Views for Better Patch Management

To ease up the process of patch management, the Patch Management filter head, under View Definitions, lets you further refine a machine ID / machine group filter based on different patch status attributes/conditions, as seen below:

View filtering can be applied under allfunction pages by selecting a specific View from the drop-down list or Create New.
Click “Edit” on the required Kaseya View and under “Patch management” you can select diverse options to view only the desired machines with specific attributes. For example: Only machines which have failed patches on them.

Various options/filters are available to choose from, and either one or multiple attributes can be selected for desired results. The top 7 “must have” views for better management and gaps identification for patching are as below:

- Machines that have no patch scan results (unscanned) - List machines that have not been scanned for missing patches

One of the most critical factors for patch management is to identify the list of missing patches, and the basis to which the VSA pushes out the patch identified as missing on a machine is a result of such scans.

Patch scans make WUA agents on machines run a complete scan comparing what’s available vs what’s installed to help look for the latest information on installed/missing patches. Selecting this option will help in filtering out machines on which the patch scan has not been running. Until this is fixed, machines will not be able to get any patches through VSA.

- Machines missing greater than or equal to “N” patches - List machines missing a specified number of Microsoft patches.

Example: To extract machines with 10+ missing patches, select this filter and enter 10 in the provided space and check the option “Use Patch Policy” to avoid the denied set

- Machines with patch installation failures – List machines on which patches are failing to execute/install.

Patches can fail during execution due to various window’s error codes. Working on these failed patches is the most important aspect of patch management as some of the patches are dependent on the previous set of patches, so to push them, issues with previous patches need to be fixed.

- Machines with Patch Test Results - List machines with the selected patch test result.

Patch Test – It provides admins the ability to execute a sample patch cycle to identify likely issues within the patching process. The success of this is a strong indication that patch process will be successful.

We can create a filter for machines with failed patch tests to identify the issues where the communication between a VSA and Machine is broken.

- Machines missing a specific patch (identified by the patch's 6-digit KB Article ID) - Lists machines missing a specific patch

Example: To filter out machines missing with a specific KB required for an emergency vulnerability fix.

We can enter the KB article ID in the specified field to get the machines on which this specific patch is missing to schedule a push on them accordingly.

- Machines with an installed patch (identified by the patch's 6-digit KB Article ID) - Lists machines which have a specific patch installed.

Vice-versa of above, we can also filter out those machines on which a specific patch is installed, which is sometimes required to identify the machines installed with a specific patch that has a bug and is causing issues.

We just need to enter the KB article ID in the specified field to get the required list of machines and push out the uninstalls to fix the issues.

- Windows Automatic Update is either enabled/disabled - Lists machines on which windows automatic update is either enabled or disabled.

It is necessary to keep the windows automatic update disabled on all of the managed machines in order to allow VSA to take control of the patch configuration and follow the defined settings. This is one of the major reasons identified for an unplanned patching and reboots.

To avoid these issues along with others, like installation of a denied set of patches, we can filter out the machines on which windows automatic update is enabled, and we can disable them to retain control of the patch management process through VSA.

It is important to create and frequently check these views, so that you can identify and plan to fix these issues for optimum results, and then you are able to create better patch compliance across your client base. If you need help with configuration of these views and remediations, please get in touch.

Views for Better Patch Management

Categories

Labtech

ConnectWise Automate on Linux – Best Practices

ConnectWise Automate Maintenance Mode Explained Best Practice

Uninstalling and Offboarding Automate Agents

How to Set Up Automate users to use ConnectWise SSO

Windows 10 Build Upgrades are Inevitable - Use Kaseya/ConnectWise Automate to Deploy

Best Practice Naming of Patching Groups

Automate 12 Patch 9 Now Available!

5 Tips for using the Report Center

Automate 12 Patch 8 Now Available!

Automate 12 Patch 7 Available for Download

Business Continuity

Proactive Maintenance

Kaseya

Security Best Practices for Kaseya VSA

Kaseya VSA: Software Management vs. Patch Management

Software Management Enhancements

Two-Factor Authentication in Kaseya VSA

Windows 7 & Windows 10 Multiple Builds End of Life – Upgrade Using Kaseya or ConnectWise Automate

Kaseya Network Monitor: Benefits & Features

Kaseya Patch 9.5.0.22 and Future Updates

Kaseya's New State-of-the-Art Contemporary User Interface

Kaseya Product Release - April '19

Kaseya Software Management Module

Datto

Creating & Implementing a Disaster Recovery Plan

Disaster Recovery – Minimizing Impact of Downtime

Updating a Datto Device

Datto Agent Communication Errors

Datto

StorageCraft

Get in touch today for MSP Centralized Services