We all know by now how important it is to patch our computers to keep bad things from happening. We also know that most IT administrators are extremely busy and don’t have the time, or inclination, to devote themselves to this admittedly mundane, but critical, task. So what’s the answer? Automation.
Automation is the perfect solution for performing what would otherwise be a tedious task. Take for example the latest trend with retirement plans. Until recently, if an employee wanted to participate in the company retirement plan, they were forced to work through a mountain of paperwork on their own, and all too often people just gave up. So, many companies have decided to move away from the “opt in” approach and are instead offering automatic enrollment plans. It is human nature to take the path of least resistance, so by automating the desired path and forcing employees to manually opt out, rather than opt in, HR folks have noticed a much higher rate of participation in retirement plans. (Yea!)
The same principal holds true when it comes to implementing your patch process; it is much more likely to happen if it is automated. So is there a tool that provides automated patching and that secures your computers almost without thinking? Yes, and it is called Shavlik Protect.
How to automate your patching process using scheduled scans and deployments
The Shavlik Protect interface makes it extremely easy to set up scheduled patch scans and deployments on the machines in your organization. Using a few basic features, (such as machine groups, scan templates, and deployment templates) you can easily configure Shavlik Protect to automatically perform recurring scheduled scans and to automatically deploy any missing patches that it detects during a scan. Doing so creates a completely automated patch scan and deployment operation.
Want to know how it is done? This screenshot probably tells you most of what you need to know.
But if you are like me, and you like to know all the details, check out our video on how to automate scheduled patching. You can find it here: http://www.shavlik.com/support/training-videos/protect/.
Let’s take things one step further. First, a lead-in: If you happen to work in an organization with many office sites located across the country or around the world, you might be (you should be!) using multiple Shavlik Protect consoles. You can set things up so that the machines at a central site (probably your company headquarters) are managed by a central console, while the machines at your remote sites are managed by remote consoles. The data rollup feature can then be used so that the central console receives data about the machines being managed by the remote consoles.
With the stage now set, wouldn’t it be nice not to have to worry about any ongoing administration tasks at your remote consoles? Well, once again, with Shavlik Protect you can! You can automate the system by implementing an unattended console at each remote site. An unattended console is a console you set up once. After that the console automatically updates its own files and manages its machines without human assistance.
Here’s how it works: The unattended console is configured to automatically perform periodic scans and to automatically deploy any patches it detects as missing on its target machines (see above). The console will also contain a patch scan template that is defined to look for a particular set of patches. The set of patches is contained in a patch list that resides on a distribution server. (Distribution servers were discussed in a previous blog article.)
Now, when new patches are released by a vendor (for example, the monthly patches released by Microsoft Corporation), you simply update the patch list on the distribution server. When the unattended console performs its next scheduled scan it will automatically reference the updated list and will patch its target machines, all without human intervention.
The following figure illustrates an unattended console configuration.