Creating a Patching Job for Microsoft Windows


Use the following procedure to create a Patching Job for Microsoft Windows.

Warning

You need to enable the required permissions for anyone responsible for creating a patching job, see Role-based-permissions-for-creating-and-running-a-patching-job for the list of permissions.

  1. In the console's Folders view, expand the Jobs folder.
  2. Under Jobs, navigate to an existing folder or create a new folder for your Windows Patching Job. The examples in this procedure use the folder structure Jobs\PK99\Workspace.

    Success

    Recommendation

    In a production environment, create a top-level folder called Patching, and give access to that folder and the objects within it to the end users who are responsible for patching functions.

  3. Right-click the folder in which you want to store the new catalog and select New > Patching Jobs > Windows Patching Job.
    worddav845e6e3fa02d84e623f9a3315ed77a00.png
  4. On the General panel:
    1. In the Name field, provide a name for this job.
    2. Optionally, in the Description field, describe the job.
    3. Verify that the auto-populated value in the Save in field is where you want to store this job. You can browse to another location if necessary.
    4. In the Specify a Catalog field, browse to a patch catalog in the Depot folder. An updated catalog must already exist. (See Creating-and-updating-patch-catalogs.)
    5. Under Number of Targets to Process in Parallel, select the number of systems on which you want the analysis Job to run simultaneously.
    6. Click Next.
      worddavb339f49fcf2c9903498c74cd5da9af30.png
  5. On the Analysis Options panel, define the set of patches that you want to analyze. Select either Group or List.
    • Select Group to start with an entire catalog of patches. Then limit the set of patches as described below.
    • Use the check boxes under the Group option to include or exclude categories of patches. You must select at least one of the choices under Group. For example, select Security Patches and clear the other fields to analyze only security patches.
    • Use the Includes/Excludes filter at the bottom of the panel to add patches to or remove patches from the group of patches selected with the check boxes. The Includes/Excludes filter operates on smart groups in the catalog. For example, to create a Windows Patching Job that analyzes all security patches and all missing Adobe patches, select Security Patches under Group and add a smart group for Adobe patches using the Includes/Excludes filter.
    • Select Listto start with one or more smart groups in the catalog. Use the Includes/Excludes filter at the bottom of the panel to include or exclude the smart groups.

      Warning

      Note

      • With the List option, do not include the entire catalog in the include list. Use the Group option instead.
      • In versions earlier than 8.2, the Catalog listed partially-superseded bulletins (that is, bulletins in which all patches are not superseded) as Obsolete. Beginning with version 8.2, the Supersdeded_By* property has been added to the console at the hotfix level, which displays the correct supersedence information when Catalog Update is run. If all the patches in a bulletin are Superseded, only then the bulletin is marked as Obsolete in the Bulletin Obsolete column.
  6. In the Includes/Excludes section, click Add. In the Include/Exclude Selection panel that appears, you can select additional items to include or items to exclude in the analysis job.

    Success

    tip

    To avoid browsing through thousands of patches in the Include/Exclude Selection panel, you can create smart groups in your patch catalog that define filters pertaining to your include and exclude lists. For information about defining smart groups, see Organizing-a-patch-catalog-using-smart-groups.
     Beginning in version 8.2, you can create a text file of QNumbers to include or exclude, and browse to that file on the Include/Exclude Selection panel. For information about using a QNumber text file, see Analyzing-servers-for-specific-QNumbers.

    The following example creates a Windows Patching Job that analyzes patches related to security, security tools, and KB970430.
    worddav1d97cef2bcc95b340729c2970db14cb1.png
    worddavf0d3a94b69ebc5e383b8dc1636914d21.png

  7. When you finish specifying analysis options, click Next.
  8. On the Remediation Options panel, ensure that the Create remediation artifacts field is cleared, and click Next.

    Warning

    Note

    Do not select Create remediation artifacts. You are running an analysis-only process at this point. You can ignore the other fields on this window.

    worddav53dcfa295af7c72bc973294645a0b3e2.png

  9. On the Targets panel, select the servers that are the targets of this Windows Patching Job.
  10. In the left panel, navigate to a server smart group or to an individual server.
  11. Click the > button to move the selection from the left panel to the right panel.
  12. Continue to select groups or servers until you have a complete list of servers for the analysis.
  13. Click Next.
    worddavf32245fde10687f7efce5f4662f68ef5.png
  14. On the Default Notifications panel, configure default settings. The defaults are used for all runs of this job unless you override them with notification settings for a scheduled job. You can:
    • Send e-mails to one or more addresses for one or more selected job status values. To separate multiple e-mail addresses, use semicolons. By default, the e-mail includes a summary of the patch analysis, including the number of servers scanned and the number of patches missing
    • Append detailed patch analysis results with the e-mail. You can limit the size of the attachment.
    • List the servers that failed the analysis.
    • Send SNMP trap information to objects that you select using the browse button.
      worddav1edd4af06ca40b384262c3687263de7b.png
  15. Click Next to continue.
  16. On the Schedules panel, either:
    • Select the Execute Job Now check box to execute the job immediately after you finish creating it
    • Select a previously defined schedule from the Schedule list. (The example below does not show any items in the Schedule list.)
    • Click Add to define a new schedule and add it to the list.
      worddavd72e01ae7f100326c3c15e71157e8b5b.png
  17. Click Add, the Add New Schedule panel opens.
    • Define the new job schedule.
      worddave2ec8d043293f235973abd29fbbaa66f.png
    • (Optional) Click the Scheduled Job Notifications tab to define notifications to associate with this job schedule. If you skip this tab, the default notification settings from Step 10 are used.
      worddav01d11b6b38dcddaeaec245b1cfd79ff1.png
  18. Make your selections and click OK to return to the Schedules panel.
  19. Click Finish to complete the Windows Patching Job creation wizard and create your job.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

Server Automation Documentation