LANDesk Management Suite 9.0. Getting started with Patch Manager

Similar documents
LANDesk Patch and Compliance. Common Troubleshooting steps for Vulnerability Remediation.

LANDesk Patch Manager. Strategic and Tactical Implementation Guide

LANDesk Management Suite 9. Best Practices for Agent Configuration and Deployment (BKM)

LANDesk Management Suite 8, v8.1 Creating Custom Vulnerabilities

4cast Client Specification and Installation

AV Management Dashboard

Using Remote Web Workplace Version 1.01

SSL VPN Setup for Windows

Configuring WPA2 for Windows XP

Snow Inventory. Installing and Evaluating

How To Sync Between Quickbooks And Act

LogMeIn Network Console Version 8 Getting Started Guide

Installing TestNav Mac with Apple Remote Desktop

Instructions for Connecting to PACS outside of a Regional Facility

Sophos Anti-Virus for NetApp Storage Systems startup guide

BitDefender Security for Exchange

How to Configure Outlook Client for Exchange

Setting up Sharp MX-Color Imagers for Inbound Fax Routing to or Network Folder

Lenovo Online Data Backup User Guide Version

CONNECT-TO-CHOP USER GUIDE

BSDI Advanced Fitness & Wellness Software

SQLBackupAndFTP User Instructions (Rev 0.3) 9/14/10

How to connect to VUWiFi

Server Installation: ServerTools

XStream Remote Control: Configuring DCOM Connectivity

MyNetFone Virtual Fax. Virtual Fax Installation

Installing Windows Server Update Services (WSUS) on Windows Server 2012 R2 Essentials

TAMUS Terminal Server Setup BPP SQL/Alva

Patch Management Hands-On Exercises. Patch Management Hands-on Exercise

Tutorial. Patch Management

Linko Software Express Edition Typical Installation Guide

1. Set Daylight Savings Time Create Migrator Account Assign Migrator Account to Administrator group... 4

Sophos Anti-Virus for NetApp Storage Systems startup guide. Runs on Windows 2000 and later

HP Client Automation Standard Fast Track guide

User Guide. Version 3.2. Copyright Snow Software AB. All rights reserved.

Connecting to Delta College Exchange services off-campus

Distributing SMS v2.0

Remote Desktop Services

Remote Access: Citrix Client Setup

AT&T Internet Security Suite - powered by McAfee. Installation Guide (for Clean Machine with No Anti-Virus Installed)

Citrix Remote Access Portal U s e r M a n u a l

Virtual Office Remote Installation Guide

How To Upgrade Your Microsoft SQL Server for Accounting CS Version

Deployment of Keepit for Windows

Sophos Anti-Virus for NetApp Storage Systems user guide. Product version: 3.0

Laptop Backup - User Guide (Windows)

Sophos Enterprise Console Help. Product version: 5.1 Document date: June 2012

How To Use Senior Systems Cloud Services

Contents. VPN Instructions. VPN Instructions... 1

How to remotely access your Virtual Desktop from outside the college using VMware View Client. How to guide

MAPPING THE WEBDRIVE REFERENCE GUIDE

Remote Access with Outlook 2003 Using RPC over HTTPS

Nexio Connectus with Nexio G-Scribe

ILTA HANDS ON Securing Windows 7

Setting up Remote Desktop

Cyber Security: Software Security and Hard Drive Encryption

LepideAuditor Suite for File Server. Installation and Configuration Guide

WA2192 Introduction to Big Data and NoSQL. Classroom Setup Guide. Web Age Solutions Inc. Copyright Web Age Solutions Inc. 1

Deploying Windows Streaming Media Servers NLB Cluster and metasan

SQL Server Setup for Assistant/Pro applications Compliance Information Systems

QUANTIFY INSTALLATION GUIDE

Outlook Integration for Client Profiles for Windows

Mondopad v1.6. Quick Start

...1 CITRIX REMOTE ACCESS WINDOWS TABLE OF CONTENTS...1 ADDING CITRIX.AKERMAN.COM AS A TRUSTED SITE TO INTERNET EXPLORER

Web File Management with SSH Secure Shell 3.2.3

Undergraduate Academic Affairs \ Student Affairs IT Services. VPN and Remote Desktop Access from a Windows 7 PC

Check current version of Remote Desktop Connection for Mac.. Page 2. Remove Old Version Remote Desktop Connection..Page 8

Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions

FTP Over SSL (FTPS) Core FTP LE. Installing Core FTP LE"

How to Setup SQL Server Replication

K7 Business Lite User Manual

Portions of this product were created using LEADTOOLS LEAD Technologies, Inc. ALL RIGHTS RESERVED.

Table of Contents. CHAPTER 1 About This Guide CHAPTER 2 Introduction CHAPTER 3 Database Backup and Restoration... 15

Citrix : Remediation - MAC

LRDC Computing Services

Quick Install Guide. Lumension Endpoint Management and Security Suite 7.1

Symantec AntiVirus Corporate Edition Patch Update

Client Configuration Guide

HOW TO INSTALL FS USB TRANSCRIPTION SOFTWARE (OFFICE ADMIN MEDICAL)

Archive Add-in Administrator Guide

Detecting and Removing Spyware From Your Home Computer

Global VPN Client Getting Started Guide

HWS Virtual Private Network Configuration and Setup Mac OS X 12/19/2006

Installation and Program Essentials

Technical Reference: Deploying the SofTrack MSI Installer

Charter Business Desktop Security Administrator's Guide

LANDESK Service Desk. Desktop Manager

Reporting works by connecting reporting tools directly to the database and retrieving stored information from the database.

3 Setting up Databases on a Microsoft SQL 7.0 Server

KANTECH SCHEDULED EVENTS INSTALLATION MANUAL

RMM/MDM. Quick Reference Guide

Moxa Device Manager 2.0 User s Guide

Introduction. Before you begin. Installing efax from our CD-ROM. Installing efax after downloading from the internet

Patch Management Table of Contents:

Security Practices Essentials. Viruses McAfee Virus Software Critical Windows Updates Network Settings. Spyware Adaware Spybot Windows Defender

Mesa DMS. Once you access the Mesa Document Management link, you will see the following Mesa DMS - Microsoft Internet Explorer" window:

Deep Freeze and Microsoft System Center Configuration Manager 2012 Integration

KB-365CP Certiport Level One (L1) Technical Support

Transcription:

LANDesk Management Suite 9.0 Getting started with Patch Manager

DOWNLOAD PATCH CONTENT TO THE CORE SERVER

INTRODUCTION This document is intended to assist LANDesk Management Suite administrators with implementing Security and Patch Manager in their environment for LANDesk Management Suite 9.0. SCOPE This document covers the steps necessary to get started using Patch Manager to patch clients. It also contains a quick reference guide for experienced LANDesk administrators that just need a reminder of the steps required for patching clients. ASSUMPTIONS This document is written with the expectation that the LANDesk Core Server has been installed and activated and the workstations have the LANDesk agent installed. There are other documents that discuss these topics and are not addressed in this document.

QUICK REFERENCE This section contains the steps required to set up Patch Manager to patch clients. It is intended to be used by experienced LANDesk administrators as a reference and does not go into detail on the process. The details will be covered later in this document. Following are the steps required to set up Patch Manager: 1. Download patch content to the Core Server through the Download Updates window which is accessed through the Patch and compliance tool in the LANDesk Management Console. 2. Make sure that all of the vulnerabilities that the clients need to be scanned for are in the Scan folder in the Patch and compliance tool. Only vulnerabilities in the Scan folder will be scanned for on the clients when the Security Scan is executed. 3. Check the Scan and Repair settings assigned to the clients to verify the options have been set correctly for detection. This can be done in the Agent Configuration under Security and Compliance Patch and Compliance Scan or in the Patch and Compliance window by clicking the Configure settings toolbar icon and select the Scan and repair settings item from the dropdown list. 4. Run a Security Scan on all clients to detect what patches they need. 5. Create and run a repair task to install the patches on the clients. Do not rely solely on the repair task status to determine the success of patching. Continue with the remaining steps to fully determine the success of patching. Note: Only patches that have been detected by a Security Scan on a client can be patched with a repair task. Trying to install a patch on a client that has not been detected will result in the patch failing to install with the message NO_PATCHES_AVAILABLE. 6. Reboot the clients after the patches have installed if any of the patches require a reboot. If a patch requires a reboot it is not completely installed until the client is rebooted. Failure to reboot the client will result in the patch still being detected as not being installed. 7. Run a Security Scan on all of the clients. 8. Check the Security and Patch information for a specific client to see what patches are still needed or check the affected computers list for a specific vulnerability to determine which computers still need the patch.

DOWNLOAD PATCH CONTENT TO THE CORE SERVER The following section contains steps Configure the Download Updates window Login to the Management Suite Console. From the Console, click Tools Security and Compliance Patch and Compliance. Click the Download Updates toolbar icon. This allows you to select what content to download. Core server licensing will determine what content is available in the Download Updates window. The following figure displays all content that can be downloaded with the full LANDesk Security Suite license.

Select the required Definition types and Languages for the environment. Microsoft Windows Vulnerabilities are the most commonly downloaded vulnerability type. Microsoft Windows Vulnerabilities contain the patches for the Windows Operating Systems as well as the patches for common applications for the Windows Operating System such as Adobe Reader, ITUNES and Microsoft Office. Do not check the box for Put new definitions in Unassigned group so that all of the definitions are downloaded to the Scan folder.

Proxy Settings If the company uses a proxy server then the information should be entered on the Proxy Settings tab to allow the content to be downloaded. The vulnerabilities (detection logic) are downloaded from the LANDesk websites. The patches for the vulnerabilities are downloaded from the vendor's website. For example, Microsoft patches are downloaded from Microsoft's websites. Ensure the proxy will allow the Core Server to access the appropriate website to get the patch. Changing the Patch Location It is recommended that the download location for patches be left at the default settings. If there is limited space on the drive that the Core Server is installed on, the patch location should be moved. Click the Patch Location tab if the location needs to be moved

If the patch location is changed, the new location must be setup with the same web settings and folder permissions as the default location. If a UNC path is used for the client access, add the Domain Computers group to the new share with Read access. Scheduling the download When all settings have been set, click Apply. Then click the Schedule download button.

Click OK. Selecting this button will create a scheduled task to update the content that is currently selected. Setting a scheduled task to run nightly will make sure that the content being scanned for is the most current and up to date. If changes are made to what needs to be downloaded a new Scheduled task will need to be created. More than one task can be created but they must be scheduled to run at different times because only one download (VAMINER.EXE) can run at a time.

Set the appropriate schedule for the download task to run and click Save. VERIFY VULNERABILITIES ARE IN THE SCAN FOLDER After the Patch Content has downloaded, check the SCAN folder in the Patch and Compliance tool to make sure all appropriate vulnerabilities are in there. Any old or unwanted vulnerabilities can be dragged to the Do Not Scan folder.

SCAN AND REPAIR SETTINGS FOR DETECTION (AGENT BEHAVIOR) Before starting to scan for vulnerabilities it is necessary to ensure that the scan configuration is set correctly. Depending on what is licensed there can be as many as nine different types of vulnerabilities to scan. From the Scan and Repair Settings window, select the types that you want to be scanned. When a scan is initiated on a managed node an agent behavior needs to be selected so that the scanner knows what to scan. If there is no agent behavior selected then the scanner will scan for the default three types: Vulnerabilities, LANDesk Updates and Custom Vulnerabilities. The Scan and Repair Settings window can be accessed two ways. From the Patch and Compliance window, click the Configure settings toolbar icon and select the Scan and repair settings item from the drop-down list. When configuring an agent configuration click the Security and Compliance Patch and compliance scan tree item and click the Configure button. Double-click the Scan and Repair setting assigned to the client in the agent configuration.

The Scan and Repair Settings window has eight pages: General, Scan, Repair, MSI, Reboot, Network, Pilot and Spyware. Only the General, Scan and Pilot pages affect the detection. General settings page Most of the settings on the General settings page are self explanatory such as Show progress dialog and Allow user to cancel scan. The only option that may need to be changed is CPU utilization when scanning. Adjust the setting to the desired level. Moving the slider bar toward the Low side will reduce the impact on performance of the Security Scan on the client but will also increase the amount of time it takes for the scan to finish. Conversely, moving the slider bar towards the High side will increase the impact on performance of the Security Scan on the client but will also reduce the time it takes for the scan to finish. If the Security Scan is scheduled to run during non-business hours, it would be best to move the slider bar all the way to the High side so the scan can finish as fast as possible. Make any changes required on the General page and then click Scan options.

Scan options page Scan options page controls what vulnerabilities are scanned for on the clients. Make sure that Vulnerabilities, Antivirus updates and LANDesk updates types are selected as a minimum. The Antivirus updates option when checked will detect and return information about the antivirus software installed on the client if it is one of the more common antivirus applications (McAfee, Symantec, LANDesk AV, etc.). The Enable autofix checkbox will only make a difference if vulnerabilities have had autofix enabled in the Patch and Compliance window. Check the Autofix column to see if there is a Yes for any of the vulnerabilities in the Scan folder. Only vulnerabilities in the Scan folder that have a Yes in the Autofix column will be automatically installed. Uncheck the Enable autofix box to prevent any patches from being automatically installed on clients.

Pilot configuration page Make sure that the Periodically scan and repair definitions in the following group is unchecked. Click Save when all Scan and Repair settings have been adjusted. When a Security Scan is run on the clients, any changes made to the Scan and Repair settings will automatically be downloaded to the client. RUN A SECURITY SCAN (VULSCAN.EXE) ON ALL CLIENTS A patch cannot be applied to a computer unless the vulnerability associated with that patch has first been detected on that computer. There are three different ways to run a Security Scan on a computer to detect vulnerabilities. The first two ways are configured from the Agent Configuration tool in the LANDesk Console and should have been configured before deploying the LANDesk agent. The first two methods will not be covered in this document. The security scan should be run on managed nodes at least once a day. 1. When a user logins. 2. Setting a frequency to be run by the client s local scheduler service. By default, the Security Scan is set to run once a day in the agent configuration. 3. Create a Security Scan task.

Create a Security Scan Task In the Patch and Compliance window, click the Create a task icon in the toolbar and select Security Scan from the drop-down list. The Create security scan task window appears. Click to place a checkmark in the Create a scheduled task checkbox. Select the Scan and repair settings from the drop-list that was created or modified in the previous section of this document. Click OK to create the task which will create the task in the Scheduled Tasks window.

Drag computers from All Devices in the Console and drop them on the Security Scan task (Patch and Compliance Scan) in the Scheduled tasks window. Drag all computers that the Security scan needs to be run on to the task.

Right-click the Security Scan task (Patch and Compliance Scan) in the Scheduled tasks window and click Start now to immediately run the Security Scan task. Or, select Properties to schedule a time for the Security Scan to run. It is recommended to run the Security Scan task during non-business hours because the Security Scan will impact the performance of the computer. CREATE AND RUN A REPAIR TASK After the Security Scan completes on the clients, it is time to create a repair task to remediate the detected vulnerabilities. Open the Patch and Compliance window in the LANDesk Console.

Right-click My custom groups in the Patch and Compliance window under Groups Custom groups and select the New Group option. Enter a name for the new group.

Click on the Detected folder under All Types which will display a list of all of the vulnerabilities that have been detected as needing to be installed on at least one computer that the Security Scan was run on earlier. Click on any of the vulnerabilities in the detected folder and then hit CTRL + a which should select all of the vulnerabilities in the detected folder.

The lower left corner of the Patch and Compliance window will show the number of vulnerabilities in the detected folder. Drag and drop all of the vulnerabilities from the detected folder to the custom group (MyPatchGroup) created previously. If this message window comes up, click Yes.

Click the custom patch group (MyPatchGroup) and verify that all of the patches were added to the group. The number of vulnerabilities in the group should be equal to or greater than the number on the detected folder because of dependencies and prerequisites that were automatically added. Look through the vulnerabilities in the patch group and remove any vulnerabilities that you do not want installed on any computers in your environment. Right-click the custom group and select the Repair option.

If this Repair Information message box comes up, click Yes. Click the Configure button to open the Configure scan and repair settings window.

Click the New button to create a new scan and repair setting for the repair task. On the General settings page, enter a name for this scan and repair setting to be used with the repair task. Adjust the slider bar for CPU utilization when scanning if necessary. Moving the bar towards High will increase the amount of CPU VULSCAN.EXE is allowed to use. Change any other settings as necessary for the environment. Click Repair options to switch to the repair options page.

Make sure that the Reboot is already pending box is checked. Adjust other settings as required for the environment. Click MSI information to switch to the MSI information page.

If the original location for the Microsoft Office install files is no longer accessible by the client, enter the UNC path to the Office install files and a username and password that can access them. If you are not sure whether the client can access the original location, leave this page blank and try it. If the Office patches fail, fill in this page and try it again. Click Reboot options to switch to the reboot options page.

Select the appropriate options on the reboot options page to meet the requirements for the environment. Click Save. Make sure the new Scan and Repair setting is highlighted and then click Use selected.

Verify that the correct scan and repair setting is shown in the Scan and repair settings box. Then click the Patches tab.

Click on any of the patches in the list and hit CTRL+a which should highlight all of the patches in the list.

Right-click any of the patches and select the Download Patch option. The Downloading Patches window will appear.

Wait for all of the patches to download and click Close when it is done. Then click the General tab. Any patches that are already downloaded will be verified and skipped if the file matches the current vulnerability otherwise the patch will be redownloaded.

It is recommended to use Repair as a scheduled task (push) so that the patching time can be controlled. For laptops (mobile users), the Repair as policy (pull) is the recommended method for patching the remote device. This is the most effective method since the policy can run when the device connects to the network. Select the Don't add any computers option because the patches should be tested on a few computers first to make sure there are no major problems with the patches. Click OK which will create the repair task and switch to the Scheduled Tasks window with the repair task highlighted.

Drag a few devices that can be used for testing from the All Devices list and drop them on the repair task in the Scheduled Tasks window. These will be the computers used to test the patch deployment process.

After the test computers have been added to the repair task, right-click the repair task and click Start now to immediately patch the computers, or select the Properties option to set a start time for the task. It is best to patch computers during non-business hours because of the performance impact to the computer while patches are being installed. Wait for the patch repair task to complete and then continue with the next section. REBOOT THE CLIENTS Reboot the clients if any of the patches in the repair task requires a reboot. Until the client is rebooted, the patch is not completely installed and will still be detected on the clients. This can be done with the reboot task available in the Patch and Compliance window. Open the Patch and Compliance tool.

Select the Reboot option from the Create a task drop-down list. The Create reboot task window appears. Click to place a checkmark in the Create a scheduled task checkbox. Click the Configure button to create a Scan and repair setting for the reboot task.

Click the New button. On the General settings page, enter a name for this Scan and Repair setting. Click Reboot options to switch to the reboot options page.

Select the Always reboot option. Select other options as required for this environment. Click Save. Verify the correct scan and repair setting is highlighted and click Use selected.

Verify the required scan and repair setting shows in the Scan and repair settings box. Click OK which will create the reboot task and switch to the Scheduled Tasks window with the reboot task highlighted. Drag the computers which need to be rebooted from All devices and drop them on the reboot task.

Right-click the reboot task and select the Start now option to immediately start the task or select Properties to set a start time for the task. Wait for the computers to restart before continuing with the next section. RUN A SECURITY SCAN ON THE CLIENTS THAT WERE PATCHED Follow the instructions in the section titled "RUN A SECURITY SCAN (VULSCAN.EXE) ON ALL CLIENTS" to run a Security Scan on the computers that were patched. CHECK SECURITY AND PATCH INFORMATION FOR PATCHED COMPUTERS Check the Security and Patch information for the patched clients to see what patches are still needed.

Right-click a patched computer under All devices in the console and select the Security and Patch Information option.

All Detected will show all patches that the computer still needs. Repeat the steps in this document until all patches have been installed on the computers. CONCLUSION The steps outlined in this document provide the user with the basic information required to get started with Patch Manager in a LANDesk Management Suite 9.0 environment. ABOUT LANDESK SOFTWARE The foundation for LANDesk s leading IT management solutions was laid more than 20 years ago. And LANDesk has been growing and innovating the systems, security, service and process management spaces ever since. Our singular focus and our commitment to understanding customers real business needs and to delivering easy-to-use solutions for those needs are just a few of the reasons we continue to grow and expand. LANDesk pioneered the desktop management category back in 1993. That same year, IDC named LANDesk the category leader. And LANDesk has continued to lead the systems configuration space: pioneering virtual IT technology in 1999, revolutionizing large-packet distribution with LANDesk Targeted Multicast technology and LANDesk Peer Download technology in 2001, and delivering secure systems management over the Internet and hardware-independent network access control capabilities with LANDesk Management Gateway and LANDesk Trusted Access Technology in 2005. In 2006, LANDesk added process management technologies to its product line and began integrating the systems, security and process management markets. LANDesk also extended into the consolidated service desk market with LANDesk Service Desk, and was acquired by Avocent to operate as an independent division. Today, LANDesk continues to lead the convergence of the systems, security, process and service management markets. And our executives, engineers and other professionals work tirelessly to deliver leading solutions to markets around the globe.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information