LANDesk Patch Management

Owned by Rebecca.Dewey
Last updated: Oct 20, 2014 by Former user (Deleted)

Patch Management 

LANDesk patches can be applied both to individual users and to broad groups. By using these features to patch computers in your group, you will ensure that vital software stays up-to-date. Below are two example workflows which outline the two main ways of administering patches. The first is a guide to targeted patches and the second is a guide to broad or group-wide patches. 

Tufts University is currently automatically patching software for almost every computer with the LANDesk agent.
The following applications are being patched.

  • Apple Quicktime
  • Adobe Flash
  • Adobe Reader
  • Adobe Acrobat
  • Adobe Air
  • Adobe Shockwave Player
  • Google Chrome
  • Skype
  • Filezilla Client
  • Firefox
  • WebEx Network Recording Player
  • VLC

Documentation

  File Modified

PDF File How to repair vulnerabilities using a staging task.pdf

Sept 19, 2012 by Michael MacDonald

PDF File How to Create Custom Definitions in 90.pdf

Sept 19, 2012 by Michael MacDonald

PDF File LANDesk Security Suite 9.0 SP3 - User Guide.pdf.pdf

Sept 19, 2012 by Michael MacDonald

PDF File LANDesk Management Suite 9.0 - Getting started with Patch Manager.pdf

Sept 19, 2012 by Michael MacDonald

PDF File How to change Default Scan and Repair settings on a client.pdf

Sept 19, 2012 by Michael MacDonald
  File Modified

Microsoft Powerpoint Presentation LD 9.5 SP1 - Patch Management Best Practices.pptx

Jul 18, 2013 by Former user

Overview

The following workflow is recommended for keeping the most vulnerable and important software up-to-date. Detailed instructions follow but at a high level:

  1. Keep the most vulnerable applications up-to-date. This includes Adobe Reader, Adobe Acrobat, Adobe Flash Player, Adobe Shockwave, Adobe Air, Java and RealPlayer. These applications are known to be vulnerable to attacks so keeping them patched greatly decreases the risk of computers being infected.
  2. Important and high applications, like internet browsers (Firefox, Internet Explorer, Opera, Safari, Google Chrome) and operating systems (for example, Mac OS X and Windows 7) should also be kept up-to-date. Since they are common and frequently used, these types of applications are frequent targets for attacks.

General information: Queries and scopes are dynamic and will pick up new computers as they are added into the system. Dragging and dropping individual devices or using "My Devices" in a task is not dynamic and will only patch those computers or devices that you have selected. 

Administering Targeted Patches

If you have not used the console before, see the Getting Started with LANDesk and Installing the LANDesk Console pages. Once you have the LANDesk console installed, log in using your Tufts credentials. 

To administer a targeted patch to a single user or small group of users, click "Tools", "Security and Compliance", and then "Patch."

Open the "Scan" folder to view all available patches. Here you can filter by type of patch or search for an individual patch by name. 

When you have located the patch you would like to administer, right click it and select "Repair." In this example, we have chosen to patch Adobe Photoshop.

A window will open where you can name and schedule your repair task. First enter a name in the "Name Task" window. Then select either "Repair as Scheduled", which will immediately push the patch to all the selected machines, or "Repair as Policy," which will administer the patch when the selected computers check for LANDesk policy updates, typically once a day or when a user first logs in. It is suggested that you use "Repair as Scheduled" if you know that the computers you are patching are currently online. If the selected computers are offline, they will not receive the patch. This option is good for administering patches for computer labs or targeted patches when you can determine the status of the target computers. "Repair as Policy" is best when targeting a large group of users, who may or may not be online. They will definitely receive the patch whenever their computer next checks for LANDesk policy updates.

If you select "Repair as Scheduled Task" also select "Don't add any computers." If you select "Repair as Policy," you may choose to add a query (these represent different groups of users within your scope). When you have finished, select OK.

You will be redirected to a window showing you "Scheduled Tasks." If you did not add a query in the last step, to add computers to this task you can drag and drop devices from those listed in your scope. Click "Scope," then double click the scope you wish to open, then select the computers from your scope that you would like to target. To highlight multiple names from your scope, click shift or control and then select the names. When you have selected the computers, drag them to the task. A yellow "Pending" bar should appear on the graph. Next, right click and select "Start Now." The yellow bar will change to a grey "Active" bar which will resolve into a "Successful" or "Failed" bar depending on the outcome of the repair.

The patch may take some time to resolve; you can check back later to make sure the task resolved to "Successful."

The patch management best practices WebEx recording is available here. You will need WebEx player to watch it (available as package in Landesk)

Information on the Tufts IT Knowledgebase is intended for IT Professionals at Tufts.
If you have a question about a Tufts IT service or computer/account support, please contact your IT support group.