Updated December 20, 2016
This video provides a guided tour of all the key features for patching Microsoft and 3rd party applications and reporting on patch compliance. This demo showcases how to tell which patches are needed, how to create a WSUS inventory task, how to approve updates, how to schedule a patch, how to patch servers during a maintenance window, how to uninstall an application or patch and how to create executive reports.
All Patch Manager versions
Hello, this is Kelly Tice, SolarWinds® Sales Engineer. In this guided product tour, I will review several key features of SolarWinds Patch Manager.
Patch Manager extends the functionality of WSUS and SCCM environments or both to facilitate easier patching, reporting, and information gathering for servers and workstations in your environment. After an update has been published to the WSUS server, if you browse down to a specific update, you can quickly see an overview of the current state of selected update on the Update Details tab. The pie chart information is based directly on the data reported by the Windows® update agent, the last time the client machines checked into WSUS.
On Computer Summary tab, you can review the same data but in a grid format. This will allow you to filter, group, and sort the information however you want. For example, you can grab this status column header and drag and drop it here in order to group all the updates by status entry. A "Not Installed" status on this Computer Summary tab would indicate the machine has determined the update to be applicable but it is not yet installed that update.
Patch Manager reporting is made possible by he WSUS inventory task. The WSUS inventory task gathers update information directly from a targeted WSUS server. The gathered information includes general updated information, WSUS group approval status, and deployment status by client.
To create a WSUS inventory task, select the desired WSUS server, then right-click and select "WSUS inventory" from the Context menu. In most cases, the default options on the WSUS Inventory Options Dialogue will suffice. So click "Save" and proceed to the Scheduling dialogue. Next, specify a time at which to run and configure the task. In this example, I will select "Run Daily." I will then select "No End Date" so that the task will reoccur. After clicking "OK", you can verify the task was created in the Scheduled Task node under Administration and Reporting.
How can I ensure that a chosen group is receiving the same updates as another WSUS target group? Perhaps you want your production group to have the same updates as your test group. This can be done by selecting the WSUS server under Update Services and clicking on the "Update Approvals" tab. The resulting list of updates and approval status can be grouped to show a view of existing approvals for a specific group. Next, expand the group you wish to duplicate, select the updates, and then click "Approve" from the Update Approvals section at the bottom of the right-hand actions pane. In the Approvals Dialogue, select the new group, which will receive the approval action for those updates and chose "Approved for Install", then click "OK." When the approval process is complete, click "Close." You may want to refresh the Update Approvals tab to verify the change.
One of the exciting features of SolarWinds Patch Manager is the ability to schedule update deployments at specific time using our Update Management or Update Management wizard tasks. To deploy one or more deploy individually selected updates to a machine or group, browse down to the desired updates under your WSUS server and select the ones you wish to deploy. Next, right-click the selection and chose "Update Management" from the Context menu. The first page of the Update Management dialogue will allow you to set various deployment options, such as the ability to configure reboot behavior, both before and after the update or updates are deployed. After clicking "OK" you'll be presented with computer selection dialogue. Individual computers can be added using the Add or Browse Computers option, or a specific group of machines can be targeted using the Select Computers Using Rules option. Once a computer group selection is made, the next page in the dialogue will specify whether the task is to be run immediately or scheduled for a future time. Export and email options can also be set on this page. Upon execution, the Patch Manager system will make a WMI connection to each targeted machine and will instruct the Windows Update Agent on those clients to go download and install the specified updates from their configured WSUS server.
Another deployment option that SolarWinds Patch Manager provides is the Update Management Wizard. This task will allow you to schedule a batch of updates to be deployed by a machine or groups of machines, it differs from the previously discussed Update Management task in that it does not require individual updates to be selected, but rather issues a generalized command to the targeted machines to install all updates meeting certain criteria. To begin, we will select a domain, a WSUS group, or selection of machines. Then right-click that selection and launch the Update Management wizard task. On the first page of the wizard, we are able to select a general command, which will be executed by the Windows Update agent on each targeted machine. These include several useful default selections, such as Install all needed and approved updates. You're not limited to these predefined statements, however. By choosing the option to "Create custom dynamic update management rules", you can define your own rules to narrow down which updates will be deployed to the targeted machines. For example, you can add a rule to deploy only updates with a classification of tools, or updates with the product name contains a particular sub-string. The Update Management Wizard task features some additional configuration options, such as the ability to initiate a task, configure reboot options, and define behavior when an exclusive update is encountered.
One powerful feature of the Update Management Wizard is the ability to run this task in a planning mode. When enabled the task will execute but will not actually install any updates. Results of the Planning Mode run can be reviewed under the Scheduled Task node and if the results are expected and desired, the task can be executed again without the Planning Mode option selected. Like any other task in the Patch Manager product, the Update Management Wizard can be scheduled to run at a particular date and time. When executed, the client will install the selected updates. Because of the powerful nature of the available command options, this task is well-suited in deploying updates during a scheduled maintenance window.
Patch Manager offers the ability to remotely uninstall MSI-based software from client machines using our Computer Explorer dialogue. To accomplish this, simply browse to and select the machine, then right-click to chose the "Computer Explorer" option from the Context Menu. Next, click on the "Installed Software" tab to retrieve a list of software and select the MSI-based software you would like to remove. Then click "Uninstall Software" to launch the Wizard and click "Uninstall" after verifying the information on the next page. In addition, you have the ability to choose a group of machines to target with this uninstall task.
Reporting is an important element of any patching solution. SolarWinds Patch Manager offers robust reporting functionality on both WSUS data, as well as client hardware and software information. If desired, you can schedule WMI-based inventory of your client machines to gather hardware and software information. Once an inventory has been performed, you can run a variety of reports against that collected data to display BIOS information, processors, memory, network information, hard drive space, installed software, and many other fields. A scheduled WSUS inventory task will collect update information directly from your WSUS server and store that data into a SQL database. You can then execute a variety of reports on updates, their approval status, and install status per client.
The Computer Update Status Approved Update report, for example, will return a list of all approved updates on a WSUS server, along with the current install state of the update on client machines. Let's quickly run this report. All reports can be exported into several different common formats, such as XLS, PDF, or CSV. They can also be scheduled to run periodically, so a report can be executed once a week or once a month with results emailed to the administrators or simply dropped to a file share. In order to get a quick view that you can share with your boss, just access your web console for a snapshot of your environment that includes Operating System Overview, Server Node Health, and Top 10 Most Vulnerable Machines. Additionally, this chart will show you Top 10 Patches Missing and allow you to drill down and see which nodes are lacking updates.