This product pack includes various instructions to help with the patch management of Windows devices across the environment
Scenario
The patch management process that is used widely across many organizations is getting them to around 95% complete after 3 or 4 weeks. The last 5% causes them a large amount of work trying to identify why CM will not deploy the patch, trouble shooting CM health issues or manually installing the patch.
Known Issues / Additional Notes
Info
- Status
- Verified
- Author
- 1E Product Pack Team
- Category
- Patch
- Tags
- Critical Patching Security Windows
- Added
- 2 years ago
- Last Updated
- 3 weeks ago
- Downloads
- 97
- Compatibility
- Platform - v8.1, v8.0, v5.2, v5.1
Os Supported - Microsoft Windows 10, 8.1, 7
Components
1E-Exchange-WindowsSecurityProfile-WindowsUpdateSource
1E-Exchange-UpdateWindowsDefender
1E-Exchange-UninstallMicrosoftKBPatch
Description
This instruction will uninstall a Microsoft patch using the dism command. More information about DISM can be found https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/add-or-remove-packages-offline-using-dism
Readable Payload
Uninstall Microsoft Patch %KBNumber%
1E-Exchange-ThirdPartyPatchDashboard
1E-Exchange-TestWSUSConnectivity
1E-Exchange-TachyonCore-WindowsUpdatesPendingReboot
1E-Exchange-RestartPatchServicesandFoldersUpdate
Description
Stops Windows Update, Cryptographic Services, BITS and Windows Installer services, updates catroot2 and SoftwareDistribution folders and restarts services.
Readable Payload
Restart Windows Update and Patching related services. Reset update folders.
1E-Exchange-PatchSuccessAndFailDate
1E-Exchange-PatchEnforcement-Registry.pol-fix
Description
Fix issues related to Registry.pol file such as Registry.pol file is outdated or the file has not been created. Useful in case of Patch Compliance-Enforcement State Unknown problem. (This will trigger the SCCM software update scan cycle and will take a few minutes to execute)
Readable Payload
Fix issues related to Registry.pol file and %Scan% system files and images using SFC and DISM tools. Solves Patch Compliance-Enforcement State Unknown problem.
1E-Exchange-PatchEnforcement-InstallUpdates-fix
Description
Fix failed to install updates issue. Useful in case of Patch Compliance-Enforcement State Unknown problem. (This will trigger SCCM software update scan cycle and will take a few minutes to execute).
Readable Payload
Fix failed-to-install-updates issue. Solves Patch Compliance-Enforcement State Unknown problem.
1E-Exchange-DownloadAllPatchesFromSource
Description
Download all windows patches from local or remote WSUS source. This will be used to download patches only from WSUS server and MECM will not be used. This instruction will not return any response and a follow up question should be run after some time to determine whether the patch is successfully downloaded or not.
Readable Payload
Download all Windows patches from %PatchSource%.
1E-Exchange-DeployPatchFromUNC
1E-Exchange-ChangeWSUSServer
1E-Exchange-ApplyMissingPatchesMicrosoftWSUS
Description
Find all the missing updates using Microsoft WSUS or SCCM Server and Apply the specified KB Number OR All Updates.
Readable Payload
Patch Management: Find all the missing updates from the Microsoft WSUS or SCCM Server and apply the specified KB Number %KBNumber%
1E-Exchange-ApplyMissingPatchesMicrosoftWSUS-Go
Description
Find all the missing updates using Microsoft WSUS Server and Apply specified KB Number OR All Updates (Go version). For windows 64-bit only.
Readable Payload
Patch Management: Find all the missing updates from the Microsoft WSUS Server and Apply the specified KB Number %KBNumber%
1E-Exchange-ApplyMissingPatchesLocalWSUS
Description
Find all the missing updates using local WSUS Server and Apply specified KB Number OR All Updates.
Readable Payload
Patch Management: Find all the missing updates from the local WSUS or SCCM Server and Apply the specified KB Number %KBNumber%
1E-Exchange-ApplyMissingPatchesLocalWSUS-Go
Description
Find all the missing updates using local WSUS or SCCM Server and Apply specified KB Number OR All Updates (Go version). For windows 64-bit only.
Readable Payload
Patch Management: Find all the missing updates from the local WSUS or SCCM Server and Apply the specified KB Number %KBNumber% (Go Version)
1E-Exchange-GroupUpdates
1E-Exchange-GraphWindowsDefenderDefinitionRates
1E-Exchange-GraphPatchStatusUsingMicrosoftWSUS
1E-Exchange-GraphPatchRates
1E-Exchange-GraphNonMSPatchRates
1E-Exchange-GraphMSPatchRates
1E-Exchange-GetWUServer
1E-Exchange-GetWSUSServer
1E-Exchange-GetSourceConnectionStatus
1E-Exchange-GetSCCMPatchesGo
1E-Exchange-GetSCCMPatches
1E-Exchange-FindMissingPatchesMicrosoftWSUS
1E-Exchange-FindMissingPatchesMicrosoftWSUS-Go
1E-Exchange-FindMissingPatchesLocalWSUS
1E-Exchange-FindMissingPatchesLocalWSUS-Go
1E-Exchange-FailedPatches
1E-Exchange-PatchEnforcement-Check-Registry.polExists
1E-Exchange-PatchDashboardWithLastPatchDays
Description
Provides dashboard with details Windows Defender AV Definition updates, Microsoft and Non-MS Patching groups. For Windows only.
Readable Payload
Show Patching Dashboard for MS Patches with last Patch days, Non-MS Patches and Defender AV Updates
1E-Exchange-OSUpdates
1E-Exchange-ListPatches
1E-Exchange-InstallSCCMPatchesGo
1E-Exchange-InstallSCCMPatches
1E-Exchange-InstallPatchUsingMicrosoftWSUS
1E-Exchange-InstallPatchesFromSource
Description
Installs the missing Windows patches from the specified patch source like SCCM,WSUSR, WSUSL used as a follow-on action. Agent will not communicate to application server for specified stagger time. For Windows only.
Readable Payload
Install patches if missing from %PatchSource% and delay the agent for %Stagger% milliseconds.