The Scan Machine page schedules scans to search for missing patches on each managed machine. Scanning takes very little resources and can be safely scheduled to run at any time of day. The scanning operation does not impact users at all.
The current patch status of any given machine is one of the most critical data points when maintaining and troubleshooting a system. Within the Patch Status section of Kaseya you get an instant view of number of patches installed, missing, denied, pending and failed. Most patch problems are the result of configuration or permission issues. The test function exercises the entire patch deployment process without actually installing anything on the target machine or causing a reboot.
Leveraging Kaseya's automation framework, seeing the latest scan information, and scheduling scans is simple and efficient.
Initial and Automatic Updates
Initial Update is a one-time processing of all approved Microsoft patches applicable to a managed machine based on Patch Policy. The Automatic Update page is the preferred method of updating managed machines with Microsoft patches on a recurring basis. Automatic Update obeys the policies from within the Kaseya IT Automation Framework so that you can have total control over the machine behavior for patching.
Use the Pre/Post Procedure page to run procedures before and/or after Initial Update or Automatic Update. For example, you can run procedures to automate the preparation and setup of newly added machines before or after Initial Update.
The Machine History page displays the results from the most recent patch scan of managed machines. All installed and missing patches applicable to a managed machine are listed, regardless of whether the patch is approved or not.
The Machine Update page manually installs Microsoft patches on individual machines. Machine Update is often used to test a new Windows or other software patch prior to approving it for general release to all machines. The Patch Update page updates missing Microsoft patches on all machines displayed in the paging area. If you're using Automatic Update, then Patch Update is used on an exception basis to apply individual changes to multiple machines or to re-apply those that originally failed on certain machines.
There are times when patches get installed and have unintended impact on software installed. The Rollback page removes patches after they have been installed on a system. Not all updates may be uninstalled, but the system only lists those that support the rollback feature.
Cancel manually scheduled patch installations scheduled from the Machine Update or the Patch Update pages. Terminate a currently running patch installation process on an individual machine. The Cancel Updates page can also terminate processes than are currently running.
Create management policies to approve or deny patches. Initial Update and Automatic Update only install approved patches. The Create/Delete page creates or deletes patch policies. Patch policies contain all active updates for the purpose of approving or denying patches. An active patch is defined as a patch that has been reported by a patch scan by at least one machine in the Virtual System Administrator (VSA). Any machine can be made a member of one or more patch policies.
The Membership page assigns machine IDs to one or more patch policies.
Approval by Policy
Microsoft mainly unveils updates for Windows and other programs once a month on “Patch Tuesday,” but they can cause compatibility problems or leave security risks. The Approval by Policy page lets you manage when your server installs patches according to a preset policy. Patches pending approval are considered denied until they are approved. This gives you the chance to test and verify a patch in your environment before the patch automatically pushes out.
The KB Override page sets overrides of the default approval status of updates set using Approval by Policy by Knowledge Base (KB) Article for all patch policies. It also sets the approval status for existing patches by KB Article for all patch policies. Changes affect patches in all policies installed by all users.