Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

What is Patch and Update Management? 

Patch management is and update management are the regular updating and patching of Operating Systems and applications.  Keeping software up to date is important to protect users and their data.

At Carleton, when talking about desktop/laptops, we use the term Patch or KPatch to refer to security patches for third-party applications delivered by the K1000's patching mechanism. 

Updates, then, refer to Windows updates delivered by the WSUS server, or macOS updates delivered by the App Store.  Also, you can update any of the third party apps listed above by setting their preferences to automatically check for updates or by selecting their check for updates feature.  These application updates come directly from the vendor, not through the K1000.

How are Patches

...

Delivered?


Anchor
kp
kp

K1000 (KBOX) Patch Management

All About K1000 (KBOX) Patch Management

How are Updates Delivered?

Apple Software Updates

Updates for the macOS come directly from Apple via System Preferences.  You should apply updates whenever they are available, and consider setting up automatic updates.

Windows Software Update Service (WSUS)

Windows computers are configured to receive Microsoft updates from the WSUS server on campus.  This server gets Windows operating system patches, as well as patches for Internet Explorer, Office, and other Windows applications from Microsoft. Windows computers check for new updates at least once a day, and they usually find new updates to apply about twice a month, soon after the second and fourth Tuesdays of the month.

McAfee VirusScan

McAfee VirusScan software is set to automatically retrieve updates at least once a day, usually over the noon hour. Computers running Mac OS X get their updates from the McAfee servers. Windows computers check for updates and policies from the Carleton McAfee ePO server every 10 minutes.

...

KBOX Patch Management

...

namegrey

...

The KBOX receives patches from Lumension , a security company. These patches are then delivered to campus computers. Patches in the KBOX are security related patches only.  Feature related patches and upgrades are not available from KBOX patch management.

What patches are delivered by the KBOX?

The KBOX delivers security-based patches for the following applications:

  • Adobe AIR
  • Adobe Acrobat and Adobe Reader
  • Adobe Flash Player
  • Adobe Shockwave Player
  • Some Adobe CS3-CS6 patches
  • Citrix Receiver
  • Google Chrome (Windows)
  • Apple iTunes and QuickTime (Windows)
  • Apple Safari web browser (Windows)
  • Microsoft Silverlight and Remote Desktop (Mac)
  • Microsoft Office (Mac)
  • Mozilla Firefox and Firefox ESR
  • Oracle Java
  • VLC media player
  • VMWare Fusion, Player, Workstation
  • WinZip and 7-Zip (Windows)
When are patches delivered?

When software vendors release patches, Lumension and KACE test them before making them available to the KBOX. This provides more levels of review to catch any potential problems. The KBOX downloads new patch signatures and patch package files for the operating systems we have selected nightly. Then, Carleton computers use the available patches based on the patching schedule to which each computer is assigned. Some patch schedules check for ("detect") patches at one time, and then apply ("deploy") the detected patches at a different later time. Other patch schedules check for ("detect") patches and then apply them ("deploy") immediately thereafter.

There are 10 different patch schedules to which a computer can be assigned. Each computer, virtual machine (VM), and booting operating system (e.g., dual boot), should be assigned to one and only one patch schedule. Any VM or booting operating system on a computer should be assigned to a different schedule than the computer itself, so you can make sure the correct environment is running at the time of the schedule.

Which patch schedule should I pick?

It depends on when the computer (or VM or booting operating system) is active and on the campus network, and whether you want patching to compete with your work. In general, if you don't want to be interrupted, choose an "End of Day" or Overnight schedule, and leave your computer on and on the campus network. If you take your laptop computer home most nights, choose a schedule that runs during the day at a time when you may be away from your desk (e.g., Convo). If your laptop computer is seldom on campus at all, choose the Next Check In schedule which will try to run every time you are on the cmapus network.

 

Carleton computers are set to check for patches on one of the following schedules:

 

How do I tell if my machine is on a patching schedule?
  1. Visit the KBOX user portal in your web browser
  2. Log in with your Carleton username and password
  3. Click the My Computer tab
  4. Scroll down the page to the Activities section
  5. Click on the Labels link
  6. If you have a Label beginning with PatchSelf, your machine is on a patching schedule
    1. Note: If you have a VM, multiple Operating Systems, or multiple computers, you'll need to repeat this process from each VM/OS/computer
How do I join a KBOX patching schedule?
  1. Visit the KBOX user portal in your web browser
  2. Log in with your Carleton username and password
  3. Click the Software Library tab
  4. In the Search field, type Patch and click Search or scroll down the page until you see the entries beginning with Patch Schedule: 
  5. Click on the desired Patch Schedule
  6. Read the Installation Instructions and click Install Now
    1. Note: If you have a VM, multiple Operating Systems, or multiple computers, you'll need to repeat this process from each VM/OS/computer
What if my software is already up-to-date?

KBOX patch management should not reinstall patches that are already applied, nor should it downgrade your software.

Manual Updates

...

Manual Updates Within Applications

Most applications on campus computers have automatic update checking turned on.  Verify automatic update checking is enabled for Adobe Acrobat, Adobe Reader, Adobe Flash Player, Firefox, Google Chrome, Java, and Office for the Mac or contact the ITS HelpDesk (x5999).  These applications also have an option to check for updates on demand. 

What About Exceptions?

If there is a technical reason that your software cannot be updated, or a custom schedule is needed, contact ITS HelpDesk (x5999).