It is recommended to use "Test and Approve" feature, which can test the patches on lab machine and then approve it automatically before deployment. We also have patch removal/roll back option, which can be used to handle these situations.
We do support reboot scheduling in deployment policy with "Reboot Window/ Specify Reboot Time" for Force Reboot. This feature is available in Patch Manager Plus build versions 10.0.405 and above.
You can create a separate "Deployment Policy" for such requirements and get them deployed automatically.
It depends on the number of computers, the internal security requirement and related compliance. All systems are scanned automatically after the patch database synchronization which happens everyday at the user specified time. In addition to this, patch scan can also be initiated manually when required.
Managed computers can be use regular user account, since the agent is running in the system account it would have the privilege to install the patches.
Patch Manager Plus will automatically detect the language based on the operating system.
Patch Manager Plus will retry to install the patch during the subsequent deployment window and the installation status would be updated.
It is about testing the patches before deployment. You can choose to approve the patches automatically or manually. We also have the feasibility to test the patches before approving them automatically. The tested patches can be approved automatically after specified number of days if no failures found. Alternatively, you can manually approve it based on the result.
Patch Manager Plus will allow you to automate the complete process. You can create an APD task, which will automatically scan computers, detect missing patches, automatically download the required patches and deploy it to the target computers. You can configure "Patch Clean up settings, to automatically delete the unwanted patches.
Yes, you can. You can target machines based on system type such as laptops and desktops. You can also create a custom group with system type as criteria.
You can create separate APD task for scanning and downloading the patches. You will find four different options such as scan, download, draft and deploy. You can choose any of them based on your requirement
You can configure notification settings for the APD task which can send you the status report multiple times based on the different status including scanning, downloading and deployment of patches Yes, Patch Manager Plus supports them.
Scanning will be initiated incrementally in order to avoid bandwidth bottlenecks.
Deployment Policy can be used to schedule the patch and reboot/shutdown. However, if you want to shut down after reboot, you can use the remote shutdown/reboot tool to perform this operation.
You can disable auto-updates from WSUS and install Patch Manager Plus agent on the computers to be managed, scan the computers and start deploying the patches.
You can create a custom group with the computers which you wanted to exclude. Decline the application from, Patch Mgmt -> Decline Patch -> Decline Patch for Group -> specify the application.
You should configure “Automated Patch Deployment Task” and ensure that the schedule is run every day to keep your computers up-to-date.
You can see the “Installed Time”, against the patch, if it is installed using Patch Manager Plus. If you do not find the “Installed Time”, then it could be patched using automatic updates. In such cases, you will have to disable auto-updates from, Configurations -> Script Repository ->Templates tab -> Search for AutomaticUpdates.exe -> add to repository. Create a configuration, select the target computers and deploy it.
Yes, you can pull local agent logs from remote computers and upload it to support for analysis from, Support -> Create Support File.
You can create a custom group and test the patches before deploying them to all computers in the company. Ability to "Test and deploy" patches, will be available at the end of this quarter.
You can customize the count of computers, displayed. The changes you make will persist only for the technician and the view.
You can achieve this by using “deploy immediately option”, whenever you deploy a patch configuration. This will wake up the target computer on-demand, to perform the task initiated by Patch Manager Plus.
You can view the status of the “Automate Patch Deployment Task” from, Patch Mgmt -> Automated Patch Deployment Tasks. You can also generate reports of these tasks and schedule it.
You can deploy definition updates using Patch Manager Plus from, Patch Mgmt -> Automate Patch Deployment -> Schedule Anti-Virus Task
You can create a dynamic custom group and choose to decline the patches for the specific application like JRE. By doing this, you can maintain multiple versions of the JRE in your network.
In Patch Manager Plus Cloud, the port configuration is not necessary for the server. For the Distribution Server and agents, there are a few domains that are necessary for their functioning, which is explained in this document: https://www.manageengine.com/patch-management/help/domains-required-for-agent-communication.html. You need not do the port configuration since these domains are communicated using the default port 443. When you create a remote office, you can configure the port you want, with which the Distribution Server and agents communicate.
Refer this article to find the list of domains , which need to be excluded https://www.manageengine.com/products/desktop-central/patch-download-failure-error-403.html
Automated patch tasks are not regular configurations. You can view the status of the You can view the status of the "Automate Patch Deployment Task -> System View". You can also configure notification settings, Patch Mgmt -> Automate Patch Deployment -> Notification Settings, to receive email updates, whenever there is any change in the status of the task.
This can be achieved by configuring the deployment policy and excluding servers from reboot, Patch Mgmt -> Deployment Policies -> Create Deployment Policy ->Deployment Window -> Reboot Policy -> Exclude Servers from Reboot
This can be achieved by configuring the deployment to happen after the encryption time window. You can configure it from, Patch Mgmt -> Deployment Policies -> Create Deployment Policy -> Deployment Window
You can wake up the computers and deploy the patches by configuring, Patch Mgmt -> Deployment Policies -> Create Deployment Policy -> Turn on computers before deployment.
“Mark As” - option, will be available only when you choose to approve patches Manually, Patch Mgmt-> Settings -> Approval settings - > Approve Patches -> Manually. If you have chosen to approve all patches automatically, all the patches will be marked as approved by default.
Both Windows 10 and Microsoft Office 2016 are supported by Patch Manager Plus. You should ensure that your Patch Database is successfully synchronized in the recent past. Verify it from, Patch Mgmt -> Update Vulnerability DB -> Last update time.
Yes, Patch Manager Plus supports managing 3rd party applications. Find the list of supported 3rd party applications: https://www.manageengine.com/products/desktop-central/patch_management_supported_application.html.
You can, create a report from, Patch Mgmt -> All Patches -> Missing Patches Tab -> Computer View and create a filter based on the “Release Date”
Yes, you can sign-up, create an account and start using Patch Manager Plus Cloud version.
Yes, when you create an APD task, under scheduler select Monthly option and choose 3rd Sunday.
Dynamic custom groups are evaluated on the client side during deployment based on the criteria you have defined.
Yes, under Patch Mgmt->Disable Automatic Updates, choose templates and disable.
You might need to create 2 separate APD tasks as below to achieve this: • Create the first task to just scan the computers and schedule this at 10 AM. This will complete by 12 noon and you will get the list of missing patches, which you can choose and approve • Create a second task scheduled to run at 3PM (assuming that you would approve the patches by then). For this task, define a Deployment policy with o Deployment Window with start and end times as required, say start at 8 PM o Select this option “Download Patches/Software during subsequent Refresh Cycle”The second task will start at 3 PM and scan the computers again and download the necessary patches to the agents. Assuming that all the target computers are up, this will complete and keep things ready for deployment by 6 PM. The deployment will begin at the scheduled deployment window, 8 PM.
When these computers connect to the network via VPN, the deployment will be initiated during the next refresh cycle (90 minutes).
Yes, almost all patches that have a download URL will be supported. You can get the list of patches that we support from here: https://www.manageengine.com/products/desktop-central/patch-management/microsoft-security-bulletins.html
We usually support within 24 hours
It depends on the number of systems and patches that are maintained, maybe up-to 1 GB. It is recommended to configure patch cleanup settings to remove older patches automatically. This will also cleanup the distribution server.
It will automatically be downloaded and installed.
Patch interdependencies and sequencing will be automatically be taken care by Patch Manager Plus.
No, agent should be deployed prior to scanning. You can define SoM Sync Policy to automatically identify new computers added to Active Directory and install agents on them.
Under Configuration Templates, we have a template to disable windows10 creep update (Disable Windows 10 Notification)
Yes, it is technically possible if all the remote offices use the same agent and if all the remote office computers can reach the Distribution Server. However this is not applicable for Patch Manager Plus cloud, since every remote office needs a unique Distribution Server.
Yes, the ideal way to do this is go to the All Systems View, select the computer and install all missing patches to this computer.
Yes, the agents will contact the server to post the failure messages. But, no deployment will happen.
Once the 30-day trial expires, you can either extend you trial, purchase the product or move to Free edition. After the trial, you will be automatically moved to the free edition, where move to the Free edition, you are allowed to choose the computers(up to 25) that you want to manage. Click here to view the edition comparison matrix
On the PMP server, navigate to Admin tab and select Subscription, under Global Settings. Click Manage Plan, you will be redirected to. Zoho Store page. Purchase or Renew your license here. On successful completion, your PMP Cloud license will be activated immediately. In case the has expired, click on the Buy Now to proceed with the reactivation.
Payments are securely done using Zoho Store. PMP Cloud supports payment via Visa, MasterCard, American Express and PayPal. You can also purchase offline(Non-Store), by mailing to sales@manageengine.com.
Modify your license by navigating to this link (sign up with the Zoho account, if need be). Click on Manage Plan, which re-directs you to Zoho Store. Hovering on the plan, lets you add/remove the number of computers to be managed. Similarly, hovering on technicians and multi-language support, lets you add/remove technicians and unsubscribe multi-language support respectively Assume you want to add more computers for management. Click on the plan and specify the number of devices you want to manage. On specifying the additional devices, the required cost to be paid is displayed. You can then continue with the payment and finish the purchase.
On the PMP server, navigate to Admin tab and select Subscription, under Global Settings. Click Manage Plan, which redirects you to Zoho Store. Click Payment Method link. Provide credit card details and click on Update, to modify your payment method.
You can add users from Admin -> User administration -> Add user. You can associate users to either pre-defined roles or create roles and associate them. Additionally, you can modify the users, their roles and even delete them.
Yes, the agents will contact the server to post the failure messages. But, no deployment will happen.
If you encounter an error stating that "you are part of another organization" such as "Access denied for this service. Please contact your Org administrator, it implies that you are already registered for Zoho Services. A super admin assigned for Zoho Services, is the only person/profile who can sign up for any additional Zoho service including PMP Cloud. You will have to request the super admin to add yourself as a technician to use PMP Cloud. In case you want create an independent account, or evaluate PMP Cloud, you can use an alternate e-mail address to sign up and use the service.
The URLs to be white-listed for DS and agents to contact the PMP Cloud Server are given below:
For US : https://www.manageengine.com/patch-management/help/domains-required-for-agent-communication.html
For EU : https://www.manageengine.eu/patch-management/help/domains-required-for-agent-communication.html
Refer to this document. Identify the cause of the error and follow the resolution as given in that document.
Refer to this document. Identify the cause of the error and follow the resolution as given in that document.
Yes, it is supported. To know about Feature Pack Deployment in detail refer https://www.manageengine.com/patch-management/how-to/cloud-windows-10-feature-pack-deployment.html
To deploy Older version (6,7) Java patches refer https://www.manageengine.com/patch-management/help/workaround-for-java.html
To move Distribution Server from one drive to another follow the steps given in this document
If patches are missing and not already installed, the Automatic Patch Deployment (APD) task will attempt to deploy them again. In cases where there is an installation error at the machine level, the APD task will halt after two unsuccessful attempts to deploy the patches. However, if the issue is network-related, the APD will continue retrying until the patches are successfully deployed.
Currently, if the operating systems meet any of the following criteria, we consider them as server machines:
We recommend purchasing server licenses for any Linux machine when deploying them as servers within the organization.
Navigate to Agent --> Computers in the console interface. Create a filter for Operating System with tags "server" and "Oracle". The Red Hat Enterprise Linux OS server machines cannot be identified using the web console as its subscription has to be checked.
The free edition allows management of any number of servers, as long as the total number of endpoints does not exceed 25.