Search the Community
Showing results for tags 'patch'.
Found 4 results
Curious question for you guys... I have recently started noticing in both my Computer Health Standards reports, and in the Standards & Health Plugin... that almost all of my agents are getting dinged on score, for one of the Patch Recommendation checks.. Specifically, it's complaining about "Missing Security Baseline Patch". Question is, does anyone have info on exactly what this baseline is, and how it is checked. I am seeing this almost across the board, and on agents who show 100% patching scores in in Patch Manager. Just looking for any info on how these checks are run, if anyone knows? It seems like these checks are run against Microsoft recommendations somehow? The CVSS score checks make sense as I have something tangible to compare to, however the baseline is a mystery to me? Thanks Tim!
We're working on moving from Ignite-driven patching to the new Patch Manager in LT11, and I'm trying to figure out what determines when patches actually start installing once the patch window begins. We have a few Windows VMs (Server 2k8R2, 2k12R2, 2k16, and Windows 10) setup and while our Server 2012 R2 VM began patching immediately (evidenced by TiWorker.exe sitting at the top of the process list sorted by CPU utilization), the others started sometime after I left the office for the day and as I've been monitoring them today, I havent observed the process start yet. Should I be tightening up the patch windows to only an hour or so until we're done testing so I can force patches to start installing during business hours when I'm there to monitor?
I am running into an issue where a patch job will run but servers will not reboot, even though the reboot policy is set to "Reboot now." Once this happens future patch jobs do not run even if I have the patch policy configured to reboot before and after installing patches. One thing I have noticed on servers where this is occurring is that they seem to have a failed command where Labtech/Automate is looking for a registry key that does not exist called RebootReqeusted. Has anyone else ran into this issue or have any technical details about how the patching reboots function?
Management is looking for a report, to be run after Patch Tuesday each month, for which endpoints are behind/missing/noncompliant on Windows updates. I've looked in Patch Manager but it seems that it only allows me to view by patch rather than by computer, and the report I have in Report Center just shows "All devices are compliant" for each client when I know that's not the case. We're on 11.0.387 (using the legacy UI) and haven't upgraded to new patching yet. I've tried importing this report into Report Designer, but running it (even unfiltered) still shows "All devices are compliant" in the output.' Hoping there's something easy/obvious that I'm missing, but currently I don't see a way to get an inventory of who's missing what presented on a per-computer basis rather than a per-patch one. Can someone lend a hand? Please and thank you!