Schedule Groups for Updates using Update Management Wizard

One of the more frequent questions I get is; being able to setup schedules for updating separate groups of machines.  Whether that be for a small test of power users to see if new patches break the system before rolling it out environment wide, or if you want to ensure your SQL servers are up and running before the front-end web application.  You can accomplish these and any other reasons with our Update Management Wizard task.

You’ll first want to have an idea of the schedule and the servers in the proper groups (either WSUS groups, or a Patch Manager Group, or in an Active Directory OU), before launching this Wizard.

To schedule your update maintenance downtimes, you will want to use the Update Management Wizard task. On the left in the Tree console, click All Updates, on the right under Actions, click on the Update Management Wizard.

1.bmp

This will launch a Wizard with a lot of flexibility, for this walk-through, I am going to keep it more Basic with some hints in italics at what else you could do.

First screen you have some options.  The simplest is the one I noted with the red box.  With this choice you are telling the machines to download and install everything that you have approved that is not installed already:

(you can see the other options as well, instead of everything, there is a choice for just critical and security, the bottom choice is probably the most complex.  You can create a custom selection of updates based on criteria)

2.PNG.bmp

Also to note, this does override your Group Policy settings.  So if you have download and notify, but you choose Download and Install all approved updates, that is exactly what is going to happen.

The very next screen is the criteria of the task, so depending on what you selected the criteria will reflect it.  Even if you had not chosen the custom, you can modify this if needed:

3.bmp

The next tab is a nice set of options.  You can add a pre or post reboot event.  You can wake on LAN if needed.  (you can also run this in planning mode, this would give you a report and let you know items like how many machines would meet the criteria to confirm you have the right logic for example)

4.bmp

The next screen will be your Targets.  This is the place you can build your selection of machines.  The nice thing is you can add them from multiple sources.  You can add 1 at a time by IP address, you can browse Active Directory for machines in certain OU groups, you can also utilize any WSUS groups you have already created.  (You can also create Patch Manager Groups for machines you want to group together, and don’t have other methods to group them and then use them here)

5.bmp

And finally, the main reason you are doing this, the Schedule tab.  After you have all of the end Targets added into the selections here, the next screen is the final one and where you set up the time to execute this task, and of course, you can setup a Recurring Schedule as well.  (You could also do an ad-hoc version of this task and just Run Task Now if there was something you wanted deployed immediately)

6.bmp

Parents
  • I'm still trying to wrap my head around how Patch Manager tasks handle updates when you don't want to interrupt business. I have plenty of machines that are slightly out of date - I just can't get the users to remember to keep their computers on so I can run updates overnight. WOL seldom works, so I'm left with the option of running updates during business hours but I also can't hold up a machine - just the nature of our business - we could lose money if a computer is downed.

    If I run a download and install, but set it to "Do not reboot" will it simply queue the update on the next user restart, or if the update requires it, will it still force a restart? I have my GPO settings to never notify, but schedule the installs.

Reply
  • I'm still trying to wrap my head around how Patch Manager tasks handle updates when you don't want to interrupt business. I have plenty of machines that are slightly out of date - I just can't get the users to remember to keep their computers on so I can run updates overnight. WOL seldom works, so I'm left with the option of running updates during business hours but I also can't hold up a machine - just the nature of our business - we could lose money if a computer is downed.

    If I run a download and install, but set it to "Do not reboot" will it simply queue the update on the next user restart, or if the update requires it, will it still force a restart? I have my GPO settings to never notify, but schedule the installs.

Children
No Data