Deploying Patches

Once you’ve identified a missing patch that you’d like to deploy, simply right-click the patch and then deploy the patch to the selected machine. You can choose to deploy with the default deployment template, or you can create your own custom deployment template. Patches can be deployed immediately, at a specified future time, upon next reboot, or can be copied to remote machines for manual deployment at a later time. Missing patches can also be automatically deployed upon completion of an immediate or scheduled scan.

Try it yourself

Patches can be deployed from either Machine View or Scan View. The Machine View process is illustrated here; the process within Scan View is very similar.

If you use the following process, your console machine will be restarted.

  1. To get to Machine View, select View > Machines.
    Machine View provides a complete list of all machines that have been discovered by any of your previous scans.
  2. In the top pane, select the machine you just scanned.
  3. In the middle pane, on the Windows patches tab, identify a missing patch that you would like to deploy.
  4. Right-click the missing patch and select Deploy > Selected Patches.
    For example:
  5. Deploy patches command

  6. If prompted to assign default credentials, click New, specify administrative credentials for the machine, click Save and then click Assign.
    Complete information on specifying and using credentials can be found in the Supplying Credentials topic in the Security Controls Help.
  7. On the Deployment Configuration dialog, make sure Now and Install the patches immediately after staging are selected and then click Deploy.
  8. Watch the Operations Monitor dialog for detailed information about each step being performed in the deployment process.
    Assuming you used the default deployment template, the final step in the deployment will be to reboot your machine. While you are waiting for the reboot to occur, you can view the pending deployment task by selecting View > Deployment Tracker.
  9. After your machine reboots, start Security Controls again.
  10. Use the list selector at the top of the navigation pane to select the Results list.
  11. In the Results list, select the deployment you just performed.
    Details about the deployment are displayed on the right side of the window. The top pane displays a list machines involved in the deployment and shows how many patches each machine received. The lower pane provides information about how the patches were deployed.

Do you want more detailed information? See the Deploying One or More Patches topic in the Security Controls Help.

Advanced topic: Staged deployments

Security Controls gives you great control over the entire patch scanning and deployment process. You have the ability to specify if and when you want to perform all three major phases: scanning, staging, and executing the deployment. For example, you might perform a scan right now, schedule the staging of missing patches to occur on Saturday morning, and then schedule the actual deployment of the missing patches to occur during your designated maintenance window on Saturday night.

For complete details on performing staged deployments, see the Automatically Deploying Patches topic in the Security Controls Help.