Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
- SA integration
- Features
- Support for Windows patch testing and installation standardization
- Windows patch database conflict report
- Supported technologies for patch management
- Roles for Windows patch management
- Requirements for managed servers
- Supported Windows versions
- Supported products in the Microsoft patch database
- About the SA Client patch library
- Windows server patch management support
- Patch settings window
Windows server patch management support
SA Windows Server patch management support is compatible with a mixed-version multimaster mesh (where both patched and unpatched cores co-exist). Windows platform patch management includes the following supported functions:
- Windows Server patches appear under Library after the patch database is imported.
- Select the specific Windows Server version under Administration > Windows Patch Downloads > Patch Products to specify whether to import Windows Server patch metadata.
-
To manage Windows Server patches you can:
- Invoke a patch browser to edit patch properties, descriptions, and reboot/install/uninstall flags.
-
See the following patch views when a Windows Server server is selected.
- Patches Needed
- Patches Recommended By Vendor
- Patches with Policies or Exceptions
- Patches Installed
- Patches with Exceptions
- All Patches
- You can import patch binaries from the vendor using the SA Client or from a file.
- You can attach Windows Server patch policies to servers and server groups.
- You can define patch policy exceptions for Windows Server patches on servers and server groups.
SA patching modes
To patch your Windows managed servers with applicable Microsoft updates, SA requires access to the Microsoft patching database. You can access this database either by importing Microsoft's offline catalog of patches or by connecting SA to a WSUS server in your network.
Depending on your available network infrastructure, enable one of the available SA patching modes:
- Offline Catalog - imports the wsusscn2.cab file from the SA Client or from the
populate-opsware-update-library
script. The wsusscn2.file contains only security updates. HPE can provide missing non-security updates via HPELN.
- WSUS - connects to a WSUS server to retrieve Microsoft patches from a custom Windows patching repository. Unlike the Offline Catalog mode, WSUS patching requires access only to the WSUS server on your network from where it can retrieve both security and non-security updates.
The populate-opsware-update-library script
The populate-opsware-update-library
script automates the download of the Microsoft's offline catalog of patches and the import of these patches into SA. The populate-opsware-update-library
downloads the wsusscn2.cab file and imports its contents (hotfixes, service packs, and update rollups) into SA.
populate-opsware-update-library
script is specific to Microsoft Offline Catalog patching and does not run in WSUS patching mode. For more information about running the script and the available options, see
Policies and exceptions for Windows server patches
SA provides a recommended patch policy for Windows Servers. You can also define additional custom patch policies in the same way as described in Application Deployment in the SA 10.51
Remediate and ad-hoc install/uninstall
You can remediate Windows Server patch policies and perform ad-hoc Windows Server patch installations and uninstallations. Windows Server patches can be remediated in software policies and ad-hoc installations using install/uninstall software. However, software compliance does not account for applicability.
Patch compliance
You can perform patch compliance scans on Windows Server servers to determine compliance relative to attached policies and exceptions. Patch compliance is based on patch applicability on the selected server(s).
The Compliance view in the SA Client displays compliance details for Windows Server servers.
Known limitations
- The Install/Uninstall Patch window typically allows you to specify install/uninstall flags when a patch is selected for installation/uninstallation. The patch must be in an .EXE file format. Microsoft delivers Windows Server patches in both .EXE and .CAB format. In SA, if a patch is in .CAB file format, you cannot specify install/uninstall flags in the Patch, Install Patch, and/or Uninstall Patch windows because command-line arguments are not supported for .CAB format patches.
-
If you add install or uninstall flags using the Windows patch browser, any flags that SA would otherwise have used are overwritten.
Therefore, if you must use additional flags in a Windows patch browser, you must specify the -q flag with your additional flags. For example, if you want to log the install/uninstall process and do not want to override the default flags, specify the following:
/log:c:\mylog.txt /q /z
Note
Overriding the -q flag (if the patch supports -q) will cause the patch installation to fail. This type of installation can take as long as one hour to time out.
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to hpe_sa_docs@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: