Hi,
I am having a tough time understanding if itarian really does patch management or it just uses windows update service to do patch management.
I do see that in the management consoles patches are listed, however i am not sure when we install the patch, does the agent pulls the patch from the management server, or it just goes to windows update site and download the update.
Also does anyone know how to invoke the patch installation from client side using Itarian agent? If i do windows update on the client side, then its pulling updates from internet site.
What is the value add this tool is bringing if the updates are happening via Windows update or am i doing something wrong.
Maybe I’m doing wrong but since itarian uses windows update I disabled the auto updating feature on the endpoints so that I can handle the patches via Itarian portal.
Hi @mdyunusraza,
I am having a tough time understanding if itarian really does patch management or it just uses windows update service to do patch management.
I do see that in the management consoles patches are listed, however i am not sure when we install the patch, does the agent pulls the patch from the management server, or it just goes to windows update site and download the update.
Our RMMService just uses windows update service to do OS patch management. It uses API calls to Windows Update Service for scan/install/uninstall/update OS patches.
A feature request is already raised to use repository or distribution server for Installing OS Patches and we will inform you once it got implemented.
Also does anyone know how to invoke the patch installation from client side using Itarian agent? If i do windows update on the client side, then its pulling updates from internet site.
No, client can’t uninstall installed patch using tray icon. But we can perform uninstallation of patch from EM Portal.
Note: Some windows patch updates can’t be uninstalled if windows don’t allow.
What is the value add this tool is bringing if the updates are happening via Windows update or am i doing something wrong.
Admin can decide which patches need to be installed or which can be ignored for their clients device.
Please check this help guide for more information
https://help.comodo.com/topic-399-1-786-10105-install-os-patches-on-windows-endpoints.html
Kind Regards,
PremJK
Thanks PremJK for the reply, based on your response i have additional questions
-
My query was not about uninstall patch from the client. It was more of how to invoke the patch scan from client side. I know that from server you can create a patch procedure but how can i invoke from the client side? The reason i want to invoke from client side is that i want to display a popup to the user to allow/disallow the patch installation which is not possible if i run a patch procedure as it does not allow any custom action there.
-
If you say that the patches are coming from Windows Update site as opposed to Itarian then how is it ensured that the patches that i approved in Itarian will only be downloaded and not the other patches? How are you ensuring that, is that in your code that first the agent talks to Itarian management server and then reads the approved patches, then queries Microsoft update server and then only download and installs that?
Hi @mdyunusraza,
Our script developers have created a script for your request where the client site can decide whether to allow or disallow the patch installation
https://scripts.itarian.com/frontend/web/topic/script-to-allow-user-to-decide-windows-patch-with-pop-up-message
Please try and provide your feedback.
Kind Regards,
PremJK
@PremJK
Currently this request is tracked in ITarian Ticket #:4428099
However I will try the script and provide feedback here. But I see that its meant for installing specific packages, how can we make it work with itarian patch management, so that i dont have to specify the patches. It should pick whatever i approve in the management console.