Patch Management
1E Verified
This product pack includes various instructions to help with the patch management of Windows devices across the environment
Scenario
The patch management process that is used widely across many organizations is getting them to around 95% complete after 3 or 4 weeks. The last 5% causes them a large amount of work trying to identify why CM will not deploy the patch, trouble shooting CM health issues or manually installing the patch.
Components
1E-Exchange-DeployPatchFromUNC
1E-Exchange-UninstallMicrosoftKBPatch
Description
This instruction will uninstall a Microsoft patch using the dism command. More information about DISM can be found https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/add-or-remove-packages-offline-using-dism
Readable Payload
Uninstall Microsoft Patch %KBNumber%
1E-Exchange-FailedPatches
1E-Exchange-PatchSuccessAndFailDate
1E-Exchange-InstallSCCMPatches
1E-Exchange-InstallPatchUsingMicrosoftWSUS
1E-Exchange-InstallPatchesFromSource
Description
Installs the missing Windows patches from the specified patch source like SCCM,WSUSR, WSUSL used as a follow-on action. Agent will not communicate to application server for specified stagger time. For Windows only.
Readable Payload
Install patches if missing from %PatchSource% and delay the agent for %Stagger% milliseconds.
1E-Exchange-GroupUpdates
1E-Exchange-GetSCCMPatches
1E-Exchange-FindMissingPatchesMicrosoftWSUS
1E-Exchange-FindMissingPatchesMicrosoftWSUS-Go
1E-Exchange-FindMissingPatchesLocalWSUS
1E-Exchange-ApplyMissingPatchesMicrosoftWSUS-Go
Description
Find all the missing updates using Microsoft WSUS Server and Apply specified KB Number OR All Updates (Go version). For windows 64-bit only.
Readable Payload
Patch Management: Find all the missing updates from the Microsoft WSUS Server and Apply the specified KB Number %KBNumber%
1E-Exchange-ApplyMissingPatchesLocalWSUS
Description
Find all the missing updates using local WSUS or SCCM Server and Apply specified KB Number OR All Updates.
Readable Payload
Patch Management: Find all the missing updates from the local WSUS or SCCM Server and Apply the specified KB Number %KBNumber%
1E-Exchange-ApplyMissingPatchesLocalWSUS-Go
Description
Find all the missing updates using local WSUS or SCCM Server and Apply specified KB Number OR All Updates (Go version). For windows 64-bit only.
Readable Payload
Patch Management: Find all the missing updates from the local WSUS or SCCM Server and Apply the specified KB Number %KBNumber% (Go Version)
1E-Exchange-RestartPatchServicesandFoldersUpdate
Description
Stops Windows Update, Cryptographic Services, BITS and Windows Installer services, updates catroot2 and SoftwareDistribution folders and restarts services.
Readable Payload
Restart Windows Update and Patching related services. Reset update folders.
1E-Exchange-PatchEnforcement-Registry.pol-fix
Description
Fix issues related to Registry.pol file such as Registry.pol file is outdated or the file has not been created. Useful in case of Patch Compliance-Enforcement State Unknown problem. (This will trigger the SCCM software update scan cycle and will take a few minutes to execute)
Readable Payload
Fix issues related to Registry.pol file and %Scan% system files and images using SFC and DISM tools. Solves Patch Compliance-Enforcement State Unknown problem.
1E-Exchange-PatchEnforcement-InstallUpdates-fix
Description
Fix failed to install updates issue. Useful in case of Patch Compliance-Enforcement State Unknown problem. (This will trigger SCCM software update scan cycle and will take a few minutes to execute).
Readable Payload
Fix failed-to-install-updates issue. Solves Patch Compliance-Enforcement State Unknown problem.
1E-Exchange-PatchEnforcement-Check-Registry.polExists
1E-Exchange-PatchDashboardWithLastPatchDays
Description
Provides dashboard with details Windows Defender AV Definition updates, Microsoft and Non-MS Patching groups. For Windows only.
Readable Payload
Show Patching Dashboard for MS Patches with last Patch days, Non-MS Patches and Defender AV Updates
1E-Exchange-OSUpdates
1E-Exchange-ListPatches
1E-Exchange-InstallSCCMPatchesGo
1E-Exchange-GraphWindowsDefenderDefinitionRates
1E-Exchange-GraphPatchStatusUsingMicrosoftWSUS
1E-Exchange-GraphPatchRates
1E-Exchange-GraphNonMSPatchRates
1E-Exchange-GraphMSPatchRates
1E-Exchange-GetWUServer
1E-Exchange-GetWSUSServer
1E-Exchange-GetSCCMPatchesGo
1E-Exchange-WindowsSecurityProfile-WindowsUpdateSource
1E-Exchange-UpdateWindowsDefender
1E-Exchange-ThirdPartyPatchDashboard
1E-Exchange-TestWSUSConnectivity
1E-Exchange-TachyonCore-WindowsUpdatesPendingReboot
1E-Exchange-FindMissingPatchesLocalWSUS-Go
1E-Exchange-ChangeWSUSServer
1E-Exchange-ApplyMissingPatchesMicrosoftWSUS
Description
Find all the missing updates using Microsoft WSUS or SCCM Server and Apply the specified KB Number OR All Updates.
Readable Payload
Patch Management: Find all the missing updates from the Microsoft WSUS or SCCM Server and apply the specified KB Number %KBNumber%
Known Issues / Additional Notes
Value Score
Info
- Status
- Verified
- Author
- 1E Product Pack Team
- Category
- Patch
- Tags
- Critical Patching Security Windows
- Added
- 11 months ago
- Last Updated
- 11 months ago
- Downloads
- 57
- Compatibility
- Platform - v5.2, v5.1, v5.0
Os Supported - Microsoft Windows 10, 8.1, 7