Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Patch Manager > Patch Manager Basics

Patch Manager Basics

Table of contents

Updated May 25th, 2016

Overview

Before you learn about patch manager, you should learn a little about WSUS.

Environment

Patch Manager with WSUS

Detail

WSUS is Microsoft's free patch management solution. It allows you to use Microsoft Update. There are over 500,000 WSUS servers across the world syncing directly to Microsoft, and there are billions of computers that use Microsoft Update. However, there are 'gaps' in the solution in terms of command and control.

WSUS deals with:

  1. Computers that get registered in the system
  2. Updates (security, critical, service packs, etc.)
  3. Approvals (A mechanism in WSUS which allows the selection of which server boxes receive which updates)
  4. Computer Groups (Which relate to approvals)
 

Computer groups are used as a way of logically grouping computers in an environment.

There are two ways of segregating computers into groups:

  1. Server-side Targeting (Creating a group and adding computers to it directly)
  2. Client-side Targeting (Using group policy settings to add a particular client to a group)
 

WSUS gets its content from Microsoft's Update Site, pulling metadata information about updates (description, classification, etc.), rules for detecting when an update is installed, when it is applicable, what the pre-requisites are, etc. People use computer groups to deal with approvals. For example, when you have an update in WSUS and a client is part of that WSUS hierarchy, it reports to a WSUS server (either a downstream server or an upstream server). Then, the content is pulled down and an update agent performs a scan in the local box, which gives them a list of updates that are installed, updates that are missing, and updates that are downloaded, but not installed. The scans require no special actions.

 

Approvals are about the deployment of mechanism (getting the updates to install). The installation of approved updates is driven by group policy. The agent looks at the policy settings to figure out when the update should install. However, the group policy does not provide server control, and in some cases, it also fails to provide desktop control. Patch Manager provides a solution to this by giving you more command and control over when updates should be installed. In some approval cases, a computer may be part of more than one group. In these situations, the group with the deepest approval is the group whose approval is put into effect for that computer.

 

Patch Manager also provides 3rd Party Update content, which includes automatic notifications about the updates from 3rd parties. It also provides the content for them. This content is not available on the Solarwinds site. When the update is not a direct download, the package assistant provides instructions on how to import the content. The use can then get the updates into their WSUS server. Patch Manager also provides package creation capabilities, which allows users to create packages to give updates or full software packages.

 

Last modified
20:01, 25 Jan 2017

Tags

Classifications

Public