Patch Manager Plus installs an agent in all the client computers that have to be managed using Patch Manager Plus. The agent properties can also be customized prior to installing the agents. For details on customization, refer to Configuring Agent settings.
This document will explain you on the following:
|
The client computers can be added from Admin tab --> SoM --> Add Computers button. This will list the domains and workgroups that have been added.
Click the Select Computers link pertaining to a domain/workgroup. This opens the Select Computers dialog listing all the available computers of the domain/workgroup.
Select the computers that have to be managed using Patch Manager Plus and click OK. You can also manually specify the computer names instead of choosing them from the list. The selected computers gets added to the Selected Computers table in the Add Computers view.
Repeat steps 2 and 3 for adding computers from multiple domains/workgroups.
Select the "Install Agent Immediately" check box to install the Patch Manager Plus agents in the selected computers immediately. When this option is not selected, the computers are only added. You need to install the agents later to manage them.
|
Click Done to add the selected computers. All the selected computers gets added to the Scope of Management.
The Scope of Management page will list all the computers that are being managed by Patch Manager Plus along with the status of the agent installation and the agent version. Agents can also be installed at a later stage, by selecting the computers from Admin --> SoM page and clicking the Install Agent button from the Patch Manager Plus Console.
Windows GPO is a powerful and versatile tool. Patch Manager Plus agent can be installed using the GPO light-weight tool. Follow the steps given below to create a Group policy and link it with OUs and Domains.
Steps:
Kindly include DCAgentServerInfo.json file only if the build version is 10.1.2124.1 and above.
(or)
For vb script configuration: GPO_Tool.ps1 UEMS.msi UEMS.mst InstallAgent.vbs
For Build 100653 and above :
Specify the script arguments as "UEMS.msi UEMS.mst \\Domain name\SysVol\Domain name\Policies\{ID}\Machine\Scripts\Startup\DMRootCA.crt"
Specify the script arguments as "UEMS.msi UEMS.mst \\Domain name\SysVol\Domain name\Policies\{ID}\Machine\Scripts\Startup\DMRootCA.crt and \\Domain name\SysVol\Domain name\Policies\{ID}\Machine\Scripts\Startup\DMRootCA-Server.crt"
For PowerShell script configuration: GPO_Tool.ps1 UEMS.msi UEMS.mst PSInstallAgent.ps1
Specify the script arguments as "UEMS.msi UEMS.mst \\Domain name\SysVol\Domain name\Policies\{ID}\Machine\Scripts\Startup\DMRootCA.crt"
If SSL third party certificate is not uploaded in the server, Admin -> Security Settings -> Import SSL Certificates, the below files should be added along with Agent installer files:Specify the script arguments as "UEMS.msi UEMS.mst \\Domain name\SysVol\Domain name\Policies\{ID}\Machine\Scripts\Startup\DMRootCA.crt and \\Domain name\SysVol\Domain name\Policies\{ID}\Machine\Scripts\Startup\DMRootCA-Server.crt"
To install a LAN agent manually, follow the steps given below:
Under SoM, select the Remote Offices tab
In the Download Agent column, against the local office you have added, click the Download LAN Agent icon
Save the .zip file in the computer on which you want to install the agent
Extract the contents of the zip file
Open a command prompt with run as admin privilege and navigate to the location of extracted zip folder and run the command setup.bat
Select option 1 to install agent in this computer
You can install agents using SCCM by following the steps mentioned below:
i) UEMS.msi
ii) UEMS.mst
iii) DCAgentServerInfo.json
iv) DMRootCA.crt
You can install agents using Microsoft Intune by following the steps mentioned below:
To configure the app package :
Install Command : "agent.exe" /silent
Uninstall Command : "agent.exe" /X
(The above are dummy commands that does not affect installation, and thus can't be used to uninstall agents.)
Detection Rule : Manually configure detection rule.
Rule type : MSI
MSI product code : {6AD2231F-FF48-4D59-AC26-405AFAE23DB7}
MSI product version check : No
Now you can deploy the agent through Microsoft Intune to the machines in your network.
Enabling this settings will automatically retry to install the Patch Manager Plus agents, on the failed targets. If the one of the target computer is not reachable, instead of manually retrying to install the agent, you can specify the number of times, the automatic retry should happen. You can also specify the maximum frequency for this to be repeated. The retry process will be performed based on the specified frequency for the specified number of days. Mail alerts can be configured to notify when the agent installation has succeeded on one or more computers. Follow the steps mentioned below to configure retry agent installation process:
Click Admin & tab on Patch Manager Plus web console
Choose SoM
Select Settings
Enable the check box, to retry agent installation process
Specify the frequency and the number of days for the retry process to happen.
Specify the email address to which the notifications need to be sent.
You have successfully configured the settings to retry agent installation on failed computers.
To uninstall the agents from the computers:
To remove the computers from the list:
Patch Manager Plus updates the live status of computers periodically. This data is updated every ten minutes or while an on-demand operation is performed on a client computer. You can see the live status of the Patch Manager Plus agents by clicking on SoM, under "Computers" View. The following status will be displayed:
The computer icon will be in green color if the Patch Manager Plus Agent is live.
The computer icon will be in red, if the Patch Manager Plus agent is down. Patch Manager Plus agent can be down in the following scenarios:
If the computer is not in the network
If the computer is shutdown
If the Patch Manager Plus agent service has been stopped
If the Patch Manager Plus agent has been crashed
The computer icon will be in grey, if Patch Manager Plus agent is not installed in it. Those computers are discovered in the SoM because they are added to the active directory but not managed by Patch Manager Plus.