Kaseya Community

Kaseya - Windows update, Additional updates?

This question is not answered

Hi,

We use Kaseya to set the 'Windows auto update' for a lot of servers.

This works fine and the critical updates are installed.

Is there a possibility to also install the additional updates for the Windows servers?

(I don't want to use the Kaseya Patch Update, but i want to use the Windows update mechanism).

Kind regards,

Edwin

All Replies
  • Hi

    To allow Kaseya to manage the machines, the setting for Windows auto Update on the Patch Management module > configure page, should be set to "disable" . Once this is set, the patches that install on the machines are based on your Patch Policies (which are for approving or denying updates). If this is configured, then critical and other updates should be applying to your endpoints during your regular patching cycles.

    If in case I misunderstood your post, please provide some examples, or images to see what you may be trying to achieve?

  • Since this feature is really there to ensure you can override Windows update to use Kaseya Patch Management (as detailed by Jenny), there doesn't appear to the level of configuration you are looking for.  Group policy would be a better place for that or, quite possibly, someone has come up with scripts to make the change.  Honestly we haven't looked very deep into alternatives as Kaseya patching works well for us

  • ,

    The functionality should all be there.  It is recommended that "Windows Auto Update" is set to Disabled to prevent the local process from running and installing patches that you don't want.  Configure patch policies to allow/deny the patches appropriate for your environment.  Set the File Source option to your preferred source - if you use the File Source option "Download from internet," Kaseya will actually leverage the Windows Update tool, just like updating patches on the local machine, but will 'inject' the list of approved patches to ensure the local windows update tool allows only those patches you've approved.  When the Patch Management > Auto Update process runs, the file source will be instructed to download/install those approved patches.

  • thanks for the answer.

    We did not like the Kaseya Update mechanism. We had to publish every update we wanted to install.

    Maybe i'll look into that again if it can auto install the additional updates.

    "It is recommended that "Windows Auto Update" is set to Disabled to prevent ... installing patches that you don't want."

    In the years we have users the Windows update there has not been any update we did not want. It took us a lot of time to approve the updates, but in the end we just install every reccomended update, and no problems with that.

  • Perhaps I read the OP incorrectly but it reads to me as they want to control the "Recommended Updates" and "Microsoft Update" settings for Windows update through the Windows Auto Update setting under configure in VSA and do not want to use Kaseya Patch Management.  "(I don't want to use the Kaseya Patch Update)"

    If that is the case, then I believe my response was correct.  If not, the other posts should provide good guidance on using Kaseya Patch Management

  • ,

    I read, "I don't want to use Kaseya Patch Update" as the "Patch Update" function (rather than the Patch Management (KPM) module), but I think your read on the OP was correct.  That said, there still is no reason KPM can't do the job.

    ,

    If you truly want ALL patches to be installed and you don't want to have to approve/deny patches, you have two options via Kaseya:

    1.  Set the Patch Management > Windows Auto Update setting to "Configure..." and select the specific options you want to use.  This will set the local Windows Update client (the tool you have in the local Control Panel) to your preferred option.  

    The "configure..." option is not the preferred/recommended setting as it will allow the endpoint to install any updates completely outside of Kaseya.  However, if this is suitable for your environment, then it is a perfectly valid option.

    2.  Remove ALL patch policies from your endpoints (Patch Managements > Membership).  Ensure the endpoints you want to install ALL patches have NO patch policies assigned.  Schedule patch scans to run regularly (weekly or monthly, depending on your update cycle), then schedule Patch Management > Automatic Update on your endpoints (again, either weekly or monthly is recommended).  On the Patch Management > Automatic Update page, you will notice your agents have a notification that the machine is not a member of any patch policies (assuming you have removed all patch policies on the Membership page) and that all patches will be installed.  Kaseya will install all patches listed as "Missing Approved" (on the Patch Management > Patch Status page) - and since the agents are not in a patch policy, ALL patches ARE approved:

    The only caveat important to understand is that Kaseya does not support two patch classifications:  Device Drivers and Definition Updates.  These will NOT be installed by Kaseya as they are not discovered as part of the patch scan process.  Information regarding these unsupported classifications can be found here: https://helpdesk.kaseya.com/entries/36010308

    If you are using the Policy Management module to manage any patch-related functions on these agents, particularly the Windows Auto Update setting or the Patch Policy assignment/memberships, you should also update your Policy Management policies accordingly.

    Hope this helps.  If it still doesn't quite hit the mark, let us know - if you can provide additional detail on what you're trying to do that isn't covered with the above, I might be able to suggest some additional alternatives.

    Thanks,

    Brande