On-PremisesCloud

Deploy Patches Manually

The Install/Uninstall Patch configuration enables you to manually install or uninstall patches from a central location. While systems running on Windows and macOS do not have any preconditions, certain Linux distributions demand the following prerequisites:

Prerequisites to patch Red Hat and SUSE Machines
To patch the systems running on these Linux distributions, configure the Red Hat Linux Settings and SUSE Linux Settings suitably

Follow the steps mentioned below to install/uninstall patches.

Click on Patch Management in the web console.
Under Deployment select Install/Uninstall Patch.
Choose the operating system and then create a configuration that needs to be deployed.

Step 1: Name the Configuration

Provide a name and description for the Install/Uninstall Patch configuration.

Step 2: Define Configuration

Specify the operation type as Install Patch to install patches and define the following values:

Parameter	Description
Add Patches	Click on Add More Patches. From the window, select the patches that have to be applied. There is an option to view the missing patches or all patches, which can then be filtered based on the application and service pack. If you have reached this configuration page from the Patch Management tab by selecting the patches, the selected patches automatically gets added to the List of Patches.
Scheduler Settings	Install After Select this option and specify the date and time after which the patches have to be installed. The patches will be installed based on the Install Options selected after the scheduled time.
Deployment Settings	Specify the following Deployment Settings: Installation/Uninstallation Option Install during computer startup: Select this option if the patches have to be deployed during computer startup. Install during 90 minutes refresh interval: Select this option if the patches have to be installed after the computer startup when the next update happens (within 90 minutes) Either of the above, whichever is earlier Install Between If you want the installation to happen only between a specified time of a day, you can specify the Start and End time within which the deployment should begin. The Start Time can also be greater than the End time - in such cases, the End time is assumed to be on the following day. For example, if you wish the deployment should happen between 10.00 PM and 4.00 AM, you can specify the Start Time as 22:00:00 and End Time as 04:00:00 Allow Users to Skip Deployment Specify whether the user can skip the deployment at a later time by selecting the Allow Users to Skip Deployment. When you do not select this option, the deployment will be forced and the user will not have any control over the deployment. When you allow users to skip deployment, you can also specify whether they can skip it as long as they wish or force deployment after a specific date. Reboot Policy Do not reboot: Select this option if the client computers should not be rebooted after installing the patches. Force Reboot when the user has logged in: Select this option to force the user to reboot the computer. Specify the time within which the client machines will be rebooted and the message that has to displayed in the client machines. Force Shutdown when the user has logged in: Select this option to force the user to shut down the computer. Specify the time within which the client machines will be shut down and the message that has to displayed in the client machines. Allow the user to skip Reboot: Select this option to allow users to reboot later. Specify the message that has to displayed in the client machines. Allow the user to skip Shutdown: Select this option to allow users to shut down later. Specify the message that has to displayed in the client machines.

Parameter

Description

Add Patches

Click on Add More Patches. From the window, select the patches that have to be applied. There is an option to view the missing patches or all patches, which can then be filtered based on the application and service pack.

If you have reached this configuration page from the Patch Management tab by selecting the patches, the selected patches automatically gets added to the List of Patches.

Scheduler Settings

Install After

Select this option and specify the date and time after which the patches have to be installed. The patches will be installed based on the Install Options selected after the scheduled time.

Deployment Settings

Specify the following Deployment Settings:

Installation/Uninstallation Option

Install during computer startup: Select this option if the patches have to be deployed during computer startup.
Install during 90 minutes refresh interval: Select this option if the patches have to be installed after the computer startup when the next update happens (within 90 minutes)
Either of the above, whichever is earlier

Install Between

If you want the installation to happen only between a specified time of a day, you can specify the Start and End time within which the deployment should begin.
The Start Time can also be greater than the End time - in such cases, the End time is assumed to be on the following day. For example, if you wish the deployment should happen between 10.00 PM and 4.00 AM, you can specify the Start Time as 22:00:00 and End Time as 04:00:00

Allow Users to Skip Deployment

Specify whether the user can skip the deployment at a later time by selecting the Allow Users to Skip Deployment. When you do not select this option, the deployment will be forced and the user will not have any control over the deployment.
When you allow users to skip deployment, you can also specify whether they can skip it as long as they wish or force deployment after a specific date.

Reboot Policy

Do not reboot: Select this option if the client computers should not be rebooted after installing the patches.
Force Reboot when the user has logged in: Select this option to force the user to reboot the computer. Specify the time within which the client machines will be rebooted and the message that has to displayed in the client machines.
Force Shutdown when the user has logged in: Select this option to force the user to shut down the computer. Specify the time within which the client machines will be shut down and the message that has to displayed in the client machines.
Allow the user to skip Reboot: Select this option to allow users to reboot later. Specify the message that has to displayed in the client machines.
Allow the user to skip Shutdown: Select this option to allow users to shut down later. Specify the message that has to displayed in the client machines.

Step 3: Define Target

Using Define Target , define the targets for deploying the Install Patch configuration(s).

Step 4: Deploy Configuration

Click on Deploy to deploy the defined Install Patches Configuration in the defined targets. The deployment will be initiated during the next system startup.

To save the configuration as a draft, click Save as Draft.

Note:
Patch uninstallation is currently not supported for Mac and Linux machines.

Creating a configuration from Detailed View

If you are trying to create a configuration from Detailed View under All Patches, then the below-mentioned scenarios will come into effect. The detailed view will list every missing patch against every single computer in a separate row, which means if a single patch is missing in 5 computers, 5 rows will be listed.

When you have chosen to deploy more than one patch for more than one computer as mentioned below, then you might end up in deploying the patches to the computers which you never intended to deploy.

Creating a configuration based on the above selection will work as follows:

Selected Patches: Patch 1, Patch 2 and Patch 3.

Defined Target: Computer 1, Computer 2, and Computer 3.

Result of this Deployment:

Patch ID	Included Target	Intended target	Missing Patch	Deployment Initiated	Expected Result
Patch 1	Computer 1	Yes	Yes	Yes	Will be deployed
Patch 1	Computer 2	Yes	Yes	Yes	Will be deployed
Patch 1	Computer 3	No	No	Yes	Will not be deployed
Patch 2	Computer 1	No	Yes	Yes	Will be deployed
Patch 2	Computer 2	Yes	Yes	Yes	Will be deployed
Patch 2	Computer 3	No	No	Yes	Will not be deployed
Patch 3	Computer 1	No	No	Yes	Will not be deployed
Patch 3	Computer 2	No	No	Yes	Will not be deployed
Patch 3	Computer 3	Yes	Yes	Yes	Will be deployed

As per the above-mentioned table, the configuration will be deployed across to all the computers to which the patch is applicable. Patch 2 is applicable for Computer 1, but you never intended to deploy it, however, the deployment will happen on it since it is a missing patch.

In order to overcome this, it is recommended to deploy multiple patches to a single computer or single patch to multiple computers from Detailed View. If you want to deploy multiple patches for multiple computers, then it is recommended to create multiple configurations or initiate deployment from Missing Patches view.

Note:

When a Patch Management task is initiated, the agent residing on the client computer scans the computer for the missing patches and downloads only the applicable patches from the Patch Manager Plus server.
If you are managing computers in a remote office using a Distribution Server, then WAN agents will download the applicable patches from the Distribution Server. The deployed patches will be replicated to the Distribution Server (only for on-premise) irrespective of whether the patch is applicable for the remote office computers or not.

Delete or Suspend Manual Patch Deployment

There can be certain scenarios where manual patch deployment tasks need to be suspended for the time being or be deleted altogether. Here are the steps to:

Delete Manual Patch Deployment Configurations

Step 1: Head on to Deployment > Manual Deployment.
Step 2: Select the configurations that need to be deleted.
Step 3: Click on Move to Trash to delete the selected configurations.

Note:

Once deleted (Move to Trash), the deployment configurations will cease to act:
- Immediately in systems connected through LAN/remote agents (except in systems with deployment in progress *) .
- As per the replication policy in systems under a distribution server.
* The machines with deployment in progress will continue to deploy, even if the configurations are deleted or suspended.
The deleted configurations can be viewed from Deployment > Trash.
In Trash, under Status, you can see the latest status of the configurations before they were deleted.

Restore Deleted Configurations

Step 1: Click on Deployment > Trash.
Step 2: Click on the three horizontal dots corresponding to the respective configurations in the Action column.
Step 3: Click on Restore from the menu.

Suspend Manual Patch Deployment Configurations

Step 1: Head on to Deployment > Manual Deployment.
Step 2: Click on the three horizontal dots corresponding to the respective configurations in the Action column.
Step 3: Click on Suspend from the menu.

The suspended configurations can be resumed by following the steps 1 & 2 and then clicking on Resume.

Note:

Suspend

Move to Trash

Immediately in systems connected through LAN/remote agents (except in systems with deployment in progress).
As per the replication policy in systems under a distribution server.