Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
- Patch management for Windows
- Features
- SA Client library
- Windows patching support of all products in the Microsoft patch catalog
- Microsoft patch database
- Patch installation
- Roles for Windows patch management
- Patch management process
- Patch management tasks
- Policy management
- Remediating patch policies
- Adding items to a Windows patch policy using the Object ID
- Patch compliance
- Patch administration
- Download and install Windows patch management files (optional)
- Patch locales
- Patch uninstallation
Features
SA automates Windows patching by providing the following features and capabilities:
- A central repository where patches are stored and organized in their native formats
- A database that stores information about every patch that has been applied
- Customized scripts that can be run before and after a patch is installed
- Advanced search abilities that identify servers that require patching
- Auditing abilities for tracking the deployment of important patches
- Multibinary patch support that enables you to install Windows multibinary patches
- All Windows product support for patching any Windows products or operating system
These features and capabilities enable you to browse patches by a certain operating system, schedule patch downloads and installations, set up email notifications, preview a patch installation, use policies and remediation to install patches, and export patch information to a reusable file format.
Types of Patch Browsing
The SA Client interface organizes Windows patches by operating systems and displays detailed vendor security information about each patch, such as Microsoft Security Bulletins. You can browse patches by the date Microsoft released the patch, by the severity level, Security Bulletin ID, QNumber, and so on. You can also browse all patches that are installed on a server, and view and edit patch metadata.
Scheduling and notifications
In the SA Client, you can separately schedule when you want patches to be imported from Microsoft into Server Automation, either by a schedule or on demand, and when you want these patches to be downloaded to managed servers.
Best Practice: Schedule patch installations for a day and time that minimize disruption to your business operation.
Ubuntu patching also allows you to set up email notifications that alert you when the download and installation operations completed, succeeded, or failed. When you schedule a patch installation, you can also specify reboot preferences to adopt, override, postpone, or suppress the vendor’s reboot options.
Patch policies and exceptions
To provide flexibility in how you identify and distribute patches on managed servers or groups of servers, Windows patching allows you to create patch policies that define groups of patches you need to install.
By creating a patch policy and attaching it to a server or a group of servers, you can effectively manage which patches get installed where in your organization. If you want to include or exclude a patch from a patch installation, patch management allows you to deviate from a patch policy by specifying that a certain patch is a patch policy exception.
An additional patch is one that is not already specified in the patch policy and is one that you want to include in (add to) the patch installation. A patch that you want to exclude from a patch installation is one that is already specified in a patch policy and is identified in the patch policy exception as one you do not want installed.
Best Practice: In cases where it is already known that a certain Windows patch may cause a server or application to malfunction, you should create a patch policy exception to exclude it from being installed on that server or on all servers that have that application.
Patch installation preview
While Patch Management allows you to react quickly to newly discovered security vulnerabilities, it also provides support for strict testing and standardization of patch installation.
After you have identified patches to install, Patch Management allows you to simulate (preview) the installation before you actually install a patch. Use the preview process to identify whether the servers that you selected for the patch installation already have that patch installed. In some cases, a server could already have a patch installed if a system administrator had manually installed it.
The preview process provides an up-to-date report of the patch state of servers. The preview process reports on patch dependency and supersedence information, such as patches that require certain Windows products, and patches that supersede other patches or are superseded by other patches.
Patch uninstallation preview
Patch management also provides a solution for remediating servers that are not operating properly due to installed patches. If installed patches cause problems, even after being tested and approved, Windows patching allows you to uninstall patches in a safe and standardized way. You can specify uninstall options that control server reboots and the execution of uninstall commands, and pre-uninstall and post‑uninstall scripts. Similar to previewing a patch installation, you can also preview a patch uninstallation.
Exporting patch data
To help you track the patch state of servers or groups of servers, Patch Management allows you to export this information. This information can be exported in a comma‑separated value (.csv) file and includes details about when a patch was last detected as being installed, when a patch was installed by Server Automation, the patch compliance level, what patch policy exceptions exist, and so on. You can then import this information into a spreadsheet or database to perform a variety of patch analysis tasks.
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to hpe_sa_docs@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: