Kaseya Community

Update Management Best practice???

  • I have been looking at implementing the patch management and want to know what the best practices that some of you have done.

    I have gone through the Kaseya help, but it does not seem to be informative enough on what to do unless i am looking at the wrong place.

    We are looking at using the patch management for each of our clients and just trying to find what is the best way to do it to replace WSUS.

    Is there away to have each site download the patches to a server then push them out from there to the client machines like WSUS does. Instead of each machine downloading from the net or one server for all the sites?

    I have done a search on the forum, but there does not seem to be to much on this here.

    Legacy Forum Name: Update Management Best practice???,
    Legacy Posted By Username: Fisheye
  • We have a patch repository set up in a standard location on one file server at each physical location. We pull updates to each of the client machines from here and this file server gathers them from the internet. We also allow agents to download them from the internet if they can not access the file source as this will allow users who take laptops away with them on the road to receive updates.

    Hope this helped.

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: LANWorx
  • Thanks that does, do you set that up under configure and file source?
    I think my main issue is configuring each site to have one machine like you do to get the updates.

    Whats the best option to choose to set that up? or am i in the wrong place all together as i have tried "Pulled from UNC path", but when i changed Machine group the same path is there to the same server.

    I just don't want add another path and find that the one over rides the other.

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: Fisheye
  • We configure it on a machine group basis. Goto Configure - File Source.

    Select; Pulled from file server using UNC path (Input your UNC path for this machine group).
    Configure 'File share located on' and ensure you select the correct machine ID and correct machine group. Configure the local directory these are to be pulled from. Ensure that this directory is shared as the UNC path above and that the agent credentials have permissions to this folder.

    Configure any extra settings you want, for example download from the internet and Patch Repository file source.

    Select the machines you want to apply this to and click apply.

    Now, choose another machine group and repeat the process.

    Hope this helps.

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: LANWorx
  • We have found that patch management can be the most basic, or the most complex aspect of Kaseya. We utilize a local file source per client, and use the back-up of download via the web to get the remote agents. Beyond that, I believe there are a ton of ways to configure approvals, denials, alerts, etc. I'm currently dealing with how to post a report of servers that need restarted due to patches, instead of getting an email alert per machine.Eek

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: toolman5774
  • Thanks all for the help, what configuration do you use for the Servers that store the updates for each site. For example where to store the downloaded updates so i can make the UNC path for them for the client machines. I don't think i have configured that correctly.

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: Fisheye
  • We have a standard;

    C:\OurBrandName\ManagedUpdates

    We've shared this as

    ManagedUpdates$

    The UNC path turns out to be;

    \\SERVERNAME\ManagedUpdates$

    Works like a charm!

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: LANWorx
  • I must be missing something. When I click on the "File share located on:" pull down I can not select any computers that are online or on the local subnet. The only ones in the list are offline ones or machines that are not setup as part of a windows domain (xp home installed).

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: lorreed
  • lorreed
    I must be missing something. When I click on the "File share located on:" pull down I can not select any computers that are online or on the local subnet. The only ones in the list are offline ones or machines that are not setup as part of a windows domain (xp home installed).


    Notice to the right of "File share located on" it says "Machine group filter" ?

    You'll need to change this to the machine group which contains the server.

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: djmundy
  • Seems like a common newbie experience, as I remember being confused by that too.

    djmundy
    Notice to the right of "File share located on" it says "Machine group filter" ?

    You'll need to change this to the machine group which contains the server.


    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: ReedMikel
  • Yeah it's not exactly intuitive. What's the point of that filter, when we have "Select Machine Group" up the top?? Pretty sure they do exactly the same thing...

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: djmundy
  • The File share located on and Machine Group Filter drop downs do allow us to pick outside the scope of the current Select Machine Group filter (top of page). About the only use for it IMO might be if I had a customer site whose departments were defined as multiple machine groups (e.g. XYZCompany, XYZCompany.Accounting, XYZCompany.Sales). Let's say the "file server" for PM's File Source is XYZCompany.Server. If you were on the PM->File Source screen and had the Select Machine Group (at top) set to XYZCompany.Sales, you could select XYZCompany in the Machine Group Filter drop down and Server in the File share located on drop down, which are outside of the Select Machine Group filter...

    djmundy
    Yeah it's not exactly intuitive. What's the point of that filter, when we have "Select Machine Group" up the top?? Pretty sure they do exactly the same thing...


    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: ReedMikel