Versions Compared

Version Old Version 10 New Version Current
Changes made by

Rebecca.Dewey

Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

LANDesk patches can be applied both to individual users and to broad groups. By using these features to patch computers in your group, you will ensure that vital software stays up-to-date. Below are two example workflows which outline the two main ways of administering patches. The first is a guide to targeted patches and the second is a guide to broad or group-wide patches. 

Tufts University is currently automatically patching software for almost every computer with the LANDesk agent.
The following applications are being patched.

  • Apple Quicktime
  • Adobe Flash
  • Adobe Reader
  • Adobe Acrobat
  • Adobe Air
  • Adobe Shockwave Player
  • Google Chrome
  • Skype
  • Filezilla Client
  • Firefox
  • WebEx Network Recording Player
  • VLC

Documentation

Attachments
patterns.*pdf
Attachments
patterns.*pptx

Overview

The following workflow is recommended for keeping the most vulnerable and important software up-to-date. Detailed instructions follow but at a high level:

  1. Keep the most vulnerable applications up-to-date. This includes Adobe Reader, Adobe Acrobat, Adobe Flash Player, Adobe Shockwave, Adobe Air, Java and RealPlayer. These applications are known to be vulnerable to attacks so keeping them patched greatly decreases the risk of computers being infected.
  2. Important and high applications, like internet browsers (Firefox, Internet Explorer, Opera, Safari, Google Chrome) and operating systems (for example, Mac OS X and Windows 7) should also be kept up-to-date. Since they are common and frequently used, these types of applications are frequent targets for attacks.

General information: Queries and scopes are dynamic and will pick up new computers as they are added into the system. Dragging and dropping individual devices or using "My Devices" in a task is not dynamic and will only patch those computers or devices that you have selected. 

Administering Targeted Patches

...

The patch may take some time to resolve; you can check back later to make sure the task resolved to "Successful."

Administering Scheduled or Group Patching

Group patches are useful when administering patches to your entire scope or a large section of your scope. Once you have set up a custom group, you can add patches from the "Scan" folder to it at any time. In addition, you can schedule a periodic deployment of patches to the group. This allows you to add patches to the group's folder at any time and have them deployed on a regular basis. 

To make a custom group, navigate to "Security and Patch Compliance," "Patch and Compliance," and then click on "Custom Groups" to expand the drop-down menu. Next, right click on "My Custom Groups" and select "New Group". This will generate the new group under the "My Custom Groups" heading which should name.

  Image Removed

Next, click on "Scan" and highlight the patches you would like to administer. It is recommended that Adobe, RealPlayer, Flash, and Internet browsers be patched regularly as they are heavily utilized and vulnerable programs. When you have your patches selected, drag and drop them into your custom group folder. 

Image Removed

To immediately administer these patches or schedule a deployment time, right click on your group's name. In this example, the group is "Test Group." Select "Repair." Image Removed

In the window that opens, name your task and select "Repair as Policy," which will administer the patch when the selected computers check for LANDesk policy updates, typically once a day or when a user first logs in. This option is best when targeting a large group of users, who may or may not be online. They will definitely receive the patch whenever their computer next checks for LANDesk policy updates. Then select "Configure" under the "Scan and Repair Settings." Image Removed

In the window that opens, select "New," then name your scan and repair settings. Choose "Show progress dialog: Never"

Image Removed

Next, click "Scan Options" and select "Group."  Click the ellipsis to open a list of all available groups. Choose your group out of the "My Custom Groups" tab. In this example, we'll select "Test Group." When you have finished, select "Repair Options" from the left-hand menu bar. Here, you can choose to immediately begin your scan or set a time for the scan to begin. It is recommended that you un-check "Start repair even if user is running a presentation" and check "Start repair even if reboot is already pending."

Image Removed

...

Info
The patch management best practices WebEx recording is available here. You will need WebEx player to watch it (available as package in Landesk)