Presentation is loading. Please wait.

Presentation is loading. Please wait.

LANDesk Patch Management Best practices

Published byJayden Clowney Modified over 10 years ago

Similar presentations

Presentation on theme: "LANDesk Patch Management Best practices"— Presentation transcript:

1 LANDesk Patch Management Best practices
Chris Rawlings LANDesk Sales Engineer

2

3

4 LANDesk 9.5 SP1 Updates Mobility OS X Inventory Patch HP Integration
Printer Management Security Suite Intel Auditing FIPS 140-2 Remote Control Flexera Cloud Service Appliance Data Analytics Agent SmartVue Provisioning Linux/Unix SWD

5 Patch Management Best Practices

6 Clean Up The Patch Management
Disable Replaced Rules Wizard Adobe Flash Sun Java Itunes

7 Clean Up The Patch Management
Purge Distribution and Patch Definitions Eliminates unnecessary Operating Systems Eliminates unnecessary languages

8 Clean Up The Patch Management
Delete Unnecessary Patches Delete patches in Do Not Scan and unassigned groups Delete undetected patches

9 Patching – Application EOL Detection
Application End Of Life Detection Publish by Content Leverage LANDesk Patch Manager Already support MS Office 2000/XP Adobe Acrobat Pro/Sta 6.x, 7.x, 8.x Adobe Reader 6.x, 7.x, 8.x Java SE 1.3, 1.4, 5.0

10 Prepare Patch Reports Gather Historical Information
Schedule to run on a daily basis

11 Avoid Impacting Users Configure CPU Utilization during scan for low impact

12 New Feature Do Not Disturb if…
Maximize end-user productivity Reduce unwanted disruptions Detect full screen apps Dynamically hide scan dialog

13 Configure Reboot options
Change Defaults Allow user to defer Reboot if no one is logged After Time out snooze Increase Timeout

14 Patching – Application Interference
Increased first pass success rate Java Browser plugins Custom applications Close applications prior to patching Prevent / block applications from running during the patch process

15 What you see on the client…
Configured to Prompt Don’t allow defer or cancel Shows apps that must close. Dynamically updates list as apps are closed by user.

16 Process to Kill are Definition Based
Clone Vulnerability Edit Detection Rule Add Process to stop

17 Autofix by Scope Supports Targeted Repairs
Fewer Scheduled Tasks to manage

18 Create query for affected computers
Scenario: Administrator wants to quickly and easily create a vulnerability query to represent affected computers. New right-click option The “IN” clause is not editable in the DAL query editor.

19 New Feature 9.5 SP1 Patching – Maintenance Windows
Controlled and Predictable maintenance Autofix policies are queued Machine state detection More aggressive reboot controls become possible

20 Patching – Application Interference
Increased first pass success rate Java Browser plugins Custom applications Close applications prior to patching Prevent / block applications from running during the patch process

21 Patching – Application EOL Detection
Application End Of Life Detection Publish by Content Leverage LANDesk Patch Manager Already support MS Office 2000/XP Adobe Acrobat Pro/Sta 6.x, 7.x, 8.x Adobe Reader 6.x, 7.x, 8.x Java SE 1.3, 1.4, 5.0

22 Vulnerability severity override
Scenario: Administrator disagrees with the predefined severity of a vulnerability definition and/or wants to “lock down” reviewed severities. Right-click multi-selected definitions is allowed. The “focused” definition’s current settings are displayed. For backward compatibility in the database, “Severity” still contains the current value. “OrigSeverity” is null if no override has been specified. Otherwise, it stores the LANDesk-supplied severity.

23 9.5.1 Software Distribution LANDesk Software

24 Desktop Manager New interface Customizable branding
Deliver Links, Docs & Apps Packages and links can be placed in categories “Chrome-less” app launching WPF and EXE Launchpad integrated Task history of client changes

25 Software Distribution
Package Bundles Leverages groups in distribution packages Set the installation order (one level) Allows for packages to be grouped and ordered (one level) Categories are supported Group multiple packages or bundles Bundle within a bundle within a bundle. Schedule the bundle like you would custom groups. Internally what we do is the “My Packages” and “All”, are just bundles. Allows you to schedule one level deep. No circular bundles.

26 Software Distribution
New Streamed Document package type Link for any file type (.txt, .pdf, .docx, .msi, etc.) Associated application Streamed from the portal (new portal only), not downloaded to the client Uses the current associated shell application (by file extension) defined for the client operating system Have to have an associated application with the extension. New portal only. You can point to any file you want. When it shows in the portal it streams to the source file. You need to have an associate application with the extension. You could point to an MSI as a stream share. Use case, say you want to deploy office with a text file for Outlook settings or instructions for your end users. Streaming from UNC, no cached copy from the client, uses all security settings within UNC. Credentials are not specified anywhere as we inherently get access based on the UNC Security.

27 Software Distribution
Default Delivery Method New shared control to select the delivery method Global value Only enabled for Administrators One global default. Not a default within the sub categories, push, policy, etc..

28 Software Distribution
New package pre-cache feature Only downloads package files to client machines, will not perform package installation Mac – 30 days PC – 7 days It just downloads files. Keep it simple image. Initially built for the MAC application installs but made available to all platforms.

29 Software Distribution
Task History Task history is automatically gathered and stored in the client database Task History Maintenance Enable automatic cleanup of task history in the client database Configured in Agent settings and must be associated with each client (Agent configuration / Agent settings) Configurable by days to keep, a value of 0 will delete all task history from the client database If not set, all task history will continue to be stored Settings stored in each client machine registry under LANDesk/ManagementSuite/WinClient/SoftwareDistribution/InventorySettings ClientDatabaseHistoryDays: Specifies days to keep history, -1 or 0xffffffff if not set (all task history will be kept) See the history, what’s been installed, when, when attempted, failed, etc… Once it completes a package task it will then update it’s history agenda. Checked means it will maintain and keep for x days. Unchecked it does not maintain and everything is kept.

30 Software Distribution
Task History/Maintenance continued Inventory scanner automatically sends client task history to the core database Located in inventory under LANDesk Management / SWD / History If you have a bundle it will show you the bundle and the suplemental packages. It’s gives task ID and package ID.

31 Software Distribution
Automatically run inventory scanner after package installation Inventory settings located in Agent settings UI Requires an Inventory setting to be associated with each client (Agent configuration / Agent Settings) Creates a local scheduler task from the current time plus a delay If multiple packages are installed, the local scheduled task is added/updated with the new time. Always uses the same task id (779) Two delay settings Initial delay, minimum of 5 minutes, maximum of 60 minutes, default 5 minutes Additional random delay to help stagger scans (reduce the load on the core), minimum of 0 minutes and maximum of 60 minutes, default 15 minutes (will randomize between 0 and the value set) Settings stored in each client machine registry under LANDesk/ManagementSuite/WinClient/SoftwareDistribution/InventorySettings InventoryScanDelayAfterPackageInstall: High word is the initial delay, low word is the additional random delay, -1 or 0xffffffff if not set (inventory scanner will not run after package install) This was the #1 feature asked for at interchange. 3 packages chained, it will update the already created local scheduler task to update the time. You can’t hard code it past 60. It will just exit High Word: First 4 hex digits, Low Word: Last 4 hex digits, 0xffff / ffff

32 Questions

33

Download ppt "LANDesk Patch Management Best practices"

Similar presentations

1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.

1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.
The Professional Open Source Company JBoss Network Enterprise Manager Introduction and Walkthrough.

The Professional Open Source Company JBoss Network Enterprise Manager Introduction and Walkthrough.
Info to Enterprise Migration Implementation Case Study: SBC Corporation Presented to the Crystal Decisions Regional Users Group for the Bay Area on October.

Info to Enterprise Migration Implementation Case Study: SBC Corporation Presented to the Crystal Decisions Regional Users Group for the Bay Area on October.
This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.
SOFTWARE Chapter 5.

SOFTWARE Chapter 5.
Getting Started with Microsoft Office 2007

Getting Started with Microsoft Office 2007
Chapter 1 The Study of Body Function Image PowerPoint

Chapter 1 The Study of Body Function Image PowerPoint
BASIC SKILLS AND TOOLS USING ACCESS

BASIC SKILLS AND TOOLS USING ACCESS
AQute Eclipse Environment By Peter Kriens CEO aQute OSGi Director of Technology and OSGi Fellow.

AQute Eclipse Environment By Peter Kriens CEO aQute OSGi Director of Technology and OSGi Fellow.
6 Copyright © 2005, Oracle. All rights reserved. Building Applications with Oracle JDeveloper 10g.

6 Copyright © 2005, Oracle. All rights reserved. Building Applications with Oracle JDeveloper 10g.
17 Copyright © 2005, Oracle. All rights reserved. Deploying Applications by Using Java Web Start.

17 Copyright © 2005, Oracle. All rights reserved. Deploying Applications by Using Java Web Start.
XP New Perspectives on Microsoft Office Word 2003 Tutorial 6 1 Microsoft Office Word 2003 Tutorial 6 – Creating Form Letters and Mailing Labels.

XP New Perspectives on Microsoft Office Word 2003 Tutorial 6 1 Microsoft Office Word 2003 Tutorial 6 – Creating Form Letters and Mailing Labels.
DISTRICT AND SCHOOL ASSESSMENT & TECHNOLOGY COORDINATOR ONLINE TESTING WEBINAR FEBRUARY 7 AND 9, 2012 Washington Online Testi ng OSPI Office of Superintendent.

DISTRICT AND SCHOOL ASSESSMENT & TECHNOLOGY COORDINATOR ONLINE TESTING WEBINAR FEBRUARY 7 AND 9, 2012 Washington Online Testi ng OSPI Office of Superintendent.
Your Definitive Lockdown Guide

Your Definitive Lockdown Guide
Integrify 5.0 Tutorial : Creating a New Process

Integrify 5.0 Tutorial : Creating a New Process
0 QuickBooks: Point of Sale 5.0 Ring Up Sales Inventory Management Customer Tracking Credit Card Management Multiple Security Levels Extensive Reporting.

0 QuickBooks: Point of Sale 5.0 Ring Up Sales Inventory Management Customer Tracking Credit Card Management Multiple Security Levels Extensive Reporting.
Introduction Lesson 1 Microsoft Office 2010 and the Internet

Introduction Lesson 1 Microsoft Office 2010 and the Internet
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net 1 WX Client Rajoo Nagar PLM, WABU.

| Copyright © 2009 Juniper Networks, Inc. | 1 WX Client Rajoo Nagar PLM, WABU.
1 Scanshell.Net CSSN – Card Scanning Solutions THE ULTIMATE, ALL-IN-ONE CARD-SCANNING SOLUTION.

1 Scanshell.Net CSSN – Card Scanning Solutions THE ULTIMATE, ALL-IN-ONE CARD-SCANNING SOLUTION.
1 2 In a computer system, a file is a collection of information with a single name, such as addresses.doc, or filebackup.ppt, or ftwr.exe, or guidebook.xls.

1 2 In a computer system, a file is a collection of information with a single name, such as addresses.doc, or filebackup.ppt, or ftwr.exe, or guidebook.xls.

Similar presentations

Ads by Google