Kace manual patch - Free Download
Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Applications that the K is contracted to support.
Overview of first-time patch-subscription workflow. Gathering information about installed operating systems and applications. Selecting patch download settings. Viewing patch download status. Workflow for critical OS patches for desktops and servers. About scheduling critical patches for laptops.
Workflow for critical patches for laptops. About scheduling non-critical patches. About using Smart Labels for patching. Creating Smart Labels for patches. Creating a Smart Label for critical OS patches. Creating a Smart Label for new patches. Creating Smart Labels for machines. Creating a Smart Label for desktops. Creating a Smart Label for servers. Creating a Smart Label for laptops. Viewing patch status by machine.
Searching for individual packages within patches. Determining whether a patch can be rolled back. Undoing the last patching job. Viewing the Patch Listing page.
Information on the Patch Listing page. Detection and deployment status. Marking patches as inactive. Hiding patches that do not meet subscription criteria. Viewing patch information for computers in Inventory. Viewing the patch log. Available versions of Secure Browser. Manually downloading and installing Secure Browser. Downloading and distributing Secure Browser from the appliance. Adding Secure Browser to the Software Library. Creating a Secure Browser Software Library item.
Managing Secure Browser Using the K Exporting the Isolation Configuration file. Centrally managing Secure Browser settings. Controlling when users can use Secure Browser.
Controlling which websites users can visit. Restoring Secure Browser to its original configuration. Shutting down Secure Browser on a managed machine. About OVAL test definitions. Using labels to restrict OVAL tests. Using the Vulnerability Report. Accessing OVAL vulnerability reports. Applying a label to affected machines.
Creating Windows-based security policies. Creating Enforce Internet Explorer Settings scripts. Creating Enforce Disallowed Programs Settings scripts. Creating Quarantine Policy scripts. Creating the Lift Quarantine Action scripts. Creating Mac OS-based security policies. Creating Enforce Firewall Settings scripts. Creating Enforce Parental Controls scripts.
Creating Enforce Security Settings scripts. Topics in this section: This increases security and protects your machines and network from vulnerabilities. The Patch Management component is supported on machines running Windows and Macintosh operating systems only.
Patch Management is not available for machines running Linux operating systems. Patching workflow The patching workflow includes these tasks: Subscribing to the patches that you want to download. If the Organization component is installed on your appliance, you set subscription settings for each organization separately.
Additional workflow details are available for first-time patch subscription. See Subscribing to patches on page Selecting patch download settings on the K Settings: See Selecting patch download settings on page Creating Smart Labels to group machines for patching and patches for deployment. See Creating Smart Labels for patches on page Creating patching schedules to detect and deploy packages. If the Organization component is installed on your appliance, you create patch schedules for each organization separately.
See Creating patch schedules on page Figure illustrates this workflow. Patching workflow Signature files for patches you subscribe to are downloaded to the appliance from Lumension. Patch packages are downloaded from Lumension and from software vendors. Smart Labels group the downloaded patches. Smart Labels select machines to patch. Machines that need the patch are detected according to a schedule. Patches are deployed to machines according to a schedule. About patch signature files Patch signature files include the security bulletins and other files that define patches; they do not include the patch packages that are used to install patches.
Patch signature files are downloaded from Lumension according to the subscription and download options you select. For more information on downloading patch signature files, see Selecting patch download settings on page Patch packages are downloaded from Lumension according to the subscription and download options you select. In some cases, patch packages are also downloaded directly from vendors, such as Microsoft and Adobe.
There are two options for downloading patch packages: You can choose to download only those packages that have been detected as required by machines you manage. This reduces download time and disk space, because the appliance downloads only those packages that are detected as required. In addition, you can choose to automatically remove patches after a specified period of time if detect results show that they are not needed.
You can choose to maintain a full cache of packages regardless of whether they are required by the machines you manage or not. This keeps packages available for quick deployment, but it requires more download time and disk space than downloading only those packages that you need. For more information about package download options, see Selecting patch download settings on page Before patch signatures are made available to the appliance, Lumension performs the following security checks: For more information, search for Lumension at www.
Each patch created by the content team is validated with the Symantec Ghost Solution Suite distribution and Update Server products. About deployment testing Deployment testing verifies that: Review patches before deploying them Review new patches before you deploy them to machines. Create a filter to display new active patches that have been downloaded to the K Management Appliance within a specific time period. Test patches before deploying them Test patches on selected machines before deploying them to all machines.
This ensures that patches do not break anything before they are widely deployed.
KACE Automatic Patching Tip for New Machines
Custom PostDisplay a message on managed machines after the installation is Install Message complete. Downloading and distributing Secure Browser from the appliance This section explains how to download and distribute Secure Browser from the K System Management Appliance to managed machines that meet the System software requirements on page If the Secure Browser was deployed from the K Management Appliance, the installer is located in the K Agent installation folder. If an install action and an uninstall action both have the same order value, the uninstall action is performed first. About patch signature files Patch signature files include the security bulletins and other files that define patches; they do not include the patch packages that are used to install patches. The Security Policy page appears. Users see this message before the appliance places their machine in quarantine.
Dell Kace K1000 System Management Appliance v5.4 Patching and
Select the Enforce Trusted Zone settings policy check box, then choose the security level from the Security level drop-down list. Select Deployment and Scheduling options. You can find this information on the appliance Summary page as well as by running reports. Options include Install later or Install now. View Active or Inactive patches.
To test the Smart Label: Shutting down Secure Browser on a managed machine You can shut down instances of Secure Browser running on managed machines as described in this section. Creating Windows-based security policies. Used with the Message Timeout and Reboot Message fields. Packages include the installers that are required to install the patches, and they are downloaded directly from vendors such as Microsoft and Adobe. Force Update Update all file versions, even if the machine already appears to have the latest versions. To generate a custom MSI package: If the time specified in the Message Timeout field elapses without the user pressing a button, the appliance performs the action specified in the Reboot Options Timeout Action section. The message that appears on managed machines before installation begins. Select Deployment and Scheduling options. If you do not have patches available on your K Management Appliance, see Selecting patch download settings on page Further, patches that require reboots only shown as deployed after the reboot. When the download resumes, it starts up where it left off. After a checklist is imported and loaded into a KScript, use this page to access the Script: