Patch Management Solution

Hello there,

Many of our company production servers do not have full compliance in patches from 2011 - current.

Would you please advise to:

1/ How to create a report to identify of what patches applicable, but are missing, not installed from 2011 - current.

2/ How to download all patches applicable to Windows Servers (2003, 2008) from 2011 - current

Thank you very much for your prompt support,

Charlie Tran

Hello Charlie,

1. Out-of-box reports display this data. The Patch Compliance Reports show the vulnerabilities for the Bulletins, Computers and Updates in the environment.

• Console > Reports > All Reports > Software > Patch Management > Compliance; view the Compliance by Computer Report
• Change the Release Date From; input the date range that you would like to view, and refresh the report
• Change the Operating System drop down; input the specific Windows Server OS needed to report on
• Right-click > View Not Installed Computers by Bulletin; view the clients that need the Bulletin

2. Note the updates that are vulnerable to the OS Types from step one

• Go to the Console > Actions > Software > Patch Remediation Center
• Highlight the noted Bulletins; right-click > Distribute Packages.
• Configure the Software Update Policy to run as needed, but keep in mind that best practice is to control the Software Update Cycle schedule on the Default Software Update Plug-in Policy.
• This process is detailed further on KM: HOWTO56242 for PM 7.1 SP1+

Keep in mind that some clients may need to be troubleshot for updates failing to install as they may be experiencing anomalies (needing a reboot etc). Some of these topics are detailed on KM: HOWTO79448 and more specifically on TECH41678.

Hope this helps,

Joshua