About Product Level Groups

Security Controls provides the ability for agents to use a product level group to deploy a particular set of product levels. A product level might be a particular version of Windows 10 or it might be a service pack for another product or Windows operating system.

Example 1: Suppose Company A has a patch approval process under which they've certified four product levels as being mandatory for their organization. They do not want to deploy any patches, just the four product levels. They also want to be able to receive compliance reports. By creating a product level group they can deploy only the specified product levels and receive a variety of deployment reports.

Example 2: Suppose you identify a certain product level as being critical for your organization. You can create a product level group that contains just this product level. When your agents perform a deployment, the only product level that will be deployed will be the product level defined in the group.

For information on implementing and using product level groups, see Creating and Editing a Product Level Group and Creating and Configuring a Patch Task.

Notes About Product Level Groups

  • Product level groups apply only to agents and not to agentless deployments.
  • Product level groups apply only to Windows Patch Tasks and not to Linux Patch Tasks.
  • Agent-based product level deployments are tracked the same way as any other agent activity. See Monitoring Agents for details.
  • If an agent machine is missing multiple product levels, only one product level will be installed at a time. Security Controls Agent will begin by initiating the download of all missing product levels. Operating system product levels are downloaded at a higher priority, but whichever product level is available first is the one that is first installed. After that product level is successfully installed, the machine is restarted, rescanned, and the process is repeated until all product levels are deployed or until the daily limit is reached.
  • The downloads occur in the background using idle bandwidth not being used by other applications on the agent machine. Foreground tasks such as Web browsing are not affected by the product level download process.
  • The number of product levels that can be deployed in one day is defined by the Limit deployments (per day) option on the agent patch task.