Windows Patch Management: Difference between revisions

From UMIACS
Jump to navigation Jump to search
← Older edit
No edit summary
No edit summary
 
(29 intermediate revisions by 2 users not shown)
Line 1: Line 1:
In order to combat the ever increasing number of 3rd party security vulnerabilities on Windows machines, the UMIACS systems staff has deployed LANDesk Patch Manager. As security threats have evolved from the operating system to applications we have had to take this step in order to maintain operational security for the institute. Currently the updates are focused on applications that are exposed to the internet such as Firefox, Flash, Acrobat, Java, etc.
As of Fall 2025, UMIACS uses Windows' built-in Windows Update mechanism to patch the Windows operating system, Windows drivers, and other Microsoft products that Microsoft uses Windows Update to push updates for, in tandem with a software distribution tool called [https://umd-dit.atlassian.net/wiki/spaces/DMS/pages/45285463/Patch+My+PC Patch My PC] that operates through the Division of IT's managed [https://umd-dit.atlassian.net/wiki/spaces/DMS/pages/45285467/Intune Intune] service to patch third party applications.
 
Patches are deployed during the week leading up to the [[MonthlyMaintenanceWindow|maintenance window]]. The updates are scheduled to be installed every night between 7:30pm and 9:30pm. If you are not logged in during those times, the system will automatically install the patches and reboot if necessary. If you remain logged into your system overnight, you will see a prompt from LANDesk asking to scan your system. You have 24 hours to snooze the scan and can snooze up to 6 times. If you do not snooze within 24 hours the system will be automatically patched. After the scan and the patches are installed you will most likely be prompted to reboot.  It is highly suggested to reboot right away due to system instability but you do have the option to snooze. After 24 hours the system will automatically reboot. If you have any open, unsaved work this could be lost during this reboot.
Our previous patch management solution, Ivanti Endpoint Manager, may still have agent software installed on UMIACS-supported [[Windows]] desktops, however it operates only in "read-only" mode and does not perform actual patching anymore. It will be removed in the future.
 
==Windows Update==
* '''Desktops''' will run updates available through Windows Update daily between 3am and 4am US Eastern.
* '''Laptops''' will run updates available through Windows Update at any time they are on and connected to the internet.
 
The only updates available through Windows Update that should require computer restarts are the Windows operating system monthly rollups, released on [https://en.wikipedia.org/wiki/Patch_Tuesday Microsoft's Patch Tuesday]. After a month's monthly rollup is installed on your computer, you will receive a notification stating that your machine needs to be restarted in the next 8 days. You can choose either to restart immediately or to schedule the restart. If you do not restart by the deadline, your computer will automatically restart no more than a day after the deadline is exceeded.
 
==Patch My PC==
Patches are deployed as they come out for the Patch My PC catalog. They should install automatically and require little to no input.

Latest revision as of 20:55, 15 October 2025

As of Fall 2025, UMIACS uses Windows' built-in Windows Update mechanism to patch the Windows operating system, Windows drivers, and other Microsoft products that Microsoft uses Windows Update to push updates for, in tandem with a software distribution tool called Patch My PC that operates through the Division of IT's managed Intune service to patch third party applications.

Our previous patch management solution, Ivanti Endpoint Manager, may still have agent software installed on UMIACS-supported Windows desktops, however it operates only in "read-only" mode and does not perform actual patching anymore. It will be removed in the future.

Windows Update

  • Desktops will run updates available through Windows Update daily between 3am and 4am US Eastern.
  • Laptops will run updates available through Windows Update at any time they are on and connected to the internet.

The only updates available through Windows Update that should require computer restarts are the Windows operating system monthly rollups, released on Microsoft's Patch Tuesday. After a month's monthly rollup is installed on your computer, you will receive a notification stating that your machine needs to be restarted in the next 8 days. You can choose either to restart immediately or to schedule the restart. If you do not restart by the deadline, your computer will automatically restart no more than a day after the deadline is exceeded.

Patch My PC

Patches are deployed as they come out for the Patch My PC catalog. They should install automatically and require little to no input.

Retrieved from "https://wiki.umiacs.umd.edu/umiacs/index.php?title=Windows_Patch_Management&oldid=12859"