Patch for Windows, powered by Shavlik

Notes About Virtual Machines

Requirements

Dual boot systems (for example, a virtual machine with two partitions, each containing a different operating system) are not supported.

When scanning offline virtual machines that are supported by VMware, please keep in mind the following:

You cannot mount encrypted virtual disks.

You cannot mount a virtual disk if any of its .vmdk files are compressed or have read-only permissions.

You cannot mount a virtual disk that is currently being used by a running or suspended virtual machine.

Linked clones and compressed images are not supported.

General Notes

Only the current state of the virtual machine will be scanned and patched. Snapshots of virtual machines are not scanned or patched.

A virtual machine is counted only once against the total number of license seats available, even if it is scanned both in online (powered on) mode and offline (powered off) mode.

In machine groups and in scan results, special icons will distinguish an offline virtual machine () from a physical machine or an online virtual machine () and from a virtual machine template ().

Avoid using network drive letters when defining offline virtual machines in a machine group. The recommended practice is to instead specify the Uniform Naming Convention (UNC) path. This comes into play when performing a scheduled scan on an offline virtual machine. Network drive mappings are session-specific, so it is very possible that a specified mapping will no longer exist when the scheduled scan process is run.

Within a machine group, the Scan only filters do not apply to offline virtual machines or to virtual machine templates.

It is possible for two offline virtual machines to have the same domain and computer name. This will be the case if you clone a virtual machine and do not change either the computer name or domain on one or both machines. In this situation, of the two duplicate virtual machines, only the last one scanned will be visible in Machine View. The machines displayed in Machine View are keyed on domain and computer name and duplicates are not allowed.

Virtual machines that are offline (powered off) will be mounted before they are scanned. Virtual machines that are online (powered on) do not need to be mounted as they are treated no differently than a physical machine.

When performing a patch scan or an asset scan, a virtual machine that was added to a machine group as an offline virtual machine but that is online at the time of a scan will be scanned if it is hosted on an ESX server and if the proper credentials are available in order to access that machine. Online virtual machines that are hosted on workstations will fail to mount and will not be scanned.

When scanning multiple offline virtual machines that are hosted on one workstation, it is possible to reach the connection limit for that workstation. If the connection limit is reached an error will occur and the scans will fail. The maximum number of simultaneous connections supported varies for each Windows OS.

Patch Deployments

When deploying patches to an offline virtual machine that is hosted on a server, the virtual machine will be powered on, the patches installed, and the virtual machine powered down. See Deploying Patches to Virtual Machines for more details.

When deploying patches to an offline virtual machine that is hosted on a server, VMware tools must be installed on the virtual machine.

When deploying patches to an offline virtual machine that is hosted on a server, the following VMware server permissions are required in order to manage snapshots and to change the power state of the machine during the deployment process:

VirtualMachine.State.CreateSnapshot

VirtualMachine.State.RemoveSnapshot

VirtualMachine.Interact.PowerOn

VirtualMachine.Interact.PowerOff

VirtualMachine.Interact.DeviceConnection (to disable/enable the network card)

When deploying patches to an offline virtual machine that resides on a workstation, the new deployment job will overwrite any older deployment jobs that have not yet been performed. For this reason you should deploy all desired patches in a single deployment.

Example: You deploy Patch A to a workstation-based offline virtual machine. The virtual machine is still offline a month later when you deploy Patches B and C. Because the first deployment job was never executed it gets overwritten and only Patches B and C are now scheduled for deployment. To avoid this you simply include Patch A along with Patches B and C in the second deployment job.

One way to manage this is to use a patch group to define the patches you want deployed to your workstation-based offline virtual machines. When new patches are identified you simply add them to the list of patches in the patch group. This is particularly useful when specifying a patch group within a patch scan template and then enabling the Auto-deploy patches after scan check box on the Run Operation dialog. See Creating a New Patch Scan Template and Using the Run Operation Dialog for more details about these options.

Agents

Ivanti Patch for Windows Agent operations are not supported on offline virtual machines.

If you install Ivanti Patch for Windows Agent on an online virtual machine and then later scan the virtual machine while it is in an offline state, Ivanti Patch for Windows may report the wrong agent status for that image. For example, it may show that the agent is not installed, or it may let you attempt to uninstall the agent. This occurs because Ivanti Patch for Windows Agent operations are not supported on offline virtual machines. The correct status will be reported once the virtual machine is brought back online and rescanned by Ivanti Patch for Windows.


Was this article useful?    

The topic was:

Inaccurate

Incomplete

Not what I expected

Other