How to add a patch schedule to a Windows profile

Release Time
06/09/2020
Download PDF
Views
3624 times
Category
profiles
Tags


Click ‘Configuration Templates’ > ‘Profiles’ > open a Windows profile > Click ‘Add Section’ > ‘Procedures’

  • You can add pre-configured patch procedures to a Windows profile and create a schedule

  • The procedures are run on the devices to which the profile is applied, periodically as per the schedule

  • EM ships with a set of pre-defined OS patch procedures. You can also create custom OS and third-party patch procedures as per your needs.

  • Click 'Configuration Templates' > 'Procedures' to view, manage and create OS and third party patch procedures

    • See this wiki if you need creating Windows OS and third-party application patch procedures.

  • This article explains how to add a Windows patch procedure to a profile and run it according to a schedule.

Add a patch procedure to a profile

View procedure execution logs and results

Add a patch procedure to a profile

  • Login to Comodo One / Dragon

  • Click 'Applications' > 'Endpoint Manager'

  • Click 'Configuration Templates' > 'Profiles'

  • Click the ‘Profiles’ tab

  • Open the Windows profile applied to your target devices

    • Open the 'Procedures' tab

      OR

    • Click 'Add Profile Section' > 'Procedures', if it hasn't yet been added

  • Click 'Add' in the procedures settings screen

Procedure Name – Select the patch procedure to add to the profile.

EM ships with three predefined patch procedures:

  • Critical Patch Updates

  • Security Patch Updates

  • Patch Maintenance

  • You can also create custom patch procedures, select which types of patches the procedure should install, reboot options, the alert settings to be used and so on.

  • See 'Create a custom Windows OS patch procedure' in this wiki if you need help to create custom patch procedures.

  • Type the first few characters of the procedure name and choose the procedure from the suggestions . Make sure you have already approved the procedure

Schedule Settings - Two options - 'Custom schedule' and 'Schedule on a maintenance window'.

  • Custom Schedule - Set a time-slot for the procedure to run on devices.

    Select the start date, time and frequency at which the procedure should run

    If you select 'Daily', 'Weekly' or 'Monthly' then please specify end-time action for the procedure:

    • No end settings - All procedures will run to completion.

    • Run until - Chose a cut-off time from the calendar.*

    • Run no more than - Specify for how long the procedure should run.*

    • Run until the end of the closest maintenance window - The procedure will start at the time you set, but must finish by the end of the next maintenance window that runs.

          * Any procedure that does not finish by the cut-off time is aborted and all changes undone.

  • Schedule on a maintenance window

    • Maintenance Window Type - Choice of ‘Daily’, ‘Weekly’, ‘Monthly’ and ‘Week of month’. See this wiki for help to create and manage maintenance windows.

    • Maintenance Window Name - Shows a list of maintenance windows which have the frequency you chose in the ‘Window Type’ box above. Select the window you want to add to the procedure.

    • End Time Settings:

      • No end settings - All procedures will run to completion.

      •  Run until - Chose a cut-off time from the calendar.*

      •  Run no more than - Specify how long the procedure should run.*

           * Any procedure that does not finish by the cut-off time is aborted and all changes undone.

Execution Options

  • Run this procedure immediately when the profile is assigned to a new device - The procedure will run on target devices as soon as the profile is applied to the device, in addition to any schedule.

  • Skip procedure if the device is offline - The procedure will be aborted is the device is not connected to EM at the time of execution. By default, procedures are queued for later if the device is not connected to EM. The task will run as soon as it comes online. Select this option If you do not want the task to be queued.

  • Click ‘Add’ to add the procedure to the profile

  • Repeat the process to add more procedures

  • Procedures are run in order from top to bottom

  • Select a procedure and click 'Move up' or 'Move down' to set the priority

View procedure execution logs and results

There are two places where you can view the results of a patch procedure:

  • Device List - ‘Devices’ > ‘Device List’ > 'Device Management' > Open a Windows device > ‘Logs’ > 'Patch Logs' / 'Third Party Patch Logs’ - Shows results for all patch procedures run on a selected device.

  • Procedures area - ‘Configuration Templates’ > ‘Procedures’ > Open a procedure > ‘Execution Log’ - Shows all devices on which a selected procedure was run.

Device list – Shows patch procedure results on a single device

  • Click 'Devices' > 'Device List'

  • Click the 'Device Management' tab in the top-menu

    • Select a company or a group to view just their devices

      Or

    • Select 'Show all' to view every device enrolled to EM

  • Click on any Windows device then select the 'Logs' tab in the device details interface

  • Select the 'Patch Logs' or 'Third Party Patch Logs' sub-tab

This opens a list of all patch procedures run on the device along with their status (success/failure), their start/finish time and time of last status update.

  • Click 'Details' in the row of a procedure to view specific results:

  • The 'Tickets' tab shows tickets which were created as a result of a failed procedure.

    • Click the ticket link to open the ticket in service desk.

Procedures interface – Shows patch procedure results on all target devices

  • Click 'Configuration Templates' > 'Procedures'.

  • Click the name of the patch procedure under 'My Procedures' or 'Predefined Procedures' for which you want to view results, then click 'Execution Log' in the Procedure Details screen.

  • This will open a list of all devices on which the procedure was run along with their status (success/failure), their start/finish time, and time of last status update.

  • Click 'Details' in the row of a device to view specific results:

  • The 'Tickets' tab shows a list of tickets which were created as a result of a failed procedure.

    • Click the ticket link will open the ticket in service desk.

Further reading:

How to enable or disable patch management in a Windows profile

How to configure and run procedures on managed devices

How to schedule and run procedures in a profile

How to install and manage patches on Windows devices