Submit a ticketCall us

Training ClassThe Orion® Platform Instructor-led Classes

Provided by SolarWinds® Academy, these trainings will introduce users to the Orion Platform and its features, management, and navigation. These courses are suitable for users looking to discover new tips, tricks, and ways to adapt their Orion products to better suit their monitoring needs:
Deploying the Orion Platform
Configuring Orion views, maps, and accounts
Configuring Orion alerts and reports

Reserve your seat.

Home > Success Center > Patch Manager > Knowledgebase Internal > Active and passive system patching using Patch Manager

Active and passive system patching using Patch Manager

Updated August 10, 2018

Overview

This article describes how to update a Microsoft Windows environment using active and passive methods in Patch Manager.

Environment

  • All Patch Manager versions
  • Windows Server 2008 R2 with WSUS
  • Windows Server 2012 R2 with WSUS
  • Windows Server 2016 with WSUS

Detail

Using Patch Manager, you can update the Windows machines in your environment using a Passive or Active method.

Passive method

The Passive method enables your client machines to check for updates based on your GPO or Local Policies settings (© 2018 Microsoft Corporation, available at https://www.microsoft.com, obtained on August 10. 2018).

Using this method, the client machines check in with the WSUS server on a specific time rotation (for example, once a day or once a week). After the client machines download the approved updates from the WSUS server, you simply approve the updates that are applicable to the user’s needs.

This option is considered a Microsoft Update management setup that does not interact with Patch Manager unless you approve the updates captured by the clients through the Patch Manager Administrator Console.

Active method

The Active method requires you to run one of the following actions from the Patch Manager Administrator Console:

  • Update Management Wizard
  • Update Management action

These options require the WSUS Extension Pack. Click here for installation instructions. 

Update Management Wizard

When you click the Update Management Wizard in the Actions pane, the wizard prompts you to select updates identified by the Windows Update Agent (WUA) as needed for critical updates.

Update_Management_Wizard1.png

After you complete the wizard, a WMI call runs on the client machines, which updates the chosen parameters in the update task.

Be sure to read and understand each option before you install it on the system.

The Update Management Wizard is primarily used to update Microsoft software components, but there are options that allow you to push third party packages. For example, the Update Management Wizard interface includes an option to download and Install all needed updates, which does not distinguish which WSUS view to update the patches from.

Also, if you view the top option in the Update Management Wizard interface, you can see that Windows Updates are clearly being called using the Download and install all needed approved security and critical updates option.

Notice that one option states that the updates must be approved and that they need to come from the security and critical update views from the WSUS, while the second option is only stating that the updates are needed. Use caution when choosing any option in the Update Management Wizard interface, as it can push out updates that you may not have approved.

Update Management action

The Update Management action in the Actions menu allows you to choose updates in the Update Management window.

SPM-Admin-Guide-Update-Management2.png

You can choose the updates using two methods.

You can select the updates in the Patch Manager Administrator Console from the WSUS view by maximizing Enterprise > Update Services > WSUS_server  > Updates and select Updates. The Updates includes All Updates, Critical Updates, Security Updates, Third Party Updates, and Custom Updates (views).

SPM-Admin-Guide-Expand-Updates2.png

You can also choose the Client machine by maximizing Enterprise > Update Services > WSUS_Server > Computers and Groups > All Computers > and select Computers and Groups.

You can also perform this task using an organizational unit (OU) in the domain under the Microsoft Windows Network area just below Update Services.

Using Update Management with Updates or Packages selected before creating the task 

When you select an update from these sections and right-click the update, there is an option for Update Management. Using this path allows you to capture the selected update, which can be used with multiple selected updates.

After you select the updates and a task, you will see the populated updates in the first section. Here, you can add the computers that need to have the task ran on them. This method is preferred to using the Update Management Wizard. It is up to you to decide which option to use for the Update Management tasks.

Using Update Management with Computers selected before creating the task 

If you select Computers and Groups, you can load the client machines and then click Browse to select the update. This method can be problematic, but is an alternate option that is available when needed.

Using the Update Management Wizard

Using the Update Management Wizard Tasks is a bit different. With the Update Management Wizard, you can select any computer under WSUS server or from an organizational unit (Including the WSUS), and then right-click and select the Update Management Wizard option.

This option allows you to select a set of update options that puts specific criteria on the updates. Next, you would add the client computers to the task as you did in the Update Management task.

 

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.

 

 

Last modified

Tags

Classifications

Public