Submit a ticketCall us
Home > Success Center > Patch Manager > Available groups in Patch Manager

Available groups in Patch Manager

Created by Brandon Painter, last modified by Steve.Hawkins on Jun 19, 2017

Views: 104 Votes: 0 Revisions: 6

Overview

This article provides information about the multiple types of Groups within Patch Manager. 

Environment

All versions of Patch Manager

Detail

Management groups

These groups are a logical collection of domains, workgroups, and WSUS servers. You could have more than one management group defined in Patch Manager, although the vast majority of customers just have one management group created during the initial installation. Defining multiple Management Groups is an advanced configuration option, and the concepts surrounding it are discussed in Chapter 8 of the Patch Manager Administrator Guide.

Deploy multiple management groups if you want to:

  • Keep information stored in your database for two company segments
  • Maintain a separate database for a testing environment

Computer groups

These are groups on the WSUS server are used to logically separate machines targeted for patching. Sometimes referred to as WSUS groups or WSUS target groups, these groups display in the navigation pane under Computers and Groups > All Computers. 

A default WSUS installation uses Server Side Targeting. When you point a client machine to a WSUS server through Group Policy, the computer displays under Unassigned computers until you move it to another specific group. You can create WSUS groups using various logical grouping based on your needs, such as Servers, Workstations, Operating System, or a name that represents a physical location. After you create the group, move each computer client into the group.

Client Side Targeting is another option. Normally enabled through Group Policy, each machine places itself in a group. Using this method, each machine receive Group Policy from their organizational unit (OU), and each OU can be configured to automatically drop the client machines into the the correct WSUS group. 

See Managing Computer Groups on the Microsoft TechNet website for more information. 

Managed Computers node

This node is a list of machines that Patch Manager believes is targeted with a task. In general, if you targeted a specific OU or WSUS group with a task (such as Inventory or Update Management), the targeted machines display under Managed Computers.

Managed Computers are are used in part to calculate used licenses. There is no requirement that a machine display under Managed Computers so you can target the machine with an available tasks. Also, you are not required to add anything to this list. It is simply a list of items that you think is targeted.

A Managed Computer node can provide an easy way to locate a machine name, right-click the name, and execute a task. In general, unless you are receiving messages about exceeding your allocated licenses, you can ignore this node.  

Patch Manager computer groups

These groups are different from management groups. They provide an alternative method to group computers that are targeted with tasks. If you select one or more machines in Patch Manager, you can right-click the selection and create a Patch Manager Computer Group. This group displays under Enterprise > Microsoft Windows Network. You can target these groups with several types of tasks, including Inventory, Update Management, and Update Management Wizard Tasks, such as Detect Now.

Patch Manager computer groups differ from WSUS groups (computer groups) in that the WSUS server does not know that these groups exist. This is important because one of the available update deployment options is to use the normal WSUS methodology of approving updates to WSUS groups.

When an update is approved for a WSUS group in a WSUS environment, the machines in the group see the approval when they check in to WSUS during their default 22-hour cycle. If the update is approved for a group they are in and applicable to them, the client machines will have the update deployed to them based on their additional group policy settings. 

Since Patch Manager computer groups are not visible to WSUS, you cannot approve an update to a Patch Manager computer group. You can deploy updates to a Patch Manager computer group using the Update Management tasks. 

Most administrators use WSUS groups for most tasks. Patch Manager computer groups are used on occasion for special cases where, for example, you want to target certain machines with a new Java update. In this scenario, you could move move the machines in the WSUS groups to facilitate proper targeting for a one-time update. Another example would be if you noticed 

Additionally, if you are viewing the results of an Update Management task in Task History and notice that a few machines failed because they were shut down at the same time, you could target these machines for updates using a WSUS group. You can select the failed machines, right-click the selection and create a Patch Manager group with a name that identifies these machines--for example, Failed update machines and use that group to target a precisely-scoped follow-up task at a later date when they are online. 

 

Last modified
13:34, 19 Jun 2017

Tags

Classifications

Public