Versions Compared

Old Version 13

changes.mady.by.user Sande Nissen

Saved on

compared with

New Version 14

changes.mady.by.user Sande Nissen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel
borderColorred
titleTemporarily, Not KBOX Patch Management?

Around the beginning of August 2014, all college-owned computers will be migrated from the old K1000 5.4 to the new K1000 version 5.5, possibly receiving a newer version of the Dell KACE Agent. For a few months, Windows computers on a KBOX patch schedule will receive application patches from a different, temporary, K1000 process, one based on KBOX K1000 scripts, not on KBOX patching. This does not affect computers running Mac OS X, only Windows.

What you see during patching will look different, and may work a bit differently than before, but it will run at exactly the same time as the patch schedule you subscribed to (the deploy step). The applications that will be included in this process are marked with § in the list below. It is very likely that any Web browsers running at that time will be terminated without warning. ITS plans to have a better, permanent, solution in place by the end of the calendar year, if Dell KACE fixes some bugs.

...

Panelbox
namegrey

The KBOX is only for Carleton-owned computers.
You must be ON CAMPUS to log into the KBOXK1000, as described below.

Please contact the ITS HelpDesk if you would like help using the KBOXK1000.
You can reach them at x 5999 or by email at: helpdesk@carleton.edu

The KBOX 1000 (K1000) receives patches from Lumension , a security company. These patches are then delivered to campus computers. Patches in the KBOX K1000 are security related patches only.  Feature related patches and upgrades are not available from KBOX patch management.

What patches are delivered by the

...

K1000?

The KBOX K1000 delivers security-based patches for the following applications:

  • Adobe AIR
  • Adobe Acrobat
  • Adobe Reader§
  • Adobe Flash Player (on Windows, ActiveX and plugin)§
  • Adobe Shockwave Player
  • Some Adobe CS3-CS6 patches
  • Audacity (Windows, coming)
  • Citrix Receiver and XenApp
  • Foxit Reader (Windows, coming)
  • Google Chrome (Windows)
  • ImgBurn (Windows, coming)
  • Apple iCloud (Windows, coming)
  • Apple iTunes (Windows)
  • Apple QuickTime (Windows)
  • Apple Safari web browser (Windows)
  • Microsoft Silverlight and Remote Desktop (Mac)
  • Microsoft Office (Mac)
  • Mozilla Firefox (consumer version)
  • Mozilla Firefox ESR§
  • Notepad++ (Windows, coming)
  • Oracle Java (Java Runtime Engine, or JRE)§
  • TeamViewer (Windows, coming)
  • VideoLAN VLC media player (Windows)
  • VMWare Fusion, Player, Workstation
  • WinZip and 7-Zip (Windows)
  • WireShark and WinPCap (Windows, coming)

When are patches delivered by the

...

K1000?

When software vendors release patches, Lumension and KACE test them before making them available to the KBOXK1000. This provides more levels of review to catch any potential problems. The KBOX K1000 downloads new patch signatures and patch package files for selected operating systems nightly. Then, Carleton computers use the available patches based on the patch schedule to which each computer is assigned. Some patch schedules check for ("detect") patches at one time, and then apply ("deploy") the detected patches at a different later time. Other patch schedules check for ("detect") patches and then apply them ("deploy") immediately thereafter.

...

Every patch schedule Deploy step has these characteristics:

  • When starting, the KBOX K1000 displays an OK/Snooze choice to you for 15 minutes, then proceeds if there was no response.
  • If you choose Snooze, the KBOX K1000 waits 5 minutes and asks again.
  • The KBOX K1000 displays a Patching in Progress message continuously until this step is completed.
  • The actual patching process takes significant computer resources, so your other work may be noticeably affected.
  • Some applications (e.g., Java) will not patch successfully if the application is running at the time the patching is attempted, so during the Deploy step you should close any applications and Web browsers you are not actively using.
  • If a reboot is needed, the KBOX K1000 displays a Reboot prompt to you for 5 minutes, and re-prompts every hour (unless auto-reboots).

...

KBOX patch management should not reinstall patches that are already applied, nor should it downgrade your applications. With regard to Mozilla Firefox, note that version 31.2esr 1esr was released at the same time as consumer version 33 32 (31+21=3332), so ESR versions version numbers may appear old when they are actually up to date.

...

  1. In the power management settings on your computer, disable the computer's sleep mode entirely (but this wastes energy).
  2. In the power management settings in your computer operating system or BIOS, schedule the computer to wake up about 20 minutes before patching is scheduled to start.
  3. Have your computer configured to accept a Wake-on-LAN request when it is sleeping (which is not the default), and the KBOX K1000 will send a Wake-on-LAN packet about 10-15 minutes before patching is scheduled to start (ask the ITS HelpDesk x5999 for help with this).
  4. Launch a "keep awake" utility on your computer when you leave, so it never becomes inactive and so never sleeps. For Windows, we have had good results with a free utility called Caffeine, from Zhorn Software.

...