.
  3. Optionally click the KB Article link to display a Details page about the patch. The Details page contains a link to display the knowledge base article.
  4. Optionally click a Security Bulletin link to review a security bulletin, if available. Patches classified as security updates have a security bulletin ID (MSyy-xxx).
  5. Check the box next to patches you want installed on the selected machine ID.
  6. Click the Schedule button to install patches using the install parameters.
  7. Click the Cancel button to remove any pending patch installs.

Superseded Patches

A patch may be superseded and not need to be installed. See Superseded Patches for more information.


Click this button to display the Scheduler window, which is used throughout the VSA to schedule a task. Schedule this task once. Options include:

  • Distribution Window - Reschedules the task to a randomly selected time no later than the number of periods specified, to spread network traffic and server loading.
  • Skip if offline - If checked and the machine is offline, skip and run the next scheduled period and time. If blank and the machine is offline, run the task as soon as the machine is online again.
  • Power up if offline - Windows only. If checked, powers up the machine if offline. Requires Wake-On-LAN or vPro and another managed system on the same LAN.
  • Exclude the following time range - If checked, specifies a date/time range to not perform the task.


Click Cancel to cancel execution of this task on selected managed machines.

Note: Patches that are currently being processed (status of Pending - Processing Now) cannot be canceled.

Hide patches denied by Patch Approval

If checked, hides patches denied patch approval. Patches with the status Pending Approval are considered denied by Machine Update.

Select All/Unselect All

Click the Select All link to check all rows on the page. Click the Unselect All link to uncheck all rows on the page.


Patches are grouped by update classification first and knowledge base article number second.


The following status messages can appear next to a patch:

  • Pending (Processing Now)
  • Pending (Scheduled to run at <date>)
  • Install Failed - See Patch Failure.
  • Awaiting Reboot
  • User not logged in
  • User not ready to install
  • Install Failed - Missing Network Credential
  • Install Failed - Invalid Network Credential or LAN Server Unavailable
  • Install Failed - Invalid Credential
  • Missing
  • Denied by Patch Approval
  • Denied (Pending Patch Approval)
  • Manual install to database server only - Applies to SQL Server patches on the database server where the KServer database is hosted
  • Manual install to KServer only - Applies to Office or any "install-as-user" patches on the KServer
  • Patch Location Pending - Applies to patches with an invalid patch location. See Invalid Patch Location Notification in System > Configure.
  • Missing Patch Location
  • Ignore