Automate Patch Management
Automations allow you to roll out updates and patches automatically in a time slot that is the most convenient for both system administrators and remote users.
TIP: To roll out updates in stages, you can use a new Update Ring automation. See Update Rings for details.
To create an automation:
- Navigate to the Automations page and select New Automation | Deploy Update.
- On the Deploy Update step, first select updates for distribution.
- All — use this option to install all updates, irrespective of their severity or status.
- Matching filters— use this option to install the updates that match your search criteria. Add filters such as update source, update severity, etc.
- You can add several filters, and Action1 will search for and deploy updates that match them all at once (logical AND).
- Within each filter, you can provide several values, and Action1 will search for any of them (logical OR).
- The values can be included or excluded. For example, search for and deploy security updates that are coming from Microsoft or Google, but which severities are anything except Low.
- Only selected — use this option to install specific updates you’ve picked.
- Fine-tune your patch management automation:
- Automatically approve and deploy all matching updates / Require manual approval of updates — specify whether you need updates to be explicitly approved before they can be scheduled for distribution. Otherwise, you can set the time period to wait before automatically installing an update.
- Reboot options — skip or allow rebooting. You can configure the offset and notification for a user whose computer is going to be restarted.
Learn how Action1 handles reboots
Logged-in Users: If a user is logged in, even through there is a non-interactive session (such as a remote terminal server session), Action1 will show a reboot prompt in that user’s logon session. This provides an opportunity for the user to postpone the reboot, up to the maximum time configured in the Action1 policy settings.
Locked Sessions: If the session is locked, the reboot prompt will still be displayed. The user will see this prompt immediately upon unlocking their session.
Multiple Users: In scenarios where multiple users are logged in, each user will receive their own reboot prompt within their logon sessions. Any one of these users can permit the reboot to proceed; it doesn’t require approval from all users.
No Users: If no one is logged in, Action1 will proceed to reboot the system immediately without displaying any prompts.
- Deactivate updates in Windows settings — check it to disable Windows Update and push patches and KBs via Action1 only.
NOTE: If automatic updates are already configured using Group Automation (GPO), this setting will not take effect.
- On the Select Endpoints step, pick the applicable managed endpoints. You can add endpoints one by one, select a group, or select all.
- On the Schedule step:
-
- Enter a name for the new automation (e.g., “Patch management”)
- Configure the patching schedule. Set the time that works best for your team, for example, Tuesday morning.
- Specify Missed schedule retry and maintenance window – a timeframe to retry update delivery for the powered-off or disconnected endpoints.
-
NOTE: Make sure the timeframe does not exceed the frequency of execution, i.e., do not set it to 3 days for automations running on a daily basis.
- Click Finish.
