Overview
This article guides you on how to enable and set up the Patch Auto-Deployment to automatically download and deploy missing patches, configure manual or automatic approval, exclude certain updates, change patch repository location, and download time frames.
Solution
GFI LanGuard ships with a patch auto-deployment feature that enables users to deploy missing patches and service packs in all languages supported by Microsoft® products. GFI LanGuard also supports patching of third-party or non–Microsoft patches.
- Enabling Patch Auto-Deployment
- Configuring Patch Auto-Deployment Advanced Options
- Configuring Patch Auto-Download Settings
Enabling Patch Auto-Deployment
Launch GFI LanGuard and go to Configuration > Software Updates > Patch Auto–Deployment. In the right pane, select the approval method.
Manual approval
Use the Manual approval tab to approve/disapprove patches one by one from the list of unapproved patches grouped by vendor or severity. You can type the search criteria and click Find to search for a specific application.
If you disapproved/excluded certain updates, but they are still being deployed, scan the affected machines to update the status and ensure that there are no auto-remediation options enabled for this scan.
Automatic approval
The Automatic approval tab enables you to specify which group of patches are automatically approved according to a category for a particular vendor.
Configuring Patch Auto-Deployment Advanced Options
Advanced options are available for Manual Approval. The corresponding link for the Automatic approval is greyed out.
- Launch GFI LanGuard.
- Go to Configuration > Software Updates > Patch Auto–Deployment.
- From the Common Tasks, click Options.
- On the General tab, configure the available options. See the descriptions of each option in the table below.
Option Description Send an email when new patches or service packs are available. Send an email when new patches are identified. Show All patches Displays all the identified patches.
Patches for products that were detected in the network Displays only the patches identified on the selected network.
- Select the appropriate checkboxes and click OK to save changes.
Configuring Patch Auto-Download Settings
GFI LanGuard also has a patch auto-download feature that enables the automatic download of missing patches and service packs in all languages supported by Microsoft® products. It is possible to schedule patch auto-download by specifying the time-frame within which the download of patches is performed.
- Launch GFI LanGuard.
- Go to Configuration > Software Updates > Patch Auto–Download.
- From the right pane, click the link.
- In the General tab, select between All patches or Only needed patches.
- In the All patches tab, click Configure to restrict the auto-download of patches for configured languages.
Selecting All patches > Configure enables administrators to manually select the Microsoft® patches to download, regardless of whether these are required for deployment. The Only needed patches option downloads only patches required for deployment.
- To change the location where the downloaded patches are stored, click the Patch Repository tab and specify the required details.
- Select Use files downloaded by WSUS when available if you would like to use an existing setup of WSUS.
- Select Remove patches that have not been used for and choose the time duration if you want to save space and remove files that have not been used for remediation in the specified time interval.
- To change the time frame during which patch downloads are performed, click the Timeframe tab and specify the required details.
- Click Apply and OK to save the changes.