Difference between revisions of "Windows Patch Management"

From UMIACS
Jump to navigation Jump to search
Line 1: Line 1:
In order to combat the ever increasing number of 3rd party security vulnerabilities on Windows machines, the UMIACS systems staff has deployed LANDesk Patch Manager. As security threats have evolved from the operating system to applications we have had to take this step in order to maintain operational security for the institute. Currently the updates are focused on applications that are exposed to the internet such as Firefox, Flash, Acrobat, Java, etc.
+
'''Note: As of version 2017 LANDesk has rebranded to Ivanti. Some shortcuts/etc. may now be referenced by Ivanti rather than LANDesk.'''
+
 
Patches are deployed during the week leading up to the [[MonthlyMaintenanceWindow|maintenance window]]. The updates are scheduled to be installed every night between 7:30pm and 9:30pm. If you are not logged in during those times, the system will automatically install the patches and reboot if necessary. If you remain logged into your system overnight, you will see a prompt from LANDesk asking to scan your system. You have 24 hours to snooze the scan and can snooze up to 6 times. If you do not snooze within 24 hours the system will be automatically patched. After the scan and the patches are installed you will most likely be prompted to reboot. It is highly suggested to reboot right away due to system instability but you do have the option to snooze. After 24 hours the system will automatically reboot. If you have any open, unsaved work this could be lost during this reboot.
+
In order to combat the ever increasing number of 3rd party security vulnerabilities on Windows machines, UMIACS staff has deployed LANDesk Patch Manager. As security threats have evolved from the operating system to applications we have had to take this step in order to maintain operational security for the institute. Currently the updates are focused on applications that are exposed to the internet such as Firefox, Flash, Acrobat, Java, etc.
 +
 
 +
LANDesk is currently deployed on all UMIACS-supported [[Windows]] desktops as well as [[Windows/LaptopSupport#UMIACS_Enterprise_Laptop_Support | Enterprise supported]] laptops and home machines.
 +
 
 +
==Automated Scanning==
 +
Patches are deployed during the week leading up to the [[MonthlyMaintenanceWindow|maintenance window]].
 +
*'''Desktops''' will schedule updates to be installed every night between 7:30pm and 9:30pm. If you are not logged in during those times, the system will automatically install the patches and reboot if necessary. If you remain logged into your system overnight, you will see a prompt from LANDesk asking to scan your system.
 +
*'''Laptops''' will schedule updates to be installed ASAP after being deployed. This will only occur when the laptop has an active Internet connection (wired or wireless). You will receive a notice from LANDesk when the patches are ready to be installed.
 +
 
 +
You have 24 hours to snooze the scan and can snooze up to 6 times. If you do not snooze within 24 hours the system will be automatically patched. After the scan and the patches are installed you will most likely be prompted to reboot. It is highly suggested to reboot right away due to system instability and vulnerability but you do have the option to snooze.  
 +
*'''Desktops''': After 24 hours the system will automatically reboot.
 +
*'''Laptops''': After 9 hours the system will automatically reboot.
 +
 
 +
==Manual Scanning==
 +
This should only need to be done on laptops or home machines in the event that LANDesk has not had a large enough time window to scan your computer since last month's patches were released. '''Please note you will need an active Internet connection for this to work, however you do not need to be on the UMIACS [[VPN]].'''
 +
 
 +
# Search for "Security Scan" from the Start menu and click it. The scan will begin. Patches will be detected and downloaded.
 +
#* [[File:Landesk1.png]]
 +
#* [[File:Landesk2.png]]
 +
# After all patches have been downloaded, you will be prompted to allow the install to begin.
 +
#* [[File:Landesk3.png]]
 +
# After all patches have been installed, you may be prompted to reboot.
 +
#* [[File:Landesk4.png]]

Revision as of 17:11, 30 October 2017

Note: As of version 2017 LANDesk has rebranded to Ivanti. Some shortcuts/etc. may now be referenced by Ivanti rather than LANDesk.

In order to combat the ever increasing number of 3rd party security vulnerabilities on Windows machines, UMIACS staff has deployed LANDesk Patch Manager. As security threats have evolved from the operating system to applications we have had to take this step in order to maintain operational security for the institute. Currently the updates are focused on applications that are exposed to the internet such as Firefox, Flash, Acrobat, Java, etc.

LANDesk is currently deployed on all UMIACS-supported Windows desktops as well as Enterprise supported laptops and home machines.

Automated Scanning

Patches are deployed during the week leading up to the maintenance window.

  • Desktops will schedule updates to be installed every night between 7:30pm and 9:30pm. If you are not logged in during those times, the system will automatically install the patches and reboot if necessary. If you remain logged into your system overnight, you will see a prompt from LANDesk asking to scan your system.
  • Laptops will schedule updates to be installed ASAP after being deployed. This will only occur when the laptop has an active Internet connection (wired or wireless). You will receive a notice from LANDesk when the patches are ready to be installed.

You have 24 hours to snooze the scan and can snooze up to 6 times. If you do not snooze within 24 hours the system will be automatically patched. After the scan and the patches are installed you will most likely be prompted to reboot. It is highly suggested to reboot right away due to system instability and vulnerability but you do have the option to snooze.

  • Desktops: After 24 hours the system will automatically reboot.
  • Laptops: After 9 hours the system will automatically reboot.

Manual Scanning

This should only need to be done on laptops or home machines in the event that LANDesk has not had a large enough time window to scan your computer since last month's patches were released. Please note you will need an active Internet connection for this to work, however you do not need to be on the UMIACS VPN.

  1. Search for "Security Scan" from the Start menu and click it. The scan will begin. Patches will be detected and downloaded.
    • Landesk1.png
    • Landesk2.png
  2. After all patches have been downloaded, you will be prompted to allow the install to begin.
    • Landesk3.png
  3. After all patches have been installed, you may be prompted to reboot.
    • Landesk4.png