Versions Compared

Old Version 1

changes.mady.by.user Sande Nissen

Saved on

compared with

New Version Current

changes.mady.by.user Rebecca Barkmeier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents

What is Patch and Update Management? 

Patch management and update management is are the regular updating and patching of Operating Systems and applications.  Keeping software up to date is important to protect users and their data.

At Carleton, when talking about desktop/laptops, we use the term Patch or KPatch to refer to security patches for third-party applications delivered by the K1000's patching mechanism. 

Updates, then, refer to Windows updates delivered by the WSUS server, or macOS updates delivered by the App Store.  Also, you can update any of the third party apps listed above by setting their preferences to automatically check for updates or by selecting their check for updates feature.  These application updates come directly from the vendor, not through the K1000.

How are Patches Delivered?


Anchor
kp
kp

K1000 (KBOX) Patch Management

All About K1000 (KBOX) Patch Management

How are Updates Delivered?

...

Apple Software Updates

Updates for the macOS come directly from Apple via System Preferences.  You should apply updates whenever they are available, and consider setting up automatic updates.

Windows Software Update Service (WSUS)

Windows computers are configured to receive Microsoft updates from the WSUS server on campus.  This server gets Windows Operating System operating system patches, as well as patches for IEInternet Explorer, Office, and other Windows application patches applications from Microsoft.

McAfee AntiVirus

McAfee AntiVirus software is set to automatically retrieve updates from McAfee servers on a regular basis.  Carleton will be transitioning to an EPO server.  An EPO server will allow for a brief testing period before releasing updates to campus computers.

...

KBOX Patch Management

...

namegrey

...

The KBOX receives patches from Lumension , a security company.  These patches are then delivered to campus computers. Patches in the KBOX appear to be security related patches only.  Feature related patches for the applciations listed below are not available in the KBOX patch management.

How do I tell if my machine is on a patching schedule?
  1. Visit the KBOX user portal in your web browser
  2. Log in with your Carleton username and password
  3. Click the My Computer tab
  4. Scroll down the page to the Activities section
  5. Click on the Labels link
  6. If you have a Label beginning with PatchSelf, your machine is on a patching schedule
    1. Note: If you have a VM, multiple Operating Systems, or multiple computers, you'll need to repeat this process from each VM/OS/computer
How do I join a KBOX patching schedule?
  1. Visit the KBOX user portal in your web browser
  2. Log in with your Carleton username and password
  3. Click the Software Library tab
  4. In the Search field, type Patch and click Search or scroll down the page until you see the entries beginning with Patch Schedule: 
  5. Click on the desired Patch Schedule
  6. Read the Installation Instructions and click Install Now
    1. Note: If you have a VM, multiple Operating Systems, or multiple computers, you'll need to repeat this process from each VM/OS/computer
What patches are delivered by the KBOX?

The KBOX delivers security-based patches for the following applications:

  • Adobe AIR
  • Adobe Acrobat and Adobe Reader
  • Some Adobe CS3-CS4 patches
  • Citrix Receiver (Windows)
  • Firefox
  • Flash Player
  • Google Chrome (Windows)
  • iTunes (Mac and Windows)
  • Java
  • Microsoft Silverlight and Remote Desktop (Mac)
  • Office (Mac)
  • QuickTime Player (Mac and Windows)
  • Safari (Mac and Windows)
  • Shockwave Player
  • VLC media player (Windows)
  • VMWare Fusion, Player, Workstation
  • WinZip and 7-Zip (Windows)
When are patches delivered?

When software vendors release patches, Lumension tests them before making them available to the KBOX.  This provides a second level of review to catch any potential problems.  The KBOX downloads patches on a nightly basis.  Carleton computers are set to check for patches on one of the following schedules:

  • Thursdays at 5:55 am
    • this schedule is recommended for computers connected to the campus network at 5:55 am
    • computers should automatically power on at 5:40 am (Wake on LAN)
    • at 5:55 am the KBOX will detect and deploy patches
      • the KBOX will suspend pending tasks after 3 hours
      • if a patch is actively being installed at the 3 hour mark, it will continue installing
      • if a reboot is required, users will be prompted to reboot.  After 5 minutes a reboot will be forced and patching will continue
  • Thursdays at 12:05 pm (Common Time)
    • This schedule is recommended for computers connected to the campus network on Tuesday/Thursday from 12-1 pm
    • Tuesday at 12:05 pm the KBOX will detect which patches need to be deployed
      • no patches will be deployed at this time
      • the KBOX will suspend pending tasks after 50 minutes
    • Thursday at 12:05 pm the KBOX will deploy patches 
      • based on the patch list compiled on Tuesdays
      • the KBOX will suspend pending tasks after 30 minutes
      • if a patch is actively being installed at the 30 minute mark, it will continue installing
      • if a reboot is required, users will be prompted to reboot but a reboot will not be forced
  • Thursdays at 12:05 pm (Common Time) or next connection
    • This schedule is recommended for highly-mobile computers, or computers that are rarely connected to the campus network
    • Friday at 4:00 am the KBOX will detect which patches need to be deployed
      • if the computer is not connected to the campus network at this time, a detect will run the next time it is connected
      • no patches will be deployed at this time
      • the KBOX will suspend pending tasks after 60 minutes
    • Thursday at 12:05 pm the KBOX will deploy patches
      • if the computer is not connected to the campus network at this time, a deploy will run the next time it is connected
      • based on the patch list compiled previously
      • the KBOX will suspend pending tasks after 30 minutes
      • if a patch is actively being installed at the 30 minute mark, it will continue installing
      • if a reboot is required, users will be prompted to reboot but a reboot will not be forced
  • Thursdays at 5:00 pm
    • this schedule is recommended for computers connected to the campus network at 5:00 pm
    • at 5:00 pm the KBOX will detect and deploy patches
      • the KBOX will suspend pending tasks after 5 hours
      • if a patch is actively being installed at the 5 hour mark, it will continue installing
      • if a reboot is required, users will be prompted to reboot.  After 5 minutes a reboot will be forced and patching will continue
  • Fridays at 11:00 am (Convo)
    • This schedule is recommended for computers connected to the campus network on Thursday from 12-1 pm and Friday 11 am - 12 pm
    • Thursday at 12:05 pm the KBOX will detect which patches need to be deployed
      • no patches will be deployed at this time
      • the KBOX will suspend pending tasks after 50 minutes
    • Friday at 11:00 am the KBOX will deploy patches
      • based on the patch list compiled on Thursdays
      • the KBOX will suspend pending tasks after 30 minutes
      • if a patch is actively being installed at the 30 minute mark, it will continue installing
      • if a reboot is required, users will be prompted to reboot but a reboot will not be forced
What if my software is already up-to-date?

KBOX patch management should not reinstall patches that are already applied or downgrade your software.

Manual Updates

Most applications on campus computers have automatic update checking turned off.  Users with the proper privileges can update their software manually, or re-enable automatic update checking.Windows computers check for new updates at least once a day, and they usually find new updates to apply about twice a month, soon after the second and fourth Tuesdays of the month.

Manual Updates Within Applications

Most applications on campus computers have automatic update checking turned on.  Verify automatic update checking is enabled for Adobe Acrobat, Adobe Reader, Adobe Flash Player, Firefox, Google Chrome, Java, and Office for the Mac or contact the ITS HelpDesk (x5999).  These applications also have an option to check for updates on demand. 

What About Exceptions?

If there is a technical reason that your software cannot be updated, or a custom schedule is needed, contact ITS HelpDesk (x5999).