Kaseya Community

Patch Management

  • Hi everyone

    i am one of those new people who is using kaseya, and as we are a large company we want to expand our knowledge on using kaseya.

    so we are looking for indepth instruction on how to set up patch management from the beginnning to the end.

    i have tried looking at the help and training video's but i got lost.

    we want to send our those lovely microsoft patches out using patch management but we dont have a clue how to start.

    can someone please give us help and full instrcutions on this subject.



    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: AndyCWells
  • For an in depth, you might get pointed back to the video's and doc's but here's a getting started....

    The basic pattern is of patch management is approve the appropriate patches, scan the machines so it can identify what patches need to be installed on each machine, do an automatic update so they are applied.

    1) Scan - Schedule each and every machine to scan, we scan once every two days, spread across 2 minutes but we've also done once everyday. Key for scanning is that between the time you approve patches and do the automatic update, you need to scan the machine. At the time of the scan it identifies what patches from the approval policy should be applied and sets them to pending until automatic updates is done. But scan first just so you know where you are with patching.

    2) Patch Policy - Create/Delete - This is where you setup machine groups, we have the following groups "Test Machines", "Machines To Patch", "No IE7", "Servers" and "Restricted Machines". You use these machine groups to identify by group what patches should be installed on the machines in those groups. If you do not have a group, all patches will be applied.

    3) Membership - Assign each machine to one group. They can be assigned to more but this is probably too complex for your first go at it. As an example we assign at least one machine from each customer to the "Test Machines" I mention above so that we know in advance if there are going to unexpected problems.

    4) Windows Automatic Updates - Simply disable these for any machines you are going to patch with Kaseya.

    5) Approval By Policy - We utilize this most and it is the main recurring thing you have to visit every week. For each of the machines groups you setup above, you need to identify for each patch if it is approved or denied. Until you do so, the patch is marked as Pending Approval and will not be installed. For us we approve all but some specific items we know are problems or not required for the "Test Machines", after one week, we copy this policy over to "Machines To Patch".

    6) Automatic Updates - We schedule ours for once a week general the same day, early in the morning. Once this is done, you have the basic of patch management enabled.

    Other items, like credentials, office source, file source, etc. can come later. By default it will install them as the system account, get the office source from where it was installed (CD) or C:\MSOCache and download the patched from Microsoft.

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: doug.jenkins@ispire.ca