How to install (or uninstall) patches/service packs in Windows servers and workstations

Name the Configuration
Define Configuration
Define Target
Deploy Configuration

The "Install/Uninstall Windows Patch" configuration enables you to install or uninstall Windows patches from a central location. Below mentioned steps can be followed for installation and uninstallation of Windows patches using Endpoint Central.

- Install/Uninstall Patches in Windows Computers
- Creating a configuration from All Patches View

Install Patches in Windows Computers

Navigate to Configurations tab and choose Install/Uninstall Patch configuration from the list of Windows Configurations.
Follow the steps mentioned below to install/uninstall patches for Windows OS.

Step 1: Name the Configuration

Provide a name and description for the Install/uninstall Patches Configuration.

Step 2: Define Configuration

Note: Specify the operation type as Install or Uninstall for installation and uninstallation of patches respectively and specify the following values.

Parameter	Description
Add the Patches	If you have reached this configuration page from the Patch Management tab by selecting the patches, the selected patches automatically gets added to the List of Patches. Click the Add More Patches button to invoke the Patch Browser. From the patch browser select the patches and service packs that have to be applied. The patch browser has an option to view the missing patches/service packs or all patches/service packs, which can then be filtered based on the application and service pack.
Scheduler Settings	Install After Select this option and specify the date and time after which the patches have to be installed. The patches will be installed based on the Install Options selected after the scheduled time. Expiry date Set an expiry date for installation/uninstallation of patches.
Deployment Settings	If you have set any Policy as default, then the default policy will be automatically applied to the configuration. You can choose from the policies which are listed under "Apply Deployment Policy". You can see the Policies segregated as My Policies and Created by Others. You can click on View Details to see the policy details and the list of configurations to which the policy is applied. If you do not have an existing policy, you can create one by clicking on create policy Deployment Rule: Deployment can be continued even if some patches cannot be downloaded. If the failed patches are successfully redownloaded, they will be installed in the subsequent refresh cycle (within deployment window).

Parameter

Description

Add the Patches

If you have reached this configuration page from the Patch Management tab by selecting the patches, the selected patches automatically gets added to the List of Patches.

Click the Add More Patches button to invoke the Patch Browser. From the patch browser select the patches and service packs that have to be applied. The patch browser has an option to view the missing patches/service packs or all patches/service packs, which can then be filtered based on the application and service pack.

Scheduler Settings

Install After

Select this option and specify the date and time after which the patches have to be installed. The patches will be installed based on the Install Options selected after the scheduled time.

Expiry date

Set an expiry date for installation/uninstallation of patches.

Deployment Settings

If you have set any Policy as default, then the default policy will be automatically applied to the configuration. You can choose from the policies which are listed under "Apply Deployment Policy". You can see the Policies segregated as My Policies and Created by Others. You can click on View Details to see the policy details and the list of configurations to which the policy is applied.

If you do not have an existing policy, you can create one by clicking on create policy

Deployment Rule: Deployment can be continued even if some patches cannot be downloaded. If the failed patches are successfully redownloaded, they will be installed in the subsequent refresh cycle (within deployment window).

Step 3: Define Target

Using the Defining Targets procedure, define the targets for deploying the Install Patches Configuration.

Step 4: Notification Configuration

Specify your email address to receive notifications when the status changes to "Ready to Execute." You can set the frequency for these alerts, which will be sent if there’s a deployment status change.

For example

10 AM: Notification sent as the status changes to "Ready to Execute."

12 PM: No notification; no status change.

2 PM: No notification; still no status change.

3 PM: Deployment occurs on one or more systems, updating the status.

4 PM: Notification sent due to the status change.

If you’ve configured the Patch Manager Plus mobile app, you can also receive instant notifications. Additionally, you can select specific technicians to ensure they receive updates as well.

Step 5: Deploy Configuration

Click the Deploy button to deploy the defined Install Patches Configuration in the defined targets. Deployment will be initiated during the next system startup.

To save the configuration as draft, click Save as Draft.

Creating a configuration from All Patches View

If you are trying to create a configuration from Detailed View under All Patches, then the below mentioned scenarios will come into effect. Detailed view will list every missing patch against every single computer in a separate row, which means if a single patch is missing in 5 computers, 5 rows will be listed.
When you have chosen to deploy more than one patch for more than one computer as mentioned below, then you might end up in deploying the patches to the computers which you never intended to deploy. Creating a configuration based on the above selection will work as follows:

Selected Patches: Patch 1, Patch 2 and Patch 3.

Defined Target : Computer 1, Computer 2, and Computer 3.

Result of this Deployment:

Patch ID	Included Target	Intended target	Missing Patch	Deployment Initiated	Expected Result
Patch 1	Computer 1	Yes	Yes	Yes	Will be deployed
Patch 1	Computer 2	Yes	Yes	Yes	Will be deployed
Patch 1	Computer 3	No	No	Yes	Will not be deployed
Patch 2	Computer 1	No	Yes	Yes	Will be deployed
patch 2	Computer 3	No	No	Yes	Will not be deployed
patch 3	Computer 1	No	No	Yes	Will not be deployed
Patch 3	Computer 2	No	No	Yes	Will not be deployed
Patch 3	Computer 3	Yes	Yes	Yes	Will be deployed

As per the above mentioned table, the configuration will be deployed across to all the computers to which the patch is applicable. Patch 2 is applicable for computer 1, but you never intended to deploy it, however the deployment will happen on it, since it is a missing patch.

In order to overcome this, it is recommended to deploy multiple patches to single computer or single patch to multiple computers from "Detailed View". If you want to deploy multiple patches for multiple computers, then it is recommended to create multiple configurations or initiate deployment from Missing Patches View.

Note: When a Patch Management task is initiated, the agent residing on the client computer scans the computer for the missing patches and downloads only the applicable patches from the product server.
If you are managing computers in a remote office using a Distribution Server, then WAN agents will download the applicable patches from the Distribution Server. However the deployed patches will be replicated to the Distribution Server irrespective of whether the patch is applicable for the remote office computers or not.