null null

ALTIRIS®
Patch Management Solution™ 6.2
for Windows
Help
Notice
Altiris® Patch Management Solution™ 6.2
© 2001-2006 Altiris, Inc. All rights reserved.
Document Date: February 13, 2007
Protected by one or more of the following U.S. Patents: 5764593, 6144992, 5978805, 5778395, 5907672, 4701745, 5016009, 5126739,
5146221, 5414425, 5463390, 5506580. Other patents pending.
Due to the inherently complex nature of computer software, Altiris does not warrant that the Altiris software is error-free, will operate without
interruption, is compatible with all equipment and software configurations, or will otherwise meet your needs.
The content of this documentation is furnished for informational use only, is subject to change without notice, and should not be construed as
a commitment by Altiris. Altiris, Inc. assumes no responsibility or liability for any errors or inaccuracies that may appear in this
documentation. For the latest documentation, visit our Web site at www.altiris.com.
Altiris, the Altiris logo, BootWorks, Eality, ImageBlaster, Inventory Solution, PC Transplant, RapiDeploy, RapidInstall, and Vision are registered
trademarks of Altiris, Inc. in the United States. Altiris, the Altiris Logo, and ManageFusion are registered trademarks of Altiris, Inc. in other
countries.
Altiris Connector, Altiris eXpress, Altiris Protect, Application Management Solution, Application Metering Solution, Asset Control Solution,
Asset Management Suite, Carbon Copy, Client Management Suite, Compliance Toolkit, Connector Solution, Contract Management Solution,
Deployment Server, Deployment Solution, Energy Saver Toolkit, Education Management Suite, FSLogic, Handheld Management Suite,
Helpdesk Solution, Lab Management Suite, ManageFusion, Migration Toolkit, Mobile Client for SMS, Monitor Solution, Network Discovery,
Notification Server, Package Importer, Patch Management Solution, Problem Management Suite, Recovery Solution, Security Solution, Server
Management Suite, Site Monitor Solution, Software Delivery Solution, SNMP Management, Software Delivery Suite, TCO Management
Solution, UNIX Client for SMS, Web Administrator, Web Reports, and other product names are trademarks of Altiris, Inc. in the United States
and other countries.
AuditExpress, Scan on Detect, and SecurityExpressions are trademarks of Pedestal Software Inc. in the United States. Audit on Connect and
Audit on Detect are trademarks of Pedestal Software inc. in the United States and other countries.
WebLens and Guaranteeing Your Net Works are registered trademarks of Tonic Software Inc. in the United States.
WebInsight and RUM are a trademarks of Tonic Software Inc. in the United States.
Microsoft, Windows, and the Windows logo are trademarks, or registered trademarks of Microsoft Corporation in the United States and/or
other countries.
HP and Compaq are registered trademarks of the Hewlett-Packard Corporation.
Dell is a registered trademark of Dell Inc.
Macintosh is a registered trademark of the Apple Computer Corporation.
Palm OS is a registered trademark of Palm Computing, Inc.
BlackBerry is a service mark and a trademark of Research In Motion Limited Corporation.
RIM is a service mark and trademark of Research In Motion (RIM).
Other company names, brands, or product names are or may be trademarks of their respective owners.
Altiris Patch Management Solution 6.2 for Windows
2
Contents
Chapter 1: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
How Patch Management Solution Conserves Network Bandwidth . . . . . . . . . . . . . . . . . . . . . . . 9
Chapter 2: Installing Patch Management Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Prerequisites . . . . . . . . . .
Installation . . . . . . . . . . .
Upgrading . . . . . . . . . . . .
Installing the Altiris Agent .
Licensing . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
10
11
11
12
13
Chapter 3: Getting Started with Patch Management Solution . . . . . . . . . . . . . . . . . . . . 14
Configuring Patch Management Core Solution . . . . . . . .
Downloading Microsoft Patch Management Import . . . . .
Downloading QChain. . . . . . . . . . . . . . . . . . . . . . . . . .
Installing the Software Update Agent . . . . . . . . . . . . . .
Viewing Patch Management for Windows Dashboard . . . .
Viewing a Report to Decide Which Updates to Install . . .
Staging Software Bulletins. . . . . . . . . . . . . . . . . . . . . .
Confirming Software Bulletin Status . . . . . . . . . . . .
Viewing Software Bulletin Status - Summary Report .
Creating Software Update Tasks . . . . . . . . . . . . . . . . . .
Viewing Results of Software Update Tasks . . . . . . . . . . .
Creating an Automatic Update Schedule . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
15
15
15
16
17
18
19
20
20
20
21
22
Chapter 4: Using Patch Management Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
User Interface . . . . . . . . . . . . . . . . . . . . . . . . . . .
Quick Starts. . . . . . . . . . . . . . . . . . . . . . . . . .
Tasks Tab View . . . . . . . . . . . . . . . . . . . . . . .
Notification Policies . . . . . . . . . . . . . . . . . .
Software Update Task . . . . . . . . . . . . . . .
Manage Software Updates . . . . . . . . . . . . .
Resources Tab View . . . . . . . . . . . . . . . . . . . .
Reports Tab View . . . . . . . . . . . . . . . . . . . . . .
Patch Management for Windows dashboard .
Reports . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuration Tab View . . . . . . . . . . . . . . . . . .
Global Settings. . . . . . . . . . . . . . . . . . . . .
Patch Management Core Solution . . . . . . . .
Download Software Update Packages . . . . .
Revise Software Update Tasks . . . . . . . . . .
Microsoft Settings . . . . . . . . . . . . . . . . . . .
Software Inventory . . . . . . . . . . . . . . . . . .
Software Update Agent Configuration . . . . .
Software Update Agent Rollout. . . . . . . . . .
Software Update Agent Uninstall . . . . . . . .
Software Update Task Wizard . . . . . . . . . . . . .
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Altiris Patch Management Solution 6.2 for Windows
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
23
23
24
24
24
26
28
29
29
29
30
30
30
31
31
31
33
33
36
37
37
40
3
Global Privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring Background Actions . . . . . . . . . . . . . . . . . . . . . . . . .
Software Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Resource Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Definitions of Software Updates and Software Bulletins . . . . . . . . . . . .
Software Bulletins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Viewing Available Software Bulletins . . . . . . . . . . . . . . . . . . . . . .
Viewing Details on a Software Bulletin . . . . . . . . . . . . . . . . . . . .
Custom Severity Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Downloading Software Bulletins and Distributing Software Updates
Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Modifying Software Update Tasks . . . . . . . . . . . . . . . . . . . . . . . .
About Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Software Update Supersedence . . . . . . . . . . . . . . . . . . . . . . . . .
Software Update Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Software Update Agent User Interface . . . . . . . . . . . . . . . . . . . .
Software Update Agent Command-Line Utility . . . . . . . . . . . . . . .
Upgrading the Software Update Agent . . . . . . . . . . . . . . . . . . . .
Uninstalling the Software Update Agent . . . . . . . . . . . . . . . . . . .
Resource Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Computer Resource Manager Software Update Summary . . . . . . .
Inventory Data Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Reporting on Patch Management Data in a Hierarchy . . . . . . . . . . . . .
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Software Updates not Downloading . . . . . . . . . . . . . . . . . . . . . .
Enabling FTP downloads through a Proxy. . . . . . . . . . . . . . . . . . .
Reboot on a Schedule not Working Properly. . . . . . . . . . . . . . . . .
Agent Reboot Warning and Snooze Option. . . . . . . . . . . . . . . . . .
Windows Update Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
41
41
42
43
44
44
44
45
45
45
46
46
47
48
48
49
49
50
52
53
53
54
54
55
55
56
56
56
56
57
57
Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Altiris Patch Management Solution 6.2 for Windows
4
Chapter 1
Introduction
Altiris® Patch Management Solution™ software lets you scan computers for security
vulnerabilities, report on the findings, and automate the downloading and distribution of
needed Microsoft security patches. You can review and download specific patches from
Microsoft, create collections of computers that require a specific patch, and apply the
patch to the computers that need them.
Key features include
z
Support for operating system and applications for English, German, Spanish,
Japanese, Chinese, Portuguese, and French.
z
Information repository that provides detailed information on each software bulletin,
such as technical details, severity ratings, and number of executables.
z
Software repository that automates the downloads from the vendor site prior to
distribution without administrator intervention.
z
Patch-specific inventory for determining supported operating systems, applications
and the associated service pack level, and whether a patch is installed.
z
Improved distribution wizard and targeting that automatically determines the patch
installation requirements and assigns Altiris® Notification Server™ collections based
on the requirements.
z
Extensive control over installations, such as integration with QChain, reboot control,
and easy selection of command-line options.
z
Integration with other Altiris products, such as Altiris® Recovery Solution.
Patch Management Processes
2.
Download
Security
Patch
Web
Administration
3.
Scan
Results
4.
Install
Security
Patch
Automated
Alerts
Altiris
Web Site
Microsoft
Web Site
1.
Download
Software
Management
Resources
Altiris Patch Management Solution 6.2 for Windows
Notification
Server
Managed
Computers
5
Patch Management Solution Features
Feature
Description
Information
Repository
The repository provides comprehensive data on software bulletins,
software updates, inventory rules, and so on. The process to populate
the information repository from the Microsoft* Patch Management
Import files starts after installation is complete.
Comprehensive
Inventory
Detailed information on the operating system and installed applications,
as well as inventory on software update installations. For effective
targeting during distribution, inventory results populate predefined
collections based on operating system service pack levels and
application versions.
Software
Repository
Patch Management Solution automatically downloads all staged
software updates from the vendor site prior to distribution. This allows
for staging of software updates prior to distribution.
Software Update
Analysis
Automated evaluation of patch dependencies reduces the labor
requirements of patch management.
Simplified
A wizard simplifies the management of distribution policies. Instead of
Distribution Tasks creating a task for each individual software update, you create a single
policy for the software bulletin. Example: If you have 3 software
bulletins with 7 software updates, you only have to manage 3
distribution tasks. Also, most software bulletins have software updates
for different operating system versions and the languages associated
with them.
Recovery Solution After Altiris Recovery Solution is installed, Patch Management Solution
Integration
provides an agent option to automatically create a snapshot prior to
software update installations. This allows for roll back when a software
update causes problems.
Previous releases of Patch Management Solution used Microsoft Baseline Security
Analyzer (MBSA) as the primary means for the verification that a patch was installed.
This release of Patch Management Solution uses the Microsoft Patch Management
Import files as the means for patch management. See Microsoft Patch Management
Import (page 32).
Overview
This section gives you a brief overview of Patch Management Solution and how it uses
inventory it gathers to create Software Update packages. After you create Software
Update tasks, the associated packages are sent to managed computers and the
appropriate Software Update programs are installed.
Altiris Patch Management Solution 6.2 for Windows
6
A. Collections are automatically created from inventory
As part of the deployment of the Software Update Agent, the Inventory Rule Agent gets
installed on managed computers and sends back inventory specifically needed for
managing software updates. Inventory includes software vendor, software release, and
service pack information.
From this inventory, Patch Management Solution creates specific collections to target
only the computers that individual software updates should go to. These collections are
created when the software bulletins that contain them are staged.
These collections contain computers that are applicable for the software update.
Altiris Patch Management Solution 6.2 for Windows
7
B. Software bulletin information needs to be downloaded
After Patch Management Solution gets installed, you decide when to download software
bulletin information from the Altiris Web site. This information includes the severity of
each software bulletin as well as details on its software updates and where they can be
downloaded from Microsoft. This information also includes rules for creating collections
and rules how to verify that the software update is installed.
Note
Notification Server needs an internet connection to download the Microsoft Patch
Management Import files that contain software bulletin information.
C. You stage software bulletins to download software updates and
create packages
When you stage a software bulletin, each associated software update executable
automatically gets downloaded from Microsoft. You can then create a Software Update
task for each software bulletin you want to deploy. From the information in software
bulletin executables, Patch Management Solution then creates a Software Update
package for each software update.
There are one or more software updates associated with each software bulletin. Every
software update applies to a software release/service pack combination. Each software
update also has a Software Installation Type.
D. You create Software Update tasks to deploy downloaded software
updates
Software Update tasks can be created using the Software Update Task Wizard. Software
Update tasks use the associations created from the inventory received from the
Inventory Rule Agent to select the appropriate collections to which the software updates
should go.
When you create a Software Update task, one or more programs are automatically
created and attached to the Software Update package associated with the software
update. When the managed computer receives the Software Update task, it first verifies
that the software update is needed, then downloads the Software Update package and
launches the required program. This program then installs the software update.
To save network bandwidth, the agent verifies that the software update is needed. The
software update may already be there for multiple reasons (Example: Sometimes
another process rolls out a software update). If the software update is already installed,
it does not download and reinstall (Example: You image a computer and its image
already has the Software Update Agent. In this case, the software update will be not
reinstalled).
At an interval, the Software Update task is re-evaluated and, if needed, reinstalled.
Example: If some operation removes a software update, it will be reinstalled.
Note
Notification Server needs an internet connection so it can automatically download the
update files from the Microsoft Web site.
E. Behind the scenes
Software Installation types determine install options, such as the command-line
argument to run the executable.
Altiris Patch Management Solution 6.2 for Windows
8
Note
The Software Installation Type and Software Installation Option can be viewed on the
Configuration tab view by selecting Configuration > Resource Settings >
Resource Types > Software Management > Patch Management. To view all
resources in a Software Installation Type or Software Installation Option, click either
Software Installation Type or Software Installation Option in the left pane, and
then click the List Resources tab in the content pane.
When a Software Update task is created, one or more programs are created using the
selected Software Installation Options (found under the Installation Options section of
the Advanced tab). The Installation Options that are available depend on the
Software Installation Type. For information, see Software Update Task (page 24).
How Patch Management Solution Conserves
Network Bandwidth
The solution has been designed so that network bandwidth usage between the
Notification Server and the Software Update Agent is minimized. The following features
significantly reduce long term network requirements for this solution.
z
Only inventory results that have changed are sent by the Software Update Agent to
Notification Server.
Note
This is default behavior. You can configure individual software inventory policies to
always send inventory results.
z
You can enable or disable event capture of package events (the information about
package download success, failure, or refresh). See “Advanced Settings” in the
Altiris Notification Server Help.
z
The Software Update Agent has a locally cached store of inventory rules. The
Notification Server will only be contacted when new inventory rules are available.
z
Only delta updates are performed for inventory rules. The Software Update Agent
will only request inventory rules that are new or changed compared to the local
agent cache.
z
For patches with software update inventory rules, the installation of the software
update will only execute (and send an NSE) if the rule evaluates as “NotInstalled”.
Also, software updates with inventory rules will not be downloaded (and hence
executed) on a client computer if an update is not applicable or is already installed.
See Also
z
Troubleshooting (page 56)
Altiris Patch Management Solution 6.2 for Windows
9
Chapter 2
Installing Patch Management Solution
z
Prerequisites (page 10)
z
Installation (page 11)
z
Upgrading (page 11)
z
Installing the Altiris Agent (page 12)
z
Licensing (page 13)
Prerequisites
Prerequisites for Patch Management Solution
z
Install and configure Notification Server 6.0 SP3 R2 or later. See the Altiris
Notification Server Help for Notification Server requirements.
Note
If Notification Server proxy settings have been configured, Patch Management
Solution uses them to download software update information from the Altiris Web
site and to download software updates from Microsoft. For more information on
proxy settings, see the Altiris Notification Server 6.0 Release Notes or the Altiris
Notification Server Help.
z
Install or upgrade the Altiris Agent 6.0 SP3 on every computer to which you are
sending patches.
Note
It may take some planning and time before you install Patch Management Solution.
Microsoft typically releases patches on the second Tuesday of each month and Altiris
updates the PMImport.cab file shortly afterwards. Because of this, we recommend
that you install or update Patch Management Solution at least two weeks before
Microsoft releases its patches. This gives you enough time before a PMImport.cab
file update to make sure that you have the Altiris Agent upgraded to 6.0 SP3 on all
computers as well as install and set up Patch Management Solution. Notification
Server provides reports (in particular, see the reports under the Altiris Agent
Installation Status folder) that let you know the status of the Altiris Agent
installation. For more information, see the Altiris Notification Server Help.
Minimum requirements for running the Software Update Agent
z
Win32 computers running Windows 95 or later
z
MSI 1.1
Altiris Patch Management Solution 6.2 for Windows
10
Installation
Before installing Patch Management Solution, review the requirements information (see
Prerequisites on page 10).
Note
The software updates that Patch Management Solution distributes are provided by
Microsoft for its software products. You must ensure that each software update will work
correctly in your environment before deploying it. We recommend that you first install
the software update in a test environment before deploying it to your production
environment.
To install Altiris Infrastructure on the Notification Server
1.
Select Start > Programs > Altiris > Altiris Console.
This starts the Altiris Console.
2.
In the Altiris Console, click the Getting Started tab.
3.
Click the Install Altiris Solutions from the Solutions Center link.
4.
Click the Solutions button.
5.
Click Altiris Patch Management for Windows.
6.
Click Start.
The Install Wizard appears and provides configuration options.
7.
Select the languages you want to manage in your environment.
8.
Select the Download Actions you wish to run immediately after install.
Note
The Microsoft Patch Management Import task must complete before bulletins
can be staged and distributed. Microsoft Patch Management Import should take
around 20 minutes to run, depending on your network speed.
Upgrading
Note
You must have Patch Management Solution 6.1 or later installed before you can upgrade
to Patch Management Solution 6.2.
Note
Patch Management Solution 6.2 will only work with Software Update Agent 6.2. To
upgrade from Patch Management Solution 6.1, you must also upgrade the Software
Update Agent on your managed computers.
To upgrade Patch Management Solution to 6.2
1.
Make sure you have Patch Management Solution 6.1 or later installed.
2.
Install Patch Management Solution. See Installation (page 11).
3.
Upgrade the Software Update Agent on your managed computers.
Altiris Patch Management Solution 6.2 for Windows
11

To upgrade computers running Software Update Agent 6.1, in the
Configuration tab select Configuration > Solutions Settings > Software
Management > Patch Management > Windows > Software Update
Agent Rollout and enable the Software Update Agent Upgrade policy.
Installing the Altiris Agent
The Altiris Agent must be installed on the computers you want to manage, if you have
not done so already (through the use of other Altiris solutions that require the agent).
When installing the agent, you specify the computers on which to install the agent. For
large numbers of computers, you can use the Resource Discovery and Network
Discovery features of Notification Server to discover the computers on your network and
create a list from which you can select the computers on which to install the agent. If
you have only a few computers to manage, such as during an evaluation, you can skip
computer discovery and perform the agent installation procedure.
Resource Discovery is used to discover Windows computers. The following procedure
describes how to use this feature.
Network Discovery can discover computers using Ping, Circular DNS resolution, SNMP,
and NetBIOS name and domain. You can discover Linux/UNIX, Mac OS, and Windows
computers. For details, see the Network Discovery Product Guide, which you can access
from the Altiris Web site (altiris.com/support/documentation) or the Altiris
Documentation page in the Altiris Console.
You need administrator rights to install the Altiris Agent.
For more information on the Altiris Agent, see the Notification Server documentation.
To discover Windows computers using Resource Discovery
1.
On the Notification Server computer, select Start > All Programs > Altiris >
Altiris Console to open the Altiris Console.
2.
In the console, click the Configuration tab.
3.
In the left pane, select Configuration > Server Settings > Discovery Methods
> Resource Discovery.
4.
In the content pane, click
and select the domains in which to search for
computers. (Optional) Enter the name of a domain and click
5.
.
Select the discovery methods you want to use. You must select at least one method.

Select the Domain Browse List option to discover computers (including
Windows 95, 98, 98 SE, and ME computers) that are currently sharing files.

Select the Domain Membership option to discover computers that have trust
accounts in the domain and are running Windows NT, 2000, XP, and 2003. This
method will not find any Windows 98, 98 SE, or ME computers.
6.
Click Discover Now.
7.
After the discovery process completes, click Apply.
The computers in the specified domains are discovered and can be selected to receive
the agent.
Altiris Patch Management Solution 6.2 for Windows
12
To install the Altiris Agent
This procedure does not work with Windows 98, 98 SE, and ME computers. For these
operating systems, see the “Pull Method” in the Notification Server documentation.
1.
On the Notification Server computer, select Start > All Programs > Altiris >
Altiris Console to open the Altiris Console.
2.
In the console, click the Configuration tab.
3.
In the left pane, select Configuration > Altiris Agent> Altiris Agent Rollout>
Altiris Agent Installation.
4.
In the content pane, do one or both of the following:

If you did not perform a computer discovery (because you only have a few
computers on which you want to install the agent, such as during an evaluation)
or you want to specify a computer manually, enter the name of the computer on
which you want to install the agent in the field next to the Add button, and then
click Add. Repeat this for all computers on which you want to install the agent.

If you performed a computer discovery, click Select Computers. In the dialog
that opens, select the computers to which you want to install the agent. Click
OK.
Note
The fact that a computer can be discovered does not mean that you can push
the agent to it. The computer must be running an operating system that
supports having agents pushed to it.
5.
Click Install Altiris Agent. The Options page opens to let you set configuration
properties for the Altiris Agent.
6.
Select the Show the Altiris Agent icon in the system tray option.
7.
Click Proceed with Install.
The Altiris Agent is installed to the computers.
Licensing
Each Altiris product comes with a 7-day trial license that is installed by default. You can
register and obtain a 30-day evaluation license through our Web site at www.altiris.com
or purchase a full product license.
To view your current license, open the Altiris Console, click the Configuration tab, and
select Licensing.
For more information, see “Licensing Altiris Software” in the Altiris Getting Started Guide
on the product CD or on our Web site at www.altiris.com/support/documentation.
Note
Automatic Upgrade Protection (AUP) is required for ongoing use of Patch Management
Solution. Without current AUP, you cannot download and use new Microsoft Patch
Management Import files. However, you can continue to use Microsoft Patch
Management Import files that were downloaded prior to the expiration of AUP.
Altiris Patch Management Solution 6.2 for Windows
13
Chapter 3
Getting Started with Patch Management Solution
The Getting Started tasks guide you through the basic setup, configuration, and use of
Patch Management Solution. Each task has a procedure and, in many cases, exercises to
illustrate the steps of the procedure.
Getting Started tasks
The tasks are listed sequentially. You must work through the tasks in sequence to
complete all of them.
1.
Installing the Altiris Agent (page 12)
2.
Configuring Patch Management Core Solution (page 15)
3.
Downloading Microsoft Patch Management Import (page 15)
4.
Downloading QChain (page 15)
5.
Installing the Software Update Agent (page 16)
6.
Viewing a Report to Decide Which Updates to Install (page 18)
7.
Staging Software Bulletins (page 19)
8.
Creating Software Update Tasks (page 20)
9.
Viewing Results of Software Update Tasks (page 21)
You can perform Getting Started tasks from the Quick Start page or from the Altiris
Console, the primary interface for Altiris solutions.
To open the Quick Start page manually
1.
In the Altiris Console, click the Tasks tab.
2.
In the left pane, select Tasks > Quick Starts.
3.
In the content pane, select Patch Management Solution Quick Start.
For more information, see Quick Starts (page 23).
Prerequisites for Getting Started tasks
z
Notification Server 6.0 SP3.
z
A Windows 2000 or 2003 (recommended) Server.
z
Patch Management Solution 6.2 installed on the Notification Server (see Installing
Patch Management Solution on page 10).
z
Client computers with either Windows XP Professional or Windows 2000 Professional
and the Altiris Agent installed.
Exercise Scenario
In the following exercises, you are the system administrator of Test Company. You have
already installed Patch Management Solution and now need to implement it.
Altiris Patch Management Solution 6.2 for Windows
14
Configuring Patch Management Core Solution
After Patch Management Solution is installed, you must download Microsoft Patch
Management Import and QChain before you can stage or distribute any updates. With
the installation of Patch Management Solution, all English language releases are
automatically installed so you can specify software updates to exclude from the
Microsoft Patch Management Import download. Exclude software updates for software
you do not use in your organization and select any additional languages you wish to
download.
To configure Patch Management Core Solution
1.
In the Altiris Console, click the Configuration tab.
2.
In the left pane, select Configuration > Solutions Settings > Software
Management > Patch Management > Server Settings > Global Settings >
Patch Management Core Solution.
3.
Make any wanted changes.
4.
Click Apply.
Downloading Microsoft Patch Management Import
Microsoft Patch Management Import downloads and imports all software management
resources from these files into the Notification Database.
To download Microsoft Patch Management Import
1.
Access the Microsoft Patch Management Import page:

Option 1: From the left pane of the Quick Start, click Download Microsoft
Patch Management Import.

Option 2: From the Altiris Console, click the Configuration tab. In the left
pane, select Configuration > Solution Settings > Software Management >
Patch Management > Server Settings > Microsoft Settings > Microsoft
Patch Management Import.
2.
Make any wanted changes.
3.
Download Microsoft Patch Management Import:

Option 1: In the Quick Start page, in the content pane, click the context menu
icon and select Start Download Task.

Option 2: In the Altiris Console in the left pane, right-click Microsoft Patch
Management Import and select Start Download Task.
Downloading QChain
QChain chains software updates together before they are distributed to managed
computers.
To download QChain
1.
Access the QChain page:
Altiris Patch Management Solution 6.2 for Windows
15
2.

Option 1: From the left pane of the Quick Start, click Download Microsoft
QChain.

Option 1: From the content pane of the Quick Start, click the context menu icon
and select Start Download Task.

Option 2: From the Altiris Console, in the left pane, right-click QChain and
select Start Download Task.
Installing the Software Update Agent
The Software Update Agent must be installed on managed computers on which you want
to use Patch Management Solution. The Software Update Agent inventories programs
that are installed on the managed computer and sends this data to the Notification
Server. The Software Update Agent then uses this information to track operating
systems and applications that are installed on managed computers, discover
vulnerabilities, and match them with packages that are defined by the Notification
Server. You can use this information when deciding which updates to send to which
managed computers.
Note
The Inventory Rule Agent automatically runs the following policies on managed
computers: Default Windows OS Inventory Policy, Default Windows Software
Release Inventory Policy, Default Microsoft Vulnerability Analysis Policy, and
Default Microsoft Software Inventory Policy. For information, see Software
Inventory (page 33).
Caution
If you have a large number of computers to deploy the Software Update Agent to,
consider deploying the agent during off-peak hours to minimize network traffic at peak
times. Deploying the software agent can take some time, depending on the number of
managed computers and the Altiris Agent settings.
To install the Software Update Agent
Exercise
Test Company wants to install the Software Update Agent on all managed computers
that do not already have it installed. When deciding when to install the agent, consider
your environment. In Test Company’s situation, there are more than 200 computers. To
minimize the risk of slowing down or disrupting the network, set the install schedule to a
time when most employees are not in the office.
1.
Access the Software Update Agent Install page:

Option 1: From the left pane of the Quick Start, click Deploy Software Update
Agent.

Option 2: From the Altiris Console, click the Configuration tab. In the left
pane, select Configuration > Solutions Settings > Software Management
Altiris Patch Management Solution 6.2 for Windows
16
> Patch Management > Windows > Software Update Agent Rollout >
Software Update Agent Install.
2.
In the content pane, select Enable.
3.
Make any wanted changes.
To make changes to Applies to collections and Schedule, click on the relevant
hyperlinks and a dialog box for each item will appear. For a description of each page
item, see “Altiris Agent Upgrade Page” in Altiris Notification Server Help.
Exercise
Employees at Test Company go home before 7 p.m. Leave the collection as All
Windows Computers without Software Update Agent Installed. Set the
Schedule to run daily at 7 p.m. and ensure Run once ASAP is not selected.
4.
Click Apply.
When the Software Update Agent is installed on a managed computer, a new tab,
Software Updates, appears in the Altiris Agent window, displaying software updates
for that computer. To open the Altiris Agent window, select the Altiris Agent icon in the
system tray of the managed computer.
See Also
z
Software Update Agent (page 49)
z
Software Update Agent Rollout (page 36)
Viewing Patch Management for Windows
Dashboard
Confirm the Software Update Agent installation was successful the Patch Management
for Windows dashboard.
The dashboard is a central location that links several reports showing valuable Patch
Management Solution information. Use it to access the Software Update Agent
Execution Summary report (which lists computers with the Software Update Agent
installed), agent version, and the operating system information.
To view the Patch Management for Windows dashboard
1.
Access the Patch Management for Windows dashboard:

Option 1: From the left pane of the Quick Start, select Check Progress.

Option 2: From the Altiris Console, click the Reports tab. In the left pane,
select Dashboards > Patch Management for Windows Dashboard.
2.
In the content pane, under Configuration, select Computers with Software
Update Agent.
3.
Click Refresh.
Altiris Patch Management Solution 6.2 for Windows
17
Note
You can use the Software Update Agent Installation Status report to see the status of all
Software Update Agent installations over a specified period. To view the report, in the
Reports tab, select Reports > Software Management > Patch Management >
Agent Information > Software Update Agent Installation Status.
Viewing a Report to Decide Which Updates to Install
Running reports helps you determine which software updates need to be installed on
which computers to address vulnerabilities. Individual software updates are bundled into
software bulletins. Each software bulletin has a resource manager page containing
explanations of the updates and hyperlinks to the vendor’s Web site for more
information.
Once you have decided to install a particular bulletin, we recommend that you install it
in a test environment before rolling it out across your network.
You can stage or distribute software updates directly from reports by double-clicking on
the update name in the report.
Note
Instead of evaluating each update individually, you can stage all the software bulletins
listed in the Manage Software Updates page. However, this can result in increased
network bandwidth use.
To view the Detected Microsoft Vulnerabilities by Computer report
Exercise
Test Company management’s main concern is addressing security issues covered by
critical Microsoft updates. You have been tasked with finding critical vulnerabilities and
installing required critical updates.
1.
Access the Detected Microsoft Vulnerabilities by Computer page:

Option 1: From the left pane of the Quick Start, click Microsoft Compliance
by Computer.

Option 2: From the Altiris Console, click the Reports tab. In the left pane,
select Reports > Software Management > Patch Management >
Compliance and Vulnerability > Microsoft Compliance and Vulnerability
by Computer.
2.
In the content pane, click Run this Report.
3.
Leave the default settings and click Refresh.
A list of software updates appears.
4.
For information about an update, right-click on any update and select Resource
Manager.
5.
At the bottom of the Summaries tab, under Additional Information, click the
hyperlink to the Microsoft TechNet article on the bulletin.
6.
With the information provided in Resource Manager as a guide, make a note of
the bulletins you wish to install.
Altiris Patch Management Solution 6.2 for Windows
18
Exercise
View the Count of Software Updates by Severity report in the folder Reports >
Software Management > Patch Management > Software Update Summary.
Set the Update Severity field to Critical. The report will list all available critical
updates. Choose three of these updates to stage and distribute.
The following reports also provide information on software updates:
z
Compliance and Vulnerability > Microsoft Compliance and Vulnerability by
Bulletin
z
Inventory > Applicable Microsoft Updates by Computer
z
Inventory > Installed Microsoft Software Updates by Computer
If you want to view compliance reports for your entire organization from a single console
when using more than one Notification Server, see Reporting on Patch Management
Data in a Hierarchy (page 55).
Staging Software Bulletins
After you determine which software updates to deploy (see Viewing a Report to Decide
Which Updates to Install on page 18), you need to stage them. Staging software
bulletins downloads the software updates included in a software bulletin to the
Notification Server. You must first stage a software bulletin to create a Software Update
Task to install the updates. Software Update tasks install the software updates to the
Windows computers that need them.
To stage Software Bulletins
Exercise
Now that you have decided which updates to distribute, you must stage them.
1.
Access the Manage Software Updates page:

Option 1: From the left pane of the Quick Start, in the left pane, click Stage
and Distribute Microsoft Patches.

Option 2: From the Altiris Console, in the left pane, select Tasks > Software
Management > Patch Management > Manage Software Updates.
Note
If the Microsoft Patch Management Import download has not yet completed, a dialog
box appears with a message saying the Manage Software Updates page is disabled
until Microsoft Patch Management Import is complete.
2.
In the content pane, select the software bulletins you want to stage.
Exercise
Stage the software bulletins you chose in Viewing a Report to Decide Which Updates
to Install (page 18).
3.
Click the Stage Bulletin toolbar item.
Note
You can also stage software bulletins by right-clicking them and selecting Stage.
Altiris Patch Management Solution 6.2 for Windows
19
Confirming Software Bulletin Status
A Software Update Task cannot be created until all the updates in a bulletin have
successfully downloaded. When updates are downloading, a progress dialog box
appears.
To confirm the status of updates in the Manage Software Updates page
1.
2.
Access the Manage Software Updates page:

Option 1: From the left pane of the Quick Start, click Stage and Distribute
Microsoft Patches.

Option 2: From the Altiris Console, click the Tasks tab. In the left pane, select
Tasks > Software Management > Patch Management > Manage
Software Updates.
Click Update. When the #Updates and #Downloaded columns are equal, the
downloads have completed.
Viewing Software Bulletin Status - Summary Report
You can also run the Software Bulletin Status - Summary report for more
information on the status of Software Bulletins. This report displays summary
information on software bulletins and the number of software updates for each bulletin.
The results can be filtered to display only enabled bulletins, bulletins of a particular
severity, or bulletins with full/partial software update downloads.
To view the Software Bulletin Status - Summary report
Exercise
Run the report to see the status of the bulletins you want to distribute.
1.
In the Altiris Console, click the Reports tab.
2.
In the left pane, select Reports > Software Management > Patch Management
> Software Bulletins > Software Bulletin Status - Summary.
3.
In the content pane, click Run this Report.
4.
To report on staged Microsoft software bulletins, set the Vendor field to Microsoft.
5.
Set the Bulletin Status field to Staged.
6.
Click Refresh.
Creating Software Update Tasks
After you stage software bulletins and download the associated software updates, you
must create Software Update tasks to deploy software updates to the appropriate
Windows computers.
To create Software Update tasks
Exercise
Create a Software Update task for each of the critical updates you staged in the exercise
component of Staging Software Bulletins (page 19).
1.
Access the Manage Software Updates page:
Altiris Patch Management Solution 6.2 for Windows
20
2.

Option 1: From the left pane of the Quick Start, click Stage and Distribute
Microsoft Patches.

Option 2: From the Altiris Console, click the Tasks tab. In the left pane, select
Tasks > Software Management > Patch Management > Manage
Software Updates.
In the content pane, select any staged software bulletins you want to distribute.
Exercise
Select the three critical bulletins you staged.
3.
Click the Software Update Task Wizard toolbar item.
Note
If a Software Update task has been already created for a bulletin, a warning dialog
appears giving you two options. If you select Create a new task, the wizard opens.
If you select Edit an existing task, a dialog opens with the existing task list, and
you must choose which one to edit.
4.
Leave the defaults in the first page of the Software Update Task Wizard and click
Next. New Software Update tasks are enabled by default.
5.
Leave the defaults in the second page of the wizard. Click Finish.
The Software Update Agent downloads the Software Update package and installs it on
appropriate managed computers.
Viewing Results of Software Update Tasks
Patch Management Solution contains a number of reports you can use to check if
software updates were successfully distributed by Software Update Tasks.
To view the Software Update Distribution Summary report
Exercise
Run the Software Update Execution Summary Report - 30 Days report from the
Patch Management for Windows dashboard to see if the Software Update Tasks
succeeded, failed, or were not executed.
1.
2.
Access the Patch Management for Windows dashboard:

Option 1: In the Altiris Console, click the Reports tab. In the left pane, select
Dashboards > Patch Management for Windows.

Option 2: In the Quick Start page, in the left pane, click Check Progress.
In the content pane, click Software Update Execution Summary Report - 30
Days to run the related report. In the content pane, click Run this report.
For more information on the available reports, see Reports Tab View (page 29).
You can also view update details for individual computers by accessing Resource
Manager. For information, see Resource Manager (page 54).
Altiris Patch Management Solution 6.2 for Windows
21
Creating an Automatic Update Schedule
Now that you have distributed initial updates, you can automate the update distribution
process for ongoing use. Patch Management Solution lets you create a schedule for the
automatic installation of software updates. Consider your company’s business
requirements before you specify a schedule. Certain times will be better than others for
installing updates in different working environments.
To create an automatic update installation schedule
Exercise
The employees at Test Company leave the office by 7 p.m. You want to roll out updates
at 10:30 p.m. each day to ensure that the updates will not interfere with anyone’s work.
1.
In the Altiris Console, select the Configuration tab.
2.
In the left pane, select Configuration > Solution Settings > Software
Management > Patch Management > Windows > Software Update Agent
Configuration > Default Software Update Agent Configuration Policy.
3.
In the content pane, make any wanted changes to the schedule, collections, and
reboot options. For a description of these items, see Software Update Agent
Configuration (page 33).
Exercise
The default collection to receive updates is Default Software Update Agent
Configuration Policy. Do not change this setting. Test Company has an overseas
office with employees who need to synchronize files daily with employees in your
office. Because of the time differences, these synchronizations never happen
between 1 a.m. and 3 a.m. your time. Set the Reboot computer schedule
accordingly to ensure reboots do not disrupt file synchronizations between the two
offices.
4.
Click Apply.
Altiris Patch Management Solution 6.2 for Windows
22
Chapter 4
Using Patch Management Solution
Quick Links
z
User Interface (page 23)
z
Software Resources (page 43)
z
Software Bulletins (page 45)
z
Software Updates (page 47)
z
Software Update Agent (page 49)
z
Resource Manager (page 54)
z
Reporting on Patch Management Data in a Hierarchy (page 55)
z
Troubleshooting (page 56)
User Interface
Folders and items for the Patch Management Solution are placed in the Software
Management folder in the Tasks, Resources, Reports, and Configuration tabviews
in the Altiris Console.
Note
The Software Management folder is also shared with Altiris® Software Delivery
Solution™.
z
Quick Starts (page 23)
z
Tasks Tab View (page 24)
z
Resources Tab View (page 28)
z
Reports Tab View (page 29)
z
Configuration Tab View (page 30)
z
Software Update Task Wizard (page 37)
z
Security (page 40)
z
Configuring Background Actions (page 42)
Quick Starts
This page accesses commonly used patch management policies, tasks, and reports.
To access the Quick Start page
1.
In the Altiris Console, click the Tasks tab.
2.
In the left pane, select Tasks > Quick Starts.
Altiris Patch Management Solution 6.2 for Windows
23
3.
In the content pane, select Patch Management Solution Quick Start. A page
opens in a new window.
In the content pane of the Quick Start page, a description of each item is provided in the
Quick Start Help dialog.
Tasks Tab View
The following folders and items are used to manage updates.
Quick Links
z
Notification Policies (page 24)
z
Software Update Task (page 24)
z
Manage Software Updates (page 26)
Notification Policies
Notification policies tell you when certain conditions exist. Example: The New Software
Bulletin Available policy generates a report whenever a new software bulletin becomes
available.
Generally, Notification policies get enabled and disabled automatically. However, you can
edit or clone them to fit your needs.
To access these policies
1.
In the Altiris Console, click the Tasks tab.
2.
In the left pane, select Tasks > Software Management > Patch Management >
Notification Policies > Global.
Software Update Task
This folder stores Software Update tasks. We recommend that you use the Software
Update Task Wizard to create Software Update tasks, though they can be created
manually. See Software Updates (page 47).
To access this folder
1.
In the Altiris Console, click the Tasks tab.
2.
In the left pane, select Tasks > Software Management > Patch Management >
Software Update Task.
To enable a Software Update Task
1.
Select Enable.
2.
Click Apply.
To create a new Software Update task without using the Software
Update Task Wizard
1.
In the Altiris Console, click the Tasks tab.
2.
In the left pane, select Tasks > Software Management > Patch Management >
Software Update Tasks > Microsoft.
Altiris Patch Management Solution 6.2 for Windows
24
3.
Right-click on the Microsoft folder and select New > Software Update Task.
Note
Software Update tasks can be located in other folders, depending on where they were
placed after their creation. Software Update task page items.
General Tab Page Items
Item
Description
Software Bulletin
The name of the bulletin or bulletins you have chosen to make tasks for.
You cannot edit the software bulletins through the Software Update Task
Wizard.
Double-click on a software bulletin to open the Resource Manager. This
gives you detailed information on the software bulletin.
You can only select a software bulletin that has been previously staged.
Note
If you use the Software Update Task Wizard, the correct software
bulletin is automatically selected.
Name
The name of the tasks you have chosen from the tasks window. This
field is populated automatically if only one task is listed in the Tasks
field.
Description
The Microsoft description of the bulletin.
Base Collection
Specifies the target collection or collections to which the Software
Update task applies.
If you use the Software Update Task Wizard, the correct target
collection for the selected software bulletin is automatically applied.
To change the collection, click on the hyperlink to open the Collection
Selector.
Altiris Patch Management Solution 6.2 for Windows
25
Advanced Tab Page Items
Item
Description
Enable Software
Update Task
Click to enable the Software Update task for the software bulletin and
included software updates. There is an update name for each individual
executable files for each software update included in a software bulletin.
Update Name - The name of each software update executable. If
Enable is selected, all of the executables will be enabled. Click the
hyperlink to open the resource manager page for the software update.
Culture - The language and culture of the software update.
Package - The software package associated with the update. Click the
hyperlink to open the package’s resource manager.
Command Line - The command-line to be run against the package.
Click the hyperlink to open the command-line options dialog to change
the recommended options.
Package Options
Use Multicast when the Altiris Agent’s multicast option is
enabled
Allow immediate reboot if required - Select if a software update
requires a reboot prior to installing an additional update.
Initiate execution (other than agent default) - Select to run the
Software Update task at a different time to that specified in the
Software Update Agent settings.
Override default reinstallation attempts after task failure - Select
to override the Software Update Agent’s default settings for
reinstallation attempts after task installation failure.
Manage Software Updates
This page lets you view and stage all software bulletins provided by the Altiris Microsoft
Patch Management Import files.
When you stage a software bulletin, all associated updates get downloaded to the
Notification Server from the Microsoft Web site. When the number in the # Updates
column equals the number in the # Downloaded column, all updates for the software
bulletin have been downloaded.
Sometimes not all software updates can be downloaded for a software bulletin because
Microsoft may stop hosting the bulletin or relocate it. You cannot create a Software
Update task unless all updates for a software bulletin are downloaded.
To access this page
1.
In the Altiris Console, click the Tasks tab.
2.
In the left pane, select Tasks > Software Management > Patch Management >
Manage Software Updates.
Altiris Patch Management Solution 6.2 for Windows
26
Page Items
Item
Description
Show
Select the view that best meets your needs.
Vendor
The name of the vendor supplying the update.
Software Bulletin list
From this list, you can perform an action on one or more software
bulletins by right-clicking or selecting a toolbar item.
Software Bulletin List Items
Column
Description
Software Bulletin
The name Microsoft assigned to the software bulletin.
Severity
The severity as defined by Microsoft.
Custom Severity
The severity as defined by the user. See Custom Severity Levels
(page 46).
Staged
True = Staged.
False = Disabled.
Note
You must stage the software bulletin to download its associated
software updates.
# Tasks
The number of Software Update tasks created for the bulletin.
# Updates
The number of software updates included in the software bulletin.
# Downloaded
The number of software updates downloaded.
Note
If you want to see which software updates have not been
downloaded, run the Software Update Download Status report
and select “Fail” as the Download Status.
First Release Date
The date Microsoft released the software bulletin.
Revision Date
The last date Microsoft revised this software bulletin.
Bulletin Description
The description Microsoft gave to the software bulletin.
Shortcut Menu Items
The following table lists the Patch Management Solution shortcut menu items that may
be available when you right-click a software bulletin on the Manage Software Updates
page or on a report.
Shortcut Menu Item
Description
View Tasks
View a report of tasks that have been created for the selected
software bulletin.
View Targeted
Computers
Runs the Computers with Software Bulletin Prerequisites
Installed report.
List Software Updates
Runs a report listing all updates for this software bulletin. To view
resource information for the update, double-click on the update
name.
Altiris Patch Management Solution 6.2 for Windows
27
Shortcut Menu Item
Description
Resource Manager
Shows detailed information including summary, severity, and
affected platforms.
A hyperlink is provided to the Microsoft Web site where that
update is explained in further detail.
Move
Relocate this resource to another location in the Resource tab.
Stage/Disable
Stages or disables the selected software bulletin. Disabling also
disables all associated Software Update tasks.
Distribute Software
Updates
Launches the Software Update Task Wizard and automatically
inputs information from the selected software bulletin.
Note
This option is only available after the software bulletin has been
staged and all associated software updates have been
downloaded.
Recreate All Packages
Redownloads and recreates the software updates in the selected
software bulletin.
Software updates that are missing will be downloaded. Software
updates that are partially downloaded (Example: a disconnected
network) will be recreated.
Software Update Task
Wizard
Starts the Software Update Task Wizard.
See Also
z
Software Bulletins (page 45)
Resources Tab View
Folders and items in the Resources tab can be found by clicking on the Resources tab,
and then navigating to Resource Management > Collections > Software
Management and Resource Management > Resources > Software Management
in the left pane.
Patch Management Solution creates collections that are populated when the Notification
Database receives inventory from the Inventory Rule Agent. These collections are then
used by Patch Management Solution to distribute software updates. Default collections
are hidden as they require no user input. However, you can create any collection to fit
your needs. For information, see Altiris Notification Server Help.
The collections that Patch Management Solution creates are based on the resource
folders that Patch Management Solution creates under the Resource Management >
Resources > Software Management > Software folder.
You can double-click on any resource in the resource folders to launch the Resource
Manager. The Resource Manager shows details about that resource.
See Also
z
Software Resources (page 43)
Altiris Patch Management Solution 6.2 for Windows
28
Reports Tab View
This section discusses the folders and items that Patch Management Solution places in
the Reports tab view.
Quick Links
z
Patch Management for Windows dashboard (page 29)
z
Reports (page 29)
Patch Management for Windows dashboard
From the dashboard, you can see how many computers have the Software Update Agent
installed, how many bulletins have been added in the last 30 days, a summary of
software update distribution, and related reports.
To access this page
1.
In the Altiris Console, click the Reports tab.
2.
In the left pane, select Dashboards > Patch Management for Windows.
Note
Each result in the left pane of the dashboard is linked to a report. When you click on a
report hyperlink, the report runs in the right pane.
Reports
You can use or modify predefined reports, or create your own. For information, see
Altiris Notification Server Help.
Altiris Infrastructure provides numerous predefined reports to help you analyze patch
management information.
These reports are found in the Altiris Console under the Reports tab by navigating to
Reports > Software Management > Patch Management in the left pane. The
reports are organized into the following categories:
Agent Information - Contains a single comprehensive report that returns information
on software update download and execution, (Example: package download errors,
including wrong platform, insufficient space, and so forth), and information about
computers with the Software Update Agent installed.
Agent Software Update Packages - Contains reports on Software Update package
downloads, errors, and so forth.
Agent Task Execution - Contains reports on Software Update task execution such as
Software Update Distribution Summary, Task Execution by Computer, and more.
Compliance and Vulnerability - Contains the Microsoft Software Update
Compliance by Bulletin report that reports on computer compliance levels for each
available Software Bulletin.
Inventory - Contains reports on computer inventory such as Applicable Microsoft
Updates by Computer, Installed Microsoft Software Updates by Computer, and
more.
Software Bulletins - Contains reports such as Software Bulletin Status - Summary,
that displays summary information on software bulletins and the number of software
Altiris Patch Management Solution 6.2 for Windows
29
updates for each bulletin, and Software Bulletins by Software Component for
Windows.
Software Update Summary - Contains reports such as Software Update Download
Status, which lists all failed or successful software update downloads. This folder
also.contains Count of Software Updates by Severity.
Notes
z
Information contained in the Software Delivery Execution table
(Evt_AeX_SWD_Execution) is used to generate Patch Management reports. Purging
the table will result in incorrect report results.
z
Any report that displays software updates lets you stage or distribute those updates
by right-clicking on the update name (see Shortcut Menu Items on page 27).
z
Every report result with computers as the primary result lets you create a collection
based on the report results. To create a collection based on report results click the
collection icon on the report page toolbar. For information, see Altiris Notification
Server Help.
Configuration Tab View
Quick Links
z
Global Settings (page 30)
z
Microsoft Settings (page 31)
z
Software Inventory (page 33)
z
Software Update Agent Configuration (page 33)
z
Software Update Agent Rollout (page 36)
z
Software Update Agent Uninstall (page 37)
Global Settings
This folder contains items for managing languages, excluding resources, and so on for
Patch Management globally, regardless of platform.
The folder is located in the Configuration tab under Configuration > Solutions
Settings > Software Management > Patch Management > Server Settings in the
left pane.
Quick Links
z
Patch Management Core Solution (page 30)
z
Download Software Update Packages (page 31)
z
Revise Software Update Tasks (page 31)
See Also
z
Configuring Background Actions (page 42)
Patch Management Core Solution
This page sets global settings that apply to all software updates, regardless of platform.
Altiris Patch Management Solution 6.2 for Windows
30
To access this page
1.
In the Altiris Console, click the Configuration tab.
2.
In the left pane, select Configuration > Solution Settings > Software
Management > Patch Management > Server Settings > Global Settings >
Patch Management Core Solution.
Download Software Update Packages
This background action is started after you stage a software bulletin to check software
update package availability. It downloads the appropriate software update packages
from the Microsoft Web site.
Note
Microsoft updates are hosted on HTTP servers and are downloaded through HTTP.
Note
Background actions can be triggered immediately from the context menu (by rightclicking on the background action) by clicking Start Task and Stop Task.
Revise Software Update Tasks
This page lets you update Software Update tasks with the latest versions of software
updates and bulletins released by the vendor. The task completes the following software
update synchronization and data cleanup processes:
z
Updates Software Update tasks. New managed languages are imported and added
to existing Software Update tasks.
z
Updates software update advertisement installation options. If the new Microsoft
Patch Management Import file specifies an Altiris recommended command-line,
existing Software Update tasks will be revised to use the Altiris recommended
command-line.
z
Updates program command-lines. This changes the install .exe.
z
Deletes empty Software Update tasks if they have no software advertisements.
z
Assigns the Software Update Prerequisite Collection to software update
advertisements.
z
Cleans up software update packages not associated with software updates.
z
Cleans up software installation files not associated with software update packages.
z
Cleans up software updates not associated with Software Bulletins.
z
Cleans up software prerequisite collections not associated with software updates.
Microsoft Settings
This folder contains items used for setting up Patch Management specifically for
Windows. It is located in the Configuration tab under Configuration > Solutions
Settings > Software Management > Patch Management > Server Settings in the
left pane.
After the Patch Management Solution install process is complete, the Download QChain
and Microsoft Patch Management Import background actions are launched.
Altiris Patch Management Solution 6.2 for Windows
31
Quick Links
z
Download QChain (page 32)
z
Microsoft Patch Management Import (page 32)
z
Microsoft (page 32)
See Also
z
Configuring Background Actions (page 42)
Download QChain
QChain chains software updates together before they are sent out to managed
computers.
Microsoft Patch Management Import
This background action downloads the Microsoft Patch Management Import files and
imports all software management resources from the Microsoft Patch Management
Import files. These resources are necessary for populating the Manage Software
Updates page and updating patches to managed computers. To see when this process
has completed, look on the History tab view. The Result and Status columns will tell
you if the process has completed.
Notes
z
Background actions are configured by default to run daily.
z
Background actions can be triggered immediately from the context menu (by rightclicking on the background action) by clicking Start Task and Stop Task.
z
Automatic Upgrade Protection (AUP) is required for ongoing use of Patch
Management Solution. Without it, you cannot download and use new Microsoft Patch
Management Import files. However, you can continue to use Microsoft Patch
Management Import files that were downloaded prior to the expiration of AUP.
z
We recommend you select Automatically revise software update tasks after
Microsoft Patch Management Import to automatically update to the latest data
Microsoft Patch Management Import data.
z
If Only Download if modified and Automatically revise software update
tasks after Microsoft Patch Management Import are selected and Microsoft
Patch Management Import does not update, you must manually run Revise
Software Update Tasks. See Revise Software Update Tasks (page 31).
z
To change where the Microsoft Patch Management Import is referencing its files
from, edit the following registry key: [HKLM\SOFTWARE\Altiris\Patch Management]
"PMImportHostAndProtocol"="http://www.samplelocation.com"
Microsoft
This page lets you set up how you want Microsoft software updates distributed. Some of
these settings are used as default values in the Software Update Task Wizard (see
Software Update Task Wizard on page 37). All Microsoft software updates will have
these settings by default.
Altiris Patch Management Solution 6.2 for Windows
32
If you change these settings, existing Software Update tasks and packages will not be
updated with these defaults. You can force them to be updated by re-creating packages
from the Manage Software Updates page (see Manage Software Updates on
page 26).
Software Inventory
Patch Management Solution inventories supported operating systems, applications,
service packs, and installed patches. The information is utilized to automatically create
collections based on service pack level for effective distribution targeting.
The Software Inventory folder can be found by clicking on the Configuration tab and
then navigating to Configuration > Solutions Settings > Software Management >
Patch Management > Windows > Software Inventory in the left pane. The
following four policies are automatically run by the Inventory Rule Agent when it is
installed on a managed computer by the Software Update Agent.
Global
z
Default Windows OS Inventory Policy - Gathers operating system (version
information) inventory on the managed computer.
z
Default Windows Software Release Inventory Policy - Gathers software
(software release and service pack) inventory from the managed computer.
Microsoft
z
Default Microsoft Software Inventory Policy - Gathers non-operating system
inventory on installed applications, such as Microsoft Office, from the managed
computer so collections can be created.
z
Default Microsoft Vulnerability Analysis Policy - Gathers data on which
software updates have already been installed on the managed computer.
Software Update Agent Configuration
The Software Update Agent is a plug-in agent for the Altiris Agent that performs the
distribution of software updates. This agent needs to be deployed to all managed
computers that you want to distribute software updates to.
The Default Software Update Agent Configuration Policy policy lets you provide
the settings for the Software Update Agent (see Software Update Agent on page 49).
The collection targeted by this policy (also named Default Software Update Agent
Configuration Policy) cannot be changed as it is a collection specifically designed to
pick up any agents that do not have a configuration policy applied to them. As well,
other collections cannot be added to the policy.
These settings apply to all Windows computers that have the Software Update Agent
installed.
To access this page
1.
In the Altiris Console, click the Configuration tab.
2.
In the left pane, select Configuration > Solutions Settings > Software
Management > Patch Management > Windows > Software Update Agent
Configuration > Default Software Update Agent Configuration Policy.
Altiris Patch Management Solution 6.2 for Windows
33
General Tab Items
Item
Description
Enable
Select to enable the policy.
Applies to Collections
Specifies the collection or collections to which this policy applies.
Altiris Patch Management Solution 6.2 for Windows
34
General Tab Items
Item
Description
Software Update
Installation
These options determine when software updates get installed on
the managed computer and when the managed computer gets
rebooted after software updates are installed. This allows for
effective batching of software update installations.
Schedule - Click on the hyperlink to specify a schedule for applying
software updates to the managed computer. On this schedule,
QChain is called to chain the software updates together, and then
the software updates are sent to the managed computer. QChain is
only applicable to computers running Windows NT 4 or later. This
schedule displays on the Software Updates tab of the Altiris
Agent.
Reinstallation attempts after task failure - Set the number of
times Patch Management should attempt to reinstall a software
update after a task failure.
Reinstallation attempts when reboot is required - Sometimes
a software update requires a reboot. This sets the number of times
to retry the software update installation after the reboot.
Maximum number of consecutive successful installations
allowed per update - The number of times an update can be
installed. This is reset with reboot.
Allow user to initiate - Allows users to initiate software update
installation from the Altiris Agent by clicking the Start Software
Update button.
Perform Recovery Solution snapshot before applying
software updates - Only appears if Altiris Recovery Solution is
installed. Select to automatically create a snapshot prior to software
update installations. This allows for effective roll back when a
software update disrupts computer functions.
Reboot Defaults
Allow reboot after installation
Never - Select if you do not want to automatically reboot the user’s
computer after a software update installation.
Immediate - Select to reboot the user’s computer immediately
after a software update installation.
Multiple - If Immediate is selected, select Multiple to allow
multiple reboots during the default installation schedule.
Scheduled - Select if software updates require a reboot and you
wish to specify a reboot schedule. Example: you do not wish to
affect user productivity with repeated reboots during work hours, so
you create an after hours reboot schedule. This schedule displays
on the Software Updates tab of the Altiris Agent.
Note
We recommend you do not set your reboot schedule too soon after
the Software Update Installation schedule. The reboot schedule
can cause the computer to reboot before updates have finished
installing.
Altiris Patch Management Solution 6.2 for Windows
35
Notification Tab Items
Item
Description
Software Update
Installation
Notification
Notify user - Select to send a message to users that a Patch
Management task is about to run. The default dialog box message
is, “New software update/s ready to apply“. The user can choose to
Install Now, or Close the dialog box.
Custom Message - Select to create a customized message of up to
128 characters. Example: “Software updates will install on your
computer in 10 minutes. Please ensure all work is saved”.
Software Update
Installation Progress
Show progress message - Select to show users a dialog box
indicating the progress of software update installations.
Custom Message - Select to create a customized message of up to
128 characters. Example: “Software update currently in progress.
Please do not restart your computer”.
Software Update
Reboot Notifications
These options let you control whether or not you want to send
messages, notifying a user when a reboot is required by a software
update. Each of the following notification messages appears in a
separate dialog box on the user’s screen.
Show pending message - Select to warn user of a pending
reboot. The time you select represents how soon before the pending
reboot the user will be warned. The user can choose to Reboot
Now.
Custom Message - Select to create a customized message of up to
128 characters. Example: “To complete software update
installation, your computer will reboot in 5 minutes”.
Show reminder message - Select to notify a user that a reboot is
required. If the user does not manually reboot, the reboot will occur
according to your settings in the Default Reboot Options section.
The user can choose to Reboot Later, or Reboot Now.
Custom Message - Select to create a customized message of up to
128 characters. Example: “Please save your work and reboot your
computer to complete software update installation”.
Allow user to defer - Select to warn user of a pending reboot. The
user can choose to Reboot now, or defer the reboot and choose
the deferral time from a menu.
Custom Message - Select to create a customized message of up to
128 characters. Example: “Software update installation requires a
reboot. Choose to reboot now or defer”.
Software Update Agent Rollout
The Software Update Agent Rollout folder contains two policies and their associated
packages and collections. These policies are used for deploying the Software Update
Agent and upgrading the Software Update Agent.
z
The Software Update Agent Install policy deploys the Software Update Agent to
all computers in the All Windows Computers without Software Update Agent
Installed collection (by default).
Altiris Patch Management Solution 6.2 for Windows
36
z
The Software Update Agent Upgrade policy performs an upgrade of the Software
Update Agent to all computers in the All Windows Computers Requiring
Software Update Agent Upgrade collection (by default).
The Software Update Agent Rollout folder can be found by clicking on the
Configuration tab and then selecting Configuration > Solutions Settings >
Software Management > Patch Management > Windows > Software Update
Agent Rollout in the left pane.
Note
Under the Software Update Agent Rollout folder, you will also find two collections and
a package associated with these policies.
When the Software Update Agent is deployed, the Inventory Rule Agent and the Package
Agent are also installed. The Inventory Rule Agent gathers inventory that is granular
enough for Patch Management Solution to inform you of which patches need to be
distributed to which computers. The Package Agent helps in the sending of software
updates.
The Software Update Agent gets installed on managed computers after you enable the
Software Update Agent Install policy.
For a description of the fields in the Software Update Agent Rollout policies, see
“Altiris Agent Upgrade Page” in Altiris Notification Server Help.
Software Update Agent Uninstall
The Software Update Agent Uninstall folder contains a policy you can use to uninstall the
Software Update Agent. This policy uninstalls the Software Update Agent from all
computers listed in the Computers With Software Update Agent Installed collection
(by default).
The Software Update Agent Uninstall folder can be found by clicking on the
Configuration tab and then navigating to Configuration > Solutions Settings >
Software Management > Patch Management > Windows > Software Update
Agent Uninstall in the left pane.
Note
Before using this policy, ensure that the Software Update Agent Install policy is
disabled.
If you want to uninstall the Software Update Agent from your managed computers,
enable the Software Update Agent Uninstall policy. A collection has been provided
which this policy will use for the uninstallation. You can, however, change the collection
or collections that apply to this policy to meet your needs.
See Also
z
Uninstalling the Software Update Agent (page 53)
Software Update Task Wizard
The Software Update Task Wizard allows you to easily create and set up Software
Update tasks to distribute updates to managed computers. These tasks are stored in the
Software Update Task folder. Software Update tasks must be created before you can
install software updates to managed computers.
Altiris Patch Management Solution 6.2 for Windows
37
The Software Update Task Wizard has two pages that need to be configured. The items
in the pages are described in the following tables:
Altiris Patch Management Solution 6.2 for Windows
38
General Page Items
Item
Description
Software Bulletin
The name of the bulletin or bulletins you have chosen.
Double-click on a software bulletin to open the Resource Manager. This
gives you detailed information on the software bulletin.
You can only select a software bulletin that has been previously staged.
Name
The name of the tasks you have chosen from the tasks window. This
field is populated automatically if there is only one task listed in the
Tasks field.
Description
The Microsoft description of the bulletin.
Base Collection
Specifies the target collection or collections to which the Software
Update task applies.
If you use the Software Update Task Wizard, the correct target
collection for the selected software bulletin is automatically applied. The
default collection is also automatically applied to the Software Update
task.
If you want to change the collection, click on the hyperlink to open the
Collection Selector.
Package Options
Use Multicast when the Altiris Agent’s multicast option is
enabled - Select to allow multicasting if it is specified in the Software
Update Agent’s settings.
Allow immediate reboot if required - Select to allow an immediate
reboot, if a software update requires a reboot prior to installing an
additional update. Initiate execution (other than agent default) Select to run the Software Update task at a different time to that
specified in the Software Update Agent settings.
Override default reinstallation attempts after task failure - Select
to override the Software Update Agent’s default settings for
reinstallation attempts after task installation failure.
Altiris Patch Management Solution 6.2 for Windows
39
Options (or Advanced) Page Items
Item
Description
Enable Software
Update Task
Click to enable the Software Update task for the software bulletin and
included software updates. There is an update name for each individual
executable file for each software update included in a software bulletin.
Update Name - The name of each software update executable included
in a software bulletin. If Enable is selected, all of the updates will be
enabled by default. Clear the checkbox to disable an update. Click on
the hyperlink to open the resource manager page for the software
update.
Culture - The language and culture of the software update.
Package - The software package associated with the update. Click on
the hyperlink to open the package’s resource manager.
Command Line - The command-line to be run against the package.
Click on the hyperlink to open the command-line options dialog box that
lets you change the update installation options. Options include No UI,
No reboot, Reboot, No display, Unattended install, No commandline Arguments, and Custom.
Note
The fields in the Command-line Options dialog box, which act as
software update installation settings are automatically populated. If the
default software update installation options do not work as the vendor
intended, the Altiris recommended command line arguments field
will appear and be selected by default, to ensure a successful install.
Finish
Click to complete the wizard. When you click Finish, a Software Update
task gets created for this software update in the appropriate vendor
folder in the Tasks tab under Tasks > Software Management >
Patch Management > Software Update Task.
Apply
Apply changes (only appears when editing a Software Update task).
Back
Click to go to the previous page.
Cancel
Click to discard changes and close the wizard.
See Also
z
Software Update Task (page 24)
z
Creating Software Update Tasks (page 20)
Security
In addition to standard security roles privileges included in Notification Server, Patch
Management Solution provides additional security privileges and permissions for
administrating your patches. These privileges and permissions let you assign access to
specific tasks, such as enabling patches for distribution and creating distribution tasks.
Altiris Patch Management Solution 6.2 for Windows
40
Global Privileges
Patch Management Solution adds two global privileges to each role: Stage Software
Bulletin and Distribute Software Update. These privileges are similar but are
provided to allow a separation of duties within your organization.
z
Stage Software Bulletin - If this is enabled, users in this role can stage software
bulletins to download the software updates. However, to distribute software
updates, they also need the Distribute Software Update privilege.
z
Distribute Software Update - If this is enabled, users in this role have the
privilege of distributing software updates, which includes creating functional
Software Update tasks. If this is not enabled, users cannot run the Software Update
task Wizard or select software bulletins in new Software Update tasks that they
create. Therefore, they cannot create a functional Software Update task. Use this for
granting privileges to distribute approved software updates throughout your
organization.
Stage Software Bulletin Versus Distribute Software Update
If you grant the Stage Software Bulletin privilege in a role, but not the Distribute
Software Update privilege, users in that role can stage or disable any software
bulletin. However, they cannot create a functional Software Update task. Users can
enable Software Update tasks that have already been created.
If you grant the Distribute Software Update privilege in a role, but not the Stage
Software Bulletin privilege, users in that role can distribute any software update for
any staged software bulletin. They can enable any Software Update task; however, they
cannot stage any software bulletin.
If you grant both of these privileges, users can stage software bulletins and distribute
software updates for staged software bulletins.
To view or edit Patch Management Security Privileges
1.
In the Altiris Console, click the Configuration tab.
2.
In the left pane, select Configuration > Server Settings > Notification Server
Settings > Security Role Management.
3.
In the content pane, choose a security role.
4.
View and edit the Software Update Management Privileges section under
Global Privileges.
5.
Click Apply to save changes.
Permissions
Patch Management Solution adds a Software Update Management permission to the
Permission Selection of a collection. This permission is called Apply Software Update
Tasks.
Each Software Update task has a target collection. Rights must be granted on the target
collection to apply Software Update tasks. This permission lets you limit who can
distribute software updates to different classes of computers. Example: this lets you
control who can distribute software to servers in your organization.
Altiris Patch Management Solution 6.2 for Windows
41
Suppose you have a server support team and a desktop support team. You can limit
permissions so each of these teams can only apply Software Update tasks to the
computers that they have responsibility for.
You control who has permission to apply Software Update tasks by limiting who has
permission to access the target collection on the Software Update task page. This is
found on either the General tab of a Software Update task or the first step in the
Software Update Task Wizard. With the Apply Software Update Tasks permission,
users can only access those collections that they have permission to access in the
Applies to target collection field. If they do not have permission, they cannot select
any collections for this field, and the Software Update task cannot be properly created.
To create an Apply Software Update Tasks permission
1.
Set up a security role (see “Security Role Management” in the Altiris Notification
Server Help) containing the users to whom you want to grant permission.
2.
In the Resources tab view, navigate to the collection that the role will be granted
permission to use.
3.
Right-click on the collection, and select Properties.
4.
Click the Security tab.
5.
Click the Add button.
6.
Select the role you previously set up, and click the Select button.
7.
Select the Apply Software Update Tasks permission and any other permissions
that you want this role to have.
8.
Click the Select button.
9.
Click Apply to save changes.
Note
Make sure you grant the necessary parent permissions for this role by granting limited
viewing permissions for the tree path on which the collection is located. Example: in the
Resources tab view, in the left pane, grant this role limited viewing permissions on the
Resource Management folder. This lets the role view the whole path to the collection.
Otherwise, even though you grant the role permissions for the collection, the user
cannot view the path to that collection and cannot actually see the collection.
Now, users in the role you have set up can select those collections in the Software
Update task that they have permission to select.
Configuring Background Actions
Patch Management Solution includes a number of Background Actions for the
Notification Server. These actions run automatically when required and assist in
updating key components of Patch Management Solution.
This section shows you how to locate the Background Actions in the Altiris Console,
modify parameters associated with the actions, and track the status of ongoing updates.
To locate Background Actions
1.
In the Altiris Console, click the Configuration tab.
Altiris Patch Management Solution 6.2 for Windows
42
2.
In the left pane, select Configuration > Solution Settings > Software
Management > Patch Management > Server Settings.
3.
Some Background Actions are found in the Global Settings folder and some in the
Microsoft Settings folder.
To modify Background Action Parameters
Background Actions include configurable parameters that specify the download
locations, how often the actions are run, and whether or not to update the item when a
file change is detected.
1.
Select a Background Action.
2.
On the General tab, review the options available or modify the schedule to a weekly
or custom schedule.
Note
The Download Software Update Packages Background Action has no schedule
to edit.
To track a Background Action
1.
Select a background action.
2.
Click the History tab to view the information on the background action. The table
includes the status, result of the last download, file version, when the task started,
and when the task completed.
To run a Background Action
z
In the left pane, right-click the background action you want to run, and select Start
Download Task from the context menu.
See Also
z
Global Settings (page 30)
z
Microsoft Settings (page 31)
Software Resources
Patch Management Solution includes an information repository specifically tailored to
automate the patch management process. This repository consists of the software
management resources imported by the Microsoft Patch Management Import
Background Action (see Configuring Background Actions on page 42).
This repository provides a significant amount of data on software bulletins and software
updates. These resources are then exposed and utilized in various aspects of the Patch
Management Solution, including being used for creating collections.
This section discusses software management resources so you can gain a general
understanding of the information used in the Patch Management Solution.
See Also
z
Resources Tab View (page 28)
Altiris Patch Management Solution 6.2 for Windows
43
Resource Types
A resource type is a template for entering resource data. With each resource type,
attributes are specified, which define the data stored about a resource. There are a
number of resource types specific to Patch Management Solution.
To view resource type information
1.
In the Altiris Console, click the Configuration tab.
2.
In the left pane, select Configuration > Resource Settings > Resource Types >
Software Management > Patch Management.
3.
Select a folder, then select a resource. Examples: Service Pack, Software
Release.
4.
In the content pane, click the List Resources tab. You can view the various
software installation types. This information helps classify software update packages
and provides information on the methods required to install a particular software
update.
Resources
A resource is the most generic term to mean any item that is tracked or managed by the
Altiris Infrastructure. Patch Management Solution utilizes resources to track the various
software bulletins, software updates, and software releases.
To view a Patch Management resource
1.
In the Altiris Console, click the Resources tab.
2.
In the left pane, select Resource Management > Resources > Software
Management > Software Releases > Operating Systems > Operating
System Applications.
3.
In the content pane, right-click on a resource and select Resource Manager.
4.
The Managing Resource window appears. This view provides additional
information on the selected resource. Example: if you selected an operating system
resource, it provides general information on the version.
5.
Click the Associations tab. This view provides additional information that
associates other resource data to the selected resource.
6.
In the drop-down menu, select Service Pack Applies to Software Release. The
table now displays all the service packs available for resource.
Definitions of Software Updates and Software
Bulletins
A Software Update or “patch”, is any update or hotfix that is used to improve or fix a
software product. A software bulletin is a bundle of software updates, released together.
Altiris Patch Management Solution 6.2 for Windows
44
Software Bulletins
This section tells you how to view software bulletins and use them to distribute software
updates. For more information on software bulletins, see Manage Software Updates
(page 26).
Quick Links
z
Viewing Available Software Bulletins (page 45)
z
Viewing Details on a Software Bulletin (page 45)
z
Custom Severity Levels (page 46)
z
Downloading Software Bulletins and Distributing Software Updates (page 46)
Viewing Available Software Bulletins
To view available software bulletins
1.
In the Altiris Console, click the Tasks tab.
2.
In the left pane, select Tasks > Software Management > Patch Management >
Manage Software Updates.
In the content pane, you can view all of the current software bulletins in the database.
The default view is All Software Bulletins. You can modify the contents of the table to
view the data in different ways.
To view software bulletins by software release
1.
From the drop-down list, select Software Bulletins by Software Component for
Windows.
2.
Select the Status, Bulletin Severity, Software Component, and Software
Bulletin information to filter the results.
3.
Click the Update button.
Viewing Details on a Software Bulletin
Each software bulletin has a Resource Manager view that provides summary information
on the software bulletin and lists all of the available executables for the software
bulletin.
1.
In the Altiris Console, click the Tasks tab.
2.
In the left pane, select Tasks > Software Management > Patch Management >
Manage Software Updates.
3.
In the Software Bulletin list, double-click on a software bulletin to open its
Resource Manager.
4.
The Summary tab provides summary information on the selected software bulletin.
Scroll down to view information on the affected software release or to access the
Microsoft TechNet bulletin.
5.
Click the Associations tab to view information on all the software update
executables available for this software bulletin.
Altiris Patch Management Solution 6.2 for Windows
45
6.
From the Associations tab, you can right-click on the Software Bulletin To
Software Update association type and select Resource Manager to view
software update drill-down information.
From this Resource Manager page, you can view specific information on the
software update.
Custom Severity Levels
A Microsoft update deemed critical may not necessarily be critical in your environment,
so you can create your own custom severity levels and assign them to bulletins. You
create custom severity levels in the Patch Management Core Solution page, and assign
them to bulletins in the Software Bulletin List.
Note
Before you can assign custom severity levels you must first create them in the Patch
Management Core Solution page.
To create a custom severity level
1.
1. In the Altiris Console, click the Configuration tab.
2.
In the left pane, select Configuration > Solutions Settings > Software
Management > Patch Management > Server Settings > Global Settings >
Patch Management Core Solution.
3.
In the content pane, click the Custom Severity tab.
4.
In the Severity Level field, type the name you want to give the custom severity
level. Example: Install right away!
5.
Click Add.
6.
Click Move Up or Move Down to position custom severity levels in the list.
7.
Click Apply.
To assign a custom severity level to a bulletin
1.
In the Altiris Console, click the Tasks tab.
2.
In the left pane, select Tasks > Software Management > Patch Management >
Manage Software Updates.
3.
In the Software Bulletin list, right-click on a software bulletin, and select Custom
Severity.
4.
Select a severity level.
5.
Click Update to view the new Custom Severity column.
Note
You cannot alter the Microsoft specified severity levels, only custom severity levels.
Downloading Software Bulletins and
Distributing Software Updates
After Patch Management Solution is installed, the Microsoft Patch Management Import
files are automatically downloaded from an Altiris Web site and extracted to the install
Altiris Patch Management Solution 6.2 for Windows
46
path\Altiris\Patch Management\Import folder. After the Microsoft Patch Management
Import files have been extracted, its information gets placed in the Notification
Database. This process can take several minutes. When this process is completed, you
can view the imported information on the Manage Software Updates page (see
Manage Software Updates on page 26).
From the Manage Software Updates page, you can view software bulletins (see
Viewing Available Software Bulletins on page 45), stage them for download, and create
Software Update tasks to distribute security patches to managed computers.
To download software updates for one or more software bulletins
1.
In the Altiris Console, click the Tasks tab.
2.
In the left pane, select Tasks > Software Management > Patch Management >
Manage Software Updates.
3.
In the content pane, in the Show drop-down menu, select All Software Bulletins.
4.
Click the Update button.
5.
Select one or more software bulletins from the bulletin list.
6.
Click the Stage Bulletin toolbar item to stage all selected bulletins.
Note
Alternatively, you can right-click on a software bulletin, and select Stage.
Note
After software bulletins have been staged, “True” is displayed in the Staged
column. Click the Update button to see a refresh of this list.
Patch Management Solution now launches the Download Software Update Packages
Background Action to download software updates for each staged software bulletin. You
can view the status of the download by clicking the History tab on the Download
Software Update Packages page. You can also view the status through the
Notification Server Log Files. For more information, see the Altiris Notification Server
Reference.
After the software updates are downloaded, Patch Management Solution automatically
creates the package shares on the Notification Server, and the software bulletin
packages get deployed.
In the All Software Bulletins view, you can view the staged bulletins and the number
of executables available for distribution.
To distribute a software update using a Software Update task, see Software Update Task
Wizard (page 37).
See Also
z
Staging Software Bulletins (page 19)
z
Creating Software Update Tasks (page 20)
Software Updates
Patch Management Solution includes a Software Update Task Wizard that simplifies the
management of distribution policies. Instead of creating a task for each individual
Altiris Patch Management Solution 6.2 for Windows
47
software update, you create a single policy for each software bulletin. Example: If you
have 3 software bulletins with 7 software updates each, you only have to manage 3
distribution tasks instead of 21 distribution tasks.
Patch Management Solution also provides automated evaluation of patch dependencies
to substantially reduce the labor requirements of patch management. This is
accomplished by using two computer collections: one to target the general distribution
and one to target the correct executable to the right computer. For more information on
these collections, see Software Update Task (page 24).
This section discusses software updates, including how to use the Software Update Task
Wizard and modifying Software Update tasks.
Quick Links
z
Software Update Task Wizard (page 37)
z
Modifying Software Update Tasks (page 48)
Modifying Software Update Tasks
To modify Software Update tasks
1.
In the Altiris Console, click the Tasks tab.
2.
In the left pane, select Tasks > Software Management > Patch Management >
Software Update Task > Microsoft.
3.
Select the task in the left pane and modify the properties in the content pane.
4.
Click Apply to save changes.
About Software Updates
z
A computer falls into the Targeted collection if it meets the prerequisites of a
software update. These prerequisites are matched against high-level data which is
sent back to the server. Examples: Internet Explorer version and OS version.
z
A software update is applicable if its Prerequisites are met and if any further tests in
the 'IsApplicable' inventory rule are met. These 'IsApplicable' rules are further
requirements in addition to the prerequisites that will be determined once the
update is sent out to a computer. If the further requirements are not met, the
update will appear as Not Currently Applicable in the Software Update Agent
interface.
z
Updates are installed according to Microsoft specifications. Example: if Microsoft
requires a restart, then the computer is restarted after the update is installed.
Restarts on managed computers are minimized because the updates that do not
require a restart are installed before the software updates that do require a restart.
z
Patch Management Solution uses targeted deployments. Updates will not be
deployed to a computer unless that computer specifically needs that software
update.
z
A computer must meet Microsoft prerequisites before any software updates can be
sent to that computer. A particular software update will only be sent to a computer
that meets the Microsoft prerequisites and also is applicable to that computer
(Example: The computer has the appropriate hardware device, computer model, or
operating system installed).
Altiris Patch Management Solution 6.2 for Windows
48
z
You can add frequently used items to the Shortcuts tab. For more information, see
the Altiris Notification Server Help.
Software Update Supersedence
When a software update has been superseded and rendered obsolete by another update
or updates, the install of the obsolete update will be cancelled by the later update. This
will only happen if both updates have been sent to a managed computer and are queued
in the software update agent.
Software Update Agent
Patch Management Solution includes a Software Update Agent that must be deployed on
managed computers on which you want to use Patch Management Solution features.
The Software Update Agent manages all of the Patch Management Solution functionality
on the managed computer. It inventories programs that are installed on the managed
computer and sends this data to the Notification Server. It then uses this information to
track applications that are installed on the managed computer and matches them with
packages that are defined by the Notification Server. You can use this information in
deciding which applications to send to which managed computers. Finally, it installs the
software updates that you push out to the managed computer.
Note
When the Software Update Agent is installed, the Inventory Rule Agent and the Package
Agent are automatically installed also.
Note
If you have a large number of computers to which you want to deploy the Software
Update Agent, consider deploying the agent during off-peak hours to minimize network
traffic at peak times.
To deploy the Software Update Agent
Note
Before deploying the Software Update Agent on a computer, the Altiris Agent must
already be installed on that computer.
1.
In the Altiris Console, click the Configuration tab.
2.
In the left pane, select Configuration > Solutions Settings > Software
Management > Patch Management > Windows > Software Update Agent
Rollout.
3.
Select the Software Update Agent Install policy.
4.
In the content pane, make any wanted changes. We recommend accepting the
defaults.
By default, the Software Update Agent is deployed as soon as possible after the
policy is enabled to computers in the All Windows Computers without Software
Update Agent Installed collection.
5.
Select the Enable check box.
6.
Click Apply.
Altiris Patch Management Solution 6.2 for Windows
49
By default, a new Software Updates tab appears in the Altiris Agent console which
shows software updates for that computer.
Note
This can take some time depending on how many managed computers you have
and on your Altiris Agent settings.
See Also
z
Installing the Software Update Agent (page 16)
Quick Links
z
Software Update Agent User Interface (page 50)
z
Upgrading the Software Update Agent (page 53)
z
Uninstalling the Software Update Agent (page 53)
Software Update Agent User Interface
When the Software Update Agent is installed on an managed computer, a Software
Updates tab appears on the Altiris Agent console. From this tab, computer users can
view the software updates that have been downloaded to their computer. They can view
all received software updates, both those that have been scheduled to be installed and
those that have been installed.
The software update information supplied in the tab is detailed in the following table.
Column
Description
Status
Displays the installation status of the software update.
The following are the possible status icons or text found in
this field.
Note
The Applicable and IsInstalled rules mentioned below are
inventory rules found in the PMImport.cab files. Not all
updates have an IsInstalled rule. There is a lesser degree of
IsInstalled rules for older and non-English updates.
Altiris Patch Management Solution 6.2 for Windows
50
Column
Description
Status
ICONS
z
Red error icon - The maximum reapplication retries for a
failed software update has been exceeded.
z
Yellow warning icon - The software update has failed to be
applied at least once, but has not exceeded the maximum
reapplication retries. It will be reapplied.
z
Green tick icon - The Applicable rule is TRUE and the
IsInstalled rule indicates that the update is already
installed. It may not have actually been installed by the
agent; if this is the case, then the Last Applied date will
be empty.
z
Clock icon - The Applicable rule is true and the IsInstalled
rule is FALSE. The software update will be scheduled for
installation.
z
Icon info - The Applicable rule has evaluated false. This
means the software update does not apply to this
computer. It is also possible to configure the agent not to
display software updates which do not apply by clearing
the Not Currently Applicable checkbox in the Show
Updates pane. See About Software Updates (page 48).
z
User icon - The update has been installed by a user.
z
Download icon - The update status is downloading,
pending, invalid, retrying, or is required to download.
z
Superseded - The update has been superseded by a later
update and will not be installed. See Software Update
Supersedence (page 49).
TEXT
Altiris Patch Management Solution 6.2 for Windows
z
“Failed to Install” - The maximum reapplication retries for
a failed software update has been exceeded.
z
“Installation Failed - Rescheduled” - The software update
has failed to be applied at least once but has not
exceeded the maximum reapplication retries. It will be
reapplied.
z
“Installed” - The Applicable rule is TRUE and the
IsInstalled rule indicates that it is already installed. If the
Last Applied date is not empty, it means that the agent
has installed the update.
z
“Installation Scheduled” - The Applicable rule is true and
the IsInstalled rule is FALSE. The software update will be
scheduled for installation.
z
“Not Applicable” - The Applicable rule has evaluated false.
This means the software update does not apply to this
computer.
z
“Pending” - The Applicable and IsInstalled rules have not
yet been evaluated.
51
Column
Description
Note
The agent uses the IsInstalled rule to check the applicability
of a software update before installing it. If there is no
IsInstalled rule for the software update, the software update
will be installed if it has not been previously installed by the
Software Update Agent (the Last Applied date is not empty).
Bulletin Name
The number of the Microsoft Bulletin containing the software
update.
Software Update
Name
The name of the individual software update.
Last Applied
The date/time of the last applied download.
The last install time is displayed only if the Software Update
Agent installs the software update.
If the software update is already installed (another source
installed the software update) when the Software Update
Agent goes to install it the first time, this field will display
“Never”.
Schedule
Time of schedule = This software update has been scheduled
to be installed.
Not scheduled = This software update has not been scheduled
to be installed.
The Software Updates tab also includes a Show Updates pane that lets you show or
hide updates with the following status:
z
Downloading
z
Errors - Retrying
z
Installed by Software Update Agent
z
Installed by User
z
Installation Failed
z
Not Currently Applicable
z
Update Required
z
Superseded (see Software Update Supersedence on page 49)
Depending on the Software Update Agent configuration settings, the computer user can
initiate software updates installation by clicking the Start Software Update button. For
information, see Software Update Agent Configuration (page 33).
Software Update Agent Command-Line Utility
A command-line utility for installing updates is placed in the directory C:\Program
Files\Altiris\Altiris Agent\Agents\PatchMgmtAgent when the Software Update Agent is
installed on a computer.
Altiris Patch Management Solution 6.2 for Windows
52
To run the utility, double-click on the file AeXPatchUtil.exe. Commands include:
Command
Description
/I
Run all inventory.
/Xa
Start Software Update cycle.
/reboot
Reboot only if the Software Update Agent requires a reboot.
/C
Update agent policies.
/?
Usage screen.
Upgrading the Software Update Agent
The Software Update Agent Upgrade policy is used to upgrade the Software Update
Agent. If the Software Agent Upgrade policy is enabled, Altiris Infrastructure
automatically upgrades older versions of the Software Update Agent on managed
computers when a newer agent is available from the Notification Server.
Newer versions of the Software Update Agent are bundled with Altiris Infrastructure.
When you install a newer version of the Altiris Infrastructure with a newer agent, you
will get the latest version of the Software Update Agent available.
Uninstalling the Software Update Agent
You can uninstall the Software Update Agent if there is an extended period of time when
you do not want to use the Altiris Infrastructure features on an managed computer and
you want to eliminate any overhead caused by the agent.
Note
After you use the Software Update Agent Uninstall policy once to uninstall the agent
from a managed computer, you cannot use the same policy to uninstall the agent from
that computer using the Run this task 'As Soon As Possible' option. To use the policy
again, set a schedule.
To uninstall the Software Update Agent
1.
In the Altiris Console, click the Configuration tab.
2.
In the left pane, select Configuration > Solution Settings > Software
Management > Patch Management > Windows > Software Update Agent
Rollout > Software Update Agent Install.
3.
In the content pane, clear the Enable check box.
4.
In the left pane, select Configuration > Solution Settings > Software
Management > Patch Management > Windows > Software Update Agent
Uninstall > Software Update Agent Uninstall.
5.
In the content pane, ensure that the correct collection is selected in the Applies to
Collections field.
6.
Select whether or not you want to disable download via multicast.
7.
Specify the scheduling options.
8.
Select the Enable check box.
9.
Click Apply.
Altiris Patch Management Solution 6.2 for Windows
53
10. Restart the managed computer after the Software Update Agent has been
uninstalled.
The Software Update Agent will be removed from the managed computers as soon as
possible after the policy is enabled. If at a later time you want to reinstall the Software
Update Agent, make sure you disable this policy.
Resource Manager
Patch Management adds several useful items to the Resource Manager. These items are
described in the following sections.
Quick Links
z
Computer Resource Manager Software Update Summary (page 54)
z
Inventory Data Classes (page 55)
Computer Resource Manager Software Update
Summary
Patch Management provides a software update summary page on the Resource
Manager. This lets you view software update information on a specific computer, such as
how many software updates have run or failed.
To view this summary information
1.
Click the Configuration tab.
2.
In the left pane, select Configuration > Resource Settings > Resource Types >
Asset Types > IT > Computer.
3.
In the content pane, click the List Resources tab.
4.
Find the computer you want in the list.
5.
Right-click on the computer name and select Resource Manager.
6.
Click the Summaries tab.
7.
In the left pane, select Resource Manager > Software Update Summary.
The software update summary screen lists the following information:
Item
Description
Reboot
The time of the Last reboot and the next Pending reboot, based on
the agent’s reboot schedule.
Altiris Patch Management Solution 6.2 for Windows
54
Item
Description
Software Update
The number of time updates were Executed, how many updates
Execution Summary - Succeeded or Failed, and how many updates were Not executed
Last 30 Days
in the last 30 days.
Software Update Execution Summary Report - Results are
displayed in a pie chart. The three sections show Succeeded,
Failed, and Not Executed.
Microsoft
Vulnerabilities
Applicable - The total number of applicable Microsoft updates for
the computer. This information comes from Microsoft Patch
Management Import so the updates may need to be downloaded
and staged before you can install them.
Vulnerable - The number of applicable Microsoft updates that have
not yet been installed on the computer.
Installed - The number of Microsoft updates that are installed.
Microsoft Vulnerabilities Report - Click to run this report.
Inventory Data Classes
Patch Management provides inventory data class information on the Resource Manager.
This lets you see what software is installed on a computer without viewing a report.
To view inventory data class information
1.
Click the Configuration tab.
2.
In the left pane, select Configuration > Resource Settings > Resource Types >
Asset Types > IT > Computer.
3.
In the content pane, click the List Resources tab.
4.
Find the computer you want in the list.
5.
Right-click on the computer name and select Resource Manager.
6.
Click the Inventory tab.
7.
In the left pane, select Data Classes > Software Management > Patch
Management.
You can double-click on some items to view drill-down information.
Reporting on Patch Management Data in a
Hierarchy
If you have multiple Notification Servers reporting to one central Notification Server, you
can view update compliance reports for your entire organization from a single console.
The Software Update Agent sends update data from the computer to a Notification
Server. This update data is inventory data. You can configure any Notification Server to
forward inventory data to a parent Notification Server.
Patch Management Solution needs to be installed on the parent Notification Server so
you can run reports provided by Patch Management Solution. When you run Patch
Management Solution-specific reports on the parent Notification Server, you can view
your entire organization’s update data.
Altiris Patch Management Solution 6.2 for Windows
55
Note
From the parent Notification Server, you can run all reports based upon inventory
classes.
Troubleshooting
This section lists a common troubleshooting problem and gives probable resolutions.
Quick Link
z
Software Updates not Downloading (page 56)
z
Enabling FTP downloads through a Proxy (page 56)
z
Reboot on a Schedule not Working Properly (page 56)
z
Agent Reboot Warning and Snooze Option (page 57)
z
Windows Update Error Codes (page 57)
Software Updates not Downloading
Sometimes, during the software update download process, the software updates stop
downloading. This can happen if the PMImport.cab files get re-imported while the
software updates are downloading.
If this happens, you need to do one of the following so that the software updates can
finish downloading:
z
Stage another software bulletin. This will add it to the queue and reattempt to
download software update files again. (This works for disabling an existing one and
re-enabling.)
z
Navigate to the Download Software Update Packages Background Task, rightclick and select Start Download Task.
The Download Software Update Packages Background Task is found on the
Configuration tab by selecting Configuration > Solutions Settings > Software
Management > Patch Management > Server Settings > Global Settings.
Enabling FTP downloads through a Proxy
Patch Management Solution needs to distinguish between using a HTTP Proxy and an
FTP Proxy for its FTP needs. To do this, it utilizes a new core setting called
“CustomFTPProxyEnabled”.
If this setting is not enabled or the setting does not exist, the solution will attempt to
use the HTTP Proxy to make the FTP connection.
If the setting does exist and is enabled, then the solution will attempt to connect via a
FTP proxy, using the server specified in the HTTP proxy settings, on port 21 only.
Reboot on a Schedule not Working Properly
Problem: You set up to reboot the managed computer on a schedule (on the Patch
Management Agent Settings page), but the computer does not reboot at the scheduled
time.
Altiris Patch Management Solution 6.2 for Windows
56
Solution: You do not need to do anything. The computer will reboot as soon as it can
after the scheduled time. The agent may take a few minutes to process the scheduled
event because the agent can only perform one action at a time.
Agent Reboot Warning and Snooze Option
The agent reboot warning and snooze option do not appear to a user who is remotely
connected through terminal service. This is working as designed. Because these
notifications require responses from the user, they will only be sent to the user of the
primary session.
Windows Update Error Codes
After a successful Windows update, one of the error codes described in the following
table are returned.
All other error codes that are returned by a Windows update are failure error codes. For
information on these error codes, search for “List of error codes and error messages for
Windows Installer processes” on the Microsoft Web site.
Value
Error Code
Description
0
ERROR_SUCCESS
Action completed successfully.
1604
ERROR_INSTALL_SUSPEND
Installation suspended, incomplete.
1641
ERROR_SUCCESS_REBOOT_IN The installation has started a reboot.
ITIATED
3010
ERROR_SUCCESS_REBOOT_
A reboot is required to complete the install.
REQUIRED
3011
ERROR_SUCCESS_RESTART_R A restart is required to complete the install.
EQUIRED
Altiris Patch Management Solution 6.2 for Windows
57
Index
A
software bulletin status summary report 20
software update distribution
summary report 21
software update installation
settings 22
stage software bulletins 19
view software bulletin status 20
view update installation
results 17
actions
background 42
agent
inventory rule 28
software update 33, 36, 37
B
background actions
configuring 42
default schedule 32
F
bulletin information 28
FTP downloads 56
bulletins 26, 45
FTP downloads through a proxy 56
C
G
command line utility 52
global privileges 41
configuration 30
global settings 30
custom severity levels 46
D
H
dashboard 18, 29
hierarchy
reporting in 55
default microsoft software inventory
policy 33
I
default microsoft vulnerability analysis
policy 33
default software update agent
configuration policy 33
page items 34
default windows os inventory
policy 33
default windows software release
inventory policy 33
distribute updates 37
icons
update status 51
installation
Patch Management Solution 11
prerequisites 10
installed
software update 50
inventory
software 33
inventory data classes 55
viewing reports when using
multiple 55
P
patch management core solution
configuration 30
patch management for windows
dashboard 29
exercise 18
Patch Management Solution
installing 11
licensing 13
using 14, 23
permissions 41
policies
default microsoft software
inventory policy 33
default microsoft vulnerability
analysis policy 33
default software update agent
configuration policy 33
default windows os inventory
policy 33
default windows software release
inventory policy 33
software update agent install 16,
36
software update agent
uninstall 37, 53
software update agent
upgrade 37
privileges 41
Q
qchain 32
check status exercise 15
download software update
packages 31
inventory rule agent 7, 8, 28, 37, 49
E
licensing 13
R
M
reboot 48
agent options 35
edit software update task 21
error codes 57
L
exercise
configure patch management
core solution 15
manage software updates 26
page items 27
exercises
check qchain status 15
choose software bulletins 18
create software update task 20
deploy software update agent 16
download microsoft patch
management import 15
patch management for windows
dashboard 18
microsoft configuration 32
menu items 27
microsoft patch management
import 32
download 15
microsoft settings 31
N
notification policies 24
Notification Servers
Altiris Patch Management Solution 6.2 for Windows
quick starts 23
recovery solution 35
integration 6
report
right-click 27
reports 29, 29
software bulletin status summary 20
software update distribution
summary 21
resource manager 45, 54
computer, software update
summary 54
58
detailed bulletin information 28
resource types 44
resources 28, 43, 44
revise software update tasks 31
right-click report 27
S
security 40
shortcut 27
software bulletin 26
downloading 46
list 27
view details 45
software bulletin list items 27
software bulletins 45
view available 45
T
tasks 24
troubleshooting 56
agent reboot warning does not
appear 57
FTP downloads 56
reboot schedule not working 56
software updates not
downloading 56
windows update error codes 57
U
uninstalling software update agent 53
upgrading 11
upgrading software update agent 53
user interface 23
software inventory 33
using 14, 23
software resources 43
W
software update
configure installation settings 22
distributing 46
installation notification 36
installed 50
stage multiple 47
wizard
software update task wizard 37
software update agent 36, 49
configuration 33
deploy 16, 49
show/hide updates 52
uninstall 37
uninstalling 53
update status icons 51
upgrading 53
user interface 50, 50
software update agent command line
utility 52
software update agent install
policy 16, 36
software update agent rollout
folder 36
software update agent uninstall
policy 37, 53
software update agent upgrade
policy 37
software update summary 54
software update task 24
create with Software Update Task
Wizard 20
edit 21
modifying 48
software update task wizard 37
command line options 40
page items 39
software updates 47
stage updates 19
summary of software updates 54
superseded software updates 49
supersedence 49
Altiris Patch Management Solution 6.2 for Windows
59

Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Notification Server User Guide

Altiris™ Patch Management Solution for Windows® 7.1 SP1 from

Altiris Inventory Solution for Network Devices

Altiris™ Patch Management Solution for Linux® 7.1 SP2 from

Symantec™ Client Management Suite 7.5 powered by Altiris

Altiris™ Patch Management Solution for Windows® 7.1 SP2 from

Symantec™ Server Management Suite 7.5 SP1 powered by Altiris

Symantec™ Server Management Suite 7.6 powered by Altiris

Altiris™ Patch Management Solution for Linux® 7.1 SP2 from

Altiris™ Patch Management Solution for Linux 7.1 from Symantec