Patch Remedy Quick Start Guide
Patching your Patch Engine
Microsoft's Windows Update Agent (WUA) is an agent program that works in conjunction with Windows Server Update Services to support automated patch delivery and installation. Labtech uses this agent to help determine what patches are needed by each Windows system and deploys them. Microsoft often updates the WUA which increases the detection of missing patches more current then the installed version of WUA. This can cause you to get a perception that your patching is up to date when in actuality you’re massively behind.
There is more to patching than just letting the approvals happen. Windows regularly updates the agent (engine) they use to manage and locate patches. By making sure this agent stays up to date you are making sure your users’ PCs stay current with the latest in system and office patches.
We have seen that the set of WUA versions from 7.6.7600.256 to .320 and others have caused some issues if they are NOT updated to latest versions of WUA. This will cause the systems to incorrectly report that they are fully patched when in actually they are hundreds of patches behind.
Patch Remedy's main interface is located under the main menus [View] labeled Patch Remedy. By selecting this menu item you will launch the main Patch Remedy console.
The [Overview] tab of Patch Remedy provides a top level view of the current displacement of WUA across the scanned clients. This tab provides several gauges that provides you with quick insight into the current patch status of your client base. The [Installs Attempted Today] gauges the number of systems that have attempted patching for the current day. The [Missing Critical Patches] and [Missing 3+ Critical Patches] gauges the current number of scanned systems that have at least 1 missing critical patch for the operating system. The [Systems WUA Up To Date] give you the percentage of your managed systems are current with WUA based on the OS and versions available for that OS.
The [WUA Versions] tab gives a look into what the current versions for the systems you have deployed and a full list of systems that do not meet the current levels of WUA. We provide tools that will attempt to resolve common issues including pushing the most current WUA or previously know to be good versions of WUA. Every list comes with a left click menu to allow for quick access to the computer consoles and menu items used to assist in repairs. We also provide a probe at this view that looks to see if [Microsoft Updates] patching is being skipped. Microsoft patching refers to all 3rd party softwares provided by Microsoft like Office, One Drive, Skype, Grove and etc. Each on the main tabs allows for you to export data from that tab out to Excel for use in other applications.
[HotFix Issues] tab provides 2 dataviews, the first dataview shows systems that have had excessive repair tries from the Patch Remedy [Auto Update] function. If 3 attempts to update the WUA of a system fails then we stop trying to update that system and it ends up on this list. The next dataview is systems that have had some error during the install of a patch. We count up all errors being reported and display that with the systems. Each dataview comes with a left click menu of tools to assist in the repair of the issues.
Simply put we monitor all scanned systems for where there are at currently with patching. Any systems reporting that they have not installed a critical patch will show up in the dataviews. From this tab you can export to Excel the list of [Systems Missing Critical Patches]
Patch Remedy looks at all the patch data LabTech is collecting and displays that data to you in ways that helps you determine where issues may be. Missing Windows tab shows you computers that are reporting to LabTech that they have missed Ignite Patch Windows and may not have patched recently because of this. Ignite uses patching windows to push patches out during certain allowable times. If a agent is offline during the patching window it will be skipped. Excessive skips will place agents behind in patching.
Patch Remedy is all about the failures but we also like successes. This tab is dedicated to seeing what successes the patching efforts are having daily within the MSP.
Patch remedy is about flexibility and this is why this tab is so useful. [Configure] tab provides flexibility in the scheduled scans performed each day and what clients get included in the Patch Remedy displays, auto repairs and scans.
Client and Computer Excludes
Patch remedy allows you to exclude clients and computers from the clients console. This control allows you to pick and choose which systems are included in the patching scans, dataviews and management of Patch remedy.
Pre Maintenance Reboots
Patch remedy has a flag on the configure tab that allows you to turn on the ability for Patch Remedy to reboot agents reporting "pending a reboot". Patch Remedy by default does not reboot systems after updated to WUA. By selecting this option you can have Patch Remedy reboot systems that show they are pending a reboot during the next maintenance cycle for that location. This allows any updates to WUA to complete and the agents will start reporting the correct version of WUA moving forward.
For this to work you must have the following set and active inside each location console where agents reside and Patch Remedy is under management.
Each location must have the Maintenance Windows set to a valid setting.
The time frame of the maintenance windows must have at least 1 Alarms entry listed.
If the agent meets the follow criteria for reboot and the Pre maintenance Reboot flag is turned on the agent will be instructed to reboot at the beginning of maintenance cycle.
- Agent must be pending a reboot and have reboot flag set for agent in LabTech
- Patch Remedy Pre maintenance reboot flag must be on
- The location of agent must have a maintenance windows set
- The locations maintenance windows time frames must include at least 1 Alerts entry
- Patch Remedy master switch must be on.
- Agent must not be excluded from patch remedy maintenance.