Automatic patch distribution across the network

1. introduction: the free WSUS provided by Microsoft is a standard solution for automatic distribution of network patches. In a domain network environment, WSUS can easily centrally deploy patch automatic distribution based on domain group policies, however, in the working group environment, you need to manually configure each terminal one by one. Qingyang Intranet Management provides auxiliary and convenient management methods for centralized patch deployment and automatic distribution across the network

Microsoft's free WSUS provides a unified solution for network patch management, enabling you to deploy Automatic Updates of patches in a unified domain network environment.
WSUS uses the C/S operating mode
Wsussetup.exe is installed on both the server and client. The client must be deployed on each computer. In the domain network environment, Microsoft implements a unified group policy
Centralized and unified deployment of clients in the current domain. In a working group or hybrid environment, Microsoft provides two standalone deployment schemes, namely the standalone Group Policy or the Registry Modification on a standalone, but there is no centralized network-wide deployment scheme.

2. Clear Patch Management for Intranet management: automatically deploys patches throughout the network in the Working Group Environment

The patch management function of Qingyang Intranet management is a patch management solution that implements centralized and unified network-wide deployment based on WSUS. This solution can be applicable to the network environment of the Working Group or hybrid environment. It can solve the inconvenience of deploying WSUS on a single machine in the Working Group network environment, and also applies to the domain network environment.
Generally, Qingyang Intranet management is divided into two parts: management platform and client according to the C/S structure. This patch management solution requires plug-in of WSUS server.

 Figure 2-1: Qingyang Patch Management consists of three parts: WSUS server, Qingyang management end, and Qingyang Client

As shown above, the WSUS server, management end, and client constitute the Qingyang patch management solution.
In other words, the installation and deployment of the software wsussetup.exe, which is a Microsoft software free software, are provided on the Microsoft website. This patch management solution is implemented on the premise that the WSUS server has been deployed.
Department
The internal network management software of Qingyang is independent. For details, refer to the simple steps for installing and deploying the trial version of Qingyang Intranet management product. I will not go into details here. Qingyang Intranet management adopts the C/S working mode, and the server side
That is, the management end can set policies for the client and manage the client through policies. For Patch Management, its job is to configure the patch distribution policy on the management platform. Patch distribution policies are classified into unified policies and
Standalone policy. A standalone policy can be used for clients that do not require patching. The following describes how to deploy policies for automatic distribution of patches across the entire network in the Working Group network environment (or in a hybrid environment.

3. Set a unified patch distribution policy for the entire network
On the Qingyang Intranet management product interface, open [configuration]/[Unified Remote Desktop Policy Configuration]. The following window is displayed:

 Figure 3-1: Set a unified patch distribution policy

Click "set patch distribution policy". The following window is displayed:

 

 Figure 3-2: import a unified patch distribution policy template

Click "Import WSUS registry template". After a confirmation window and an information Prompt window, the above patch distribution policy window is automatically filled with the following content, enter the pre-installed wuserver and wustatusserver, and click "OK" to complete the configuration of the unified patch distribution policy.

 Figure 3-3: Enter the WSUS address after the unified patch distribution policy template is imported.

4. Automatic patch distribution policy takes effect
How can we know that the patch distribution policy has been issued? Generally, policy delivery on the management platform is determined by the system parameters for communications between the client and the server. Open [configuration]/[system parameter configuration], and the following window is displayed:

 Figure 4-1: system parameter configuration

Among them, the "client download configuration interval" parameter is the interval between all policies delivered to the client and the delivery time. But how does the management platform obtain the status information that the client has issued? You can see the "client upload patch distribution configuration interval" parameter. By default (you can modify as needed) The client automatically uploads patch distribution information 90 seconds later.
Go to [management]/[Remote Desktop Management]/[patch distribution configuration status list]. After the default time is reached, the status indication, such as "locked", appears after refreshing. This indicates that the policy has been issued and takes effect. In this case, you cannot modify these registry items. Once modified, the items are immediately restored to the locked state.

  Figure 4-2: Status List of computer patch distribution Configuration

5. Set a standalone patch distribution policy
How do I set a standalone policy for patch distribution? Open [manage]/[Remote Desktop Management]/[patch distribution configuration status list], find a computer, right-click [edit], and the following window appears. You can manually change the parameters in the figure. no matter whether the parameters are modified or not, click OK to create a standalone policy for patch distribution.

 Figure 5-1: Create a standalone patch distribution policy

6. view the patch distribution policy list

How do I know which patch distribution standalone policies and unified policies have been configured? Open [manage]/[Remote Desktop Management]/[patch distribution Configuration Policy List], and the following window appears.

Figure 6-1: patch distribution Configuration Policy List

MAC = 000000000000 corresponds to a unified patch distribution policy. A non-zero Mac corresponds to the single-host policy of the computer. Double-click these policy records.

Figure 6-2: Policy attributes of patch distribution Configuration

7. The client starts the automatic patch distribution function and performs automatic patch updates with WSUS.

When does the client start automatic update? After a patch distribution policy is issued, the client does not automatically update the patch immediately. Generally, the client starts to update automatically after it is restarted. You can also run the following command on the client: wuauclt.exe/detectnow to trigger the automatic patch update function.

8. view the client patch list

How do I know the patch updates on the client? Open [manage]/[Computer Management]/[computer list], select a client, right-click [Remote Desktop Management]/[Patch list], the list of all updated patches on the client is displayed.

9. Patch Query

How do I know how to update an important patch throughout the network? On the product interface, as shown in, click the "query" icon.

Figure 8-1: Query

In the displayed query window, select "patch query" to perform forward query and reverse query based on the patch name or patch alias, that is, the information of the computer that has already installed the patch and the computer that has not installed the patch can be obtained, and the query results can be conveniently exported.

Figure 8-2: search by selected patch

You can click the first line of the column in the patch list to sort the data. You can also click the [manage]/[Export] command and select export Excel format to export the patch list.

 

Responsible editor Zhao Yi zhaoyi # 51cto.com Tel: (010) 68476636-8001