Presentation is loading. Please wait.

Presentation is loading. Please wait.

LANDesk Patch Management Best practices Chris Rawlings LANDesk Sales Engineer.

Similar presentations


Presentation on theme: "LANDesk Patch Management Best practices Chris Rawlings LANDesk Sales Engineer."— Presentation transcript:

1 LANDesk Patch Management Best practices Chris Rawlings LANDesk Sales Engineer

2

3 3

4 LANDesk Software Confidential LANDesk 9.5 SP1 Updates Mobility Patch Security Suite FIPS Cloud Service Appliance SmartVue Linux/Unix OS X HP Integration Intel Remote Control Data Analytics Agent Provisioning SWD Inventory Printer Management Auditing Flexera

5 PATCH MANAGEMENT BEST PRACTICES

6 LANDesk Software Confidential 6 Clean Up The Patch Management Disable Replaced Rules Wizard –Adobe Flash –Sun Java –Itunes

7 LANDesk Software Confidential 7 Clean Up The Patch Management Purge Distribution and Patch Definitions –Eliminates unnecessary Operating Systems –Eliminates unnecessary languages

8 LANDesk Software Confidential 8 Clean Up The Patch Management Delete Unnecessary Patches –Delete patches in Do Not Scan and unassigned groups –Delete undetected patches

9 LANDesk Software Confidential Patching – Application EOL Detection 9 Application End Of Life Detection Publish by Content Leverage LANDesk Patch Manager Already support MS Office 2000/XP Adobe Acrobat Pro/Sta 6.x, 7.x, 8.x Adobe Reader 6.x, 7.x, 8.x Java SE 1.3, 1.4, 5.0

10 LANDesk Software Confidential Prepare Patch Reports 10 Gather Historical Information –Schedule to run on a daily basis

11 LANDesk Software Confidential Avoid Impacting Users 11 Configure CPU Utilization during scan for low impact

12 LANDesk Software Confidential 12 New Feature Do Not Disturb if… Maximize end-user productivity –Reduce unwanted disruptions »Detect full screen apps »Dynamically hide scan dialog

13 LANDesk Software Confidential Configure Reboot options 13 Change Defaults –Allow user to defer –Reboot if no one is logged –After Time out snooze –Increase Timeout

14 LANDesk Software Confidential 14 Patching – Application Interference Increased first pass success rate –Java –Browser plugins –Custom applications Close applications prior to patching –Prevent / block applications from running during the patch process

15 LANDesk Software Confidential Configured to –Prompt –Dont allow defer or cancel Shows apps that must close. –Dynamically updates list as apps are closed by user. 15 What you see on the client…

16 LANDesk Software Confidential 16 Process to Kill are Definition Based Clone Vulnerability Edit Detection Rule Add Process to stop

17 LANDesk Software Confidential Supports Targeted Repairs Fewer Scheduled Tasks to manage 17 Autofix by Scope

18 LANDesk Software Confidential New right-click option The IN clause is not editable in the DAL query editor. 18 Create query for affected computers Scenario:Administrator wants to quickly and easily create a vulnerability query to represent affected computers.

19 LANDesk Software Confidential 19 New Feature 9.5 SP1 Patching – Maintenance Windows Controlled and Predictable maintenance –Autofix policies are queued –Machine state detection –More aggressive reboot controls become possible

20 LANDesk Software Confidential 20 Patching – Application Interference Increased first pass success rate –Java –Browser plugins –Custom applications Close applications prior to patching –Prevent / block applications from running during the patch process

21 LANDesk Software Confidential Patching – Application EOL Detection 21 Application End Of Life Detection Publish by Content Leverage LANDesk Patch Manager Already support MS Office 2000/XP Adobe Acrobat Pro/Sta 6.x, 7.x, 8.x Adobe Reader 6.x, 7.x, 8.x Java SE 1.3, 1.4, 5.0

22 LANDesk Software Confidential Right-click multi-selected definitions is allowed. The focused definitions current settings are displayed. For backward compatibility in the database, Severity still contains the current value. OrigSeverity is null if no override has been specified. Otherwise, it stores the LANDesk-supplied severity. 22 Vulnerability severity override Scenario:Administrator disagrees with the predefined severity of a vulnerability definition and/or wants to lock down reviewed severities.

23 LANDesk Software Confidential Software Distribution LANDesk Software 9.5.1

24 LANDesk Software Confidential Desktop Manager 24 New interface Customizable branding Deliver Links, Docs & Apps Packages and links can be placed in categories Chrome-less app launching WPF and EXE Launchpad integrated Task history of client changes

25 LANDesk Software Confidential Package Bundles –Leverages groups in distribution packages –Set the installation order (one level) –Allows for packages to be grouped and ordered (one level) –Categories are supported 25 Software Distribution

26 LANDesk Software Confidential New Streamed Document package type –Link for any file type (.txt,.pdf,.docx,.msi, etc.) –Associated application –Streamed from the portal (new portal only), not downloaded to the client –Uses the current associated shell application (by file extension) defined for the client operating system 26 Software Distribution

27 LANDesk Software Confidential Default Delivery Method –New shared control to select the delivery method –Global value –Only enabled for Administrators 27 Software Distribution

28 LANDesk Software Confidential New package pre-cache feature –Only downloads package files to client machines, will not perform package installation 28 Software Distribution

29 LANDesk Software Confidential Task History –Task history is automatically gathered and stored in the client database Task History Maintenance –Enable automatic cleanup of task history in the client database –Configured in Agent settings and must be associated with each client (Agent configuration / Agent settings) »Configurable by days to keep, a value of 0 will delete all task history from the client database »If not set, all task history will continue to be stored »Settings stored in each client machine registry under LANDesk/ManagementSuite/WinClient/SoftwareDistribution/InventorySettings ClientDatabaseHistoryDays: Specifies days to keep history, -1 or 0xffffffff if not set (all task history will be kept) 29 Software Distribution

30 LANDesk Software Confidential Task History/Maintenance continued –Inventory scanner automatically sends client task history to the core database –Located in inventory under LANDesk Management / SWD / History 30 Software Distribution

31 LANDesk Software Confidential Automatically run inventory scanner after package installation –Inventory settings located in Agent settings UI –Requires an Inventory setting to be associated with each client (Agent configuration / Agent Settings) –Creates a local scheduler task from the current time plus a delay »If multiple packages are installed, the local scheduled task is added/updated with the new time. Always uses the same task id (779) –Two delay settings »Initial delay, minimum of 5 minutes, maximum of 60 minutes, default 5 minutes »Additional random delay to help stagger scans (reduce the load on the core), minimum of 0 minutes and maximum of 60 minutes, default 15 minutes (will randomize between 0 and the value set) »Settings stored in each client machine registry under LANDesk/ManagementSuite/WinClient/SoftwareDistribution/InventorySettings InventoryScanDelayAfterPackageInstall: High word is the initial delay, low word is the additional random delay, -1 or 0xffffffff if not set (inventory scanner will not run after package install) 31 Software Distribution

32 QUESTIONS

33


Download ppt "LANDesk Patch Management Best practices Chris Rawlings LANDesk Sales Engineer."

Similar presentations


Ads by Google