In order to maintain the security and stability of our campus PCs, CIT routinely "delivers" Microsoft patches to Calvin PCs running Microsoft Windows operating systems. These patches are delivered to PCs one week after Microsoft releases them to the public. We have a Patch Management system (Novell ZenWorks) setup on our network and installed on PCs. This Patch Management system downloads patches from Microsoft and delivers them to Calvin PCs. Each patch has a designated status from Microsoft which determines how important/critical they are. Our Patch Management system uses the ZENworks Agent to scan each PC to detect what patches are already installed and what patches need to be installed. The scan is sent to our Patch Management system via a specific file and then it is analyzed by our system to determine what patches are needed.
Once we have the scans from all the PCs, we can see how many computers need a particular patch. CIT first tests the patches within CIT to see if any issues result from the installation. These patches are installed and tested over a 2 day period before they are sent out to the rest of campus. Once the patches are sent to campus PCs, each PC will perform a scan and download the necessary patches from our system. This number can range anywhere from 1 - 20, depending on how many patches Microsoft released and whether the PC is behind on patches. Once the patches are installed, you will receive the pop up box letting you know that patches have been installed and that a reboot is necessary. This pop up box is part of the ZenWorks application and unfortunately CIT is not able customize it as far as how often it appears and what is says. Because patches often involve critical system files, a reboot may be necessary between patches. It is always good practice to reboot a computer after any new installations or changes to system files.
Another function of our Patch Management system is "baselining" of Microsoft Patches. Baselining patches means that patches that were missed from a previous patch management release will automatically be downloaded and installed on the PC missing the patches. We baseline patches one month after they are released from Microsoft. The insures that all PCs on campus are keeping up with important/critical patches from Microsoft in order to maintain the stability and security of our systems at Calvin. If a computer has been off campus or shut down during a patch time frame, the baselining will take place when ZENworks refreshes the next time the computer is logged in on campus. Once the baselined patches are installed, you will receive the pop up box letting you know patches have been installed and that a reboot is necessary.
There has been an increase of pop up restart notifications due to patch installations. This is due to our recent upgrade to ZENworks 11.1. Many computers on campus had an outdated or faulty Patch Management Agent running on them which caused the computer to fall behind in installing critical patches. Once these computers were upgraded ZENworks 11.1, the Patch Management issues were resolved and old baselined patches started installing. This process can result in numerous restarts to be sure that the patches are installed properly and the computer is fully updated and secure. Because patches often involve critical system files, a reboot may be necessary between patches. It is always good practice to reboot a computer after any new installations or changes to system files.
In addition to the I.T. Connection, CIT also maintains several blogs that serve as notice regarding upcoming patches, upgrades, server maintenance, and network down-time:
Official CIT Communications