Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

 What is Patch Management?

Patch management is the regular patching of Operating Systems and applications.  Keeping software up to date is important to protect users and their data.

How are Patches Delivered?

Computers at Carleton are patched in a number of ways:

Windows Software Update Service (WSUS)

Windows computers are configured to receive Microsoft updates from the WSUS server on campus.  This server gets Windows Operating System patches, as well as patches for IE, Office, and other Windows application patches from Microsoft.

McAfee AntiVirus

McAfee AntiVirus software is set to automatically retrieve updates from McAfee servers on a regular basis.  Carleton will be transitioning to an EPO server.  An EPO server will allow for a brief testing period before releasing updates to campus computers.

KBOX Patch Management

The KBOX is only for Carleton-owned computers.
You must be ON CAMPUS to log into the KBOX, as described below.

Please contact the ITS Helpdesk if you would like help using the KBOX.
You can reach them at x 5999 or by email at: helpdesk@carleton.edu

The KBOX receives patches from Lumension , a security company.  These patches are then delivered to campus computers. Patches in the KBOX appear to be security related patches only.  Feature related patches for the applciations listed below are not available in the KBOX patch management.

How do I tell if my machine is on a patching schedule?
  1. Visit the KBOX user portal in your web browser
  2. Log in with your Carleton username and password
  3. Click the My Computer tab
  4. Scroll down the page to the Activities section
  5. Click on the Labels link
  6. If you have a Label beginning with PatchSelf, your machine is on a patching schedule
    1. Note: If you have a VM, multiple Operating Systems, or multiple computers, you'll need to repeat this process from each VM/OS/computer
How do I join a KBOX patching schedule?
  1. Visit the KBOX user portal in your web browser
  2. Log in with your Carleton username and password
  3. Click the Software Library tab
  4. In the Search field, type Patch and click Search or scroll down the page until you see the entries beginning with Patch Schedule: 
  5. Click on the desired Patch Schedule
  6. Read the Installation Instructions and click Install Now
    1. Note: If you have a VM, multiple Operating Systems, or multiple computers, you'll need to repeat this process from each VM/OS/computer
What patches are delivered by the KBOX?

The KBOX delivers security-based patches for the following applications:

  • Adobe AIR
  • Adobe Acrobat and Adobe Reader
  • Some Adobe CS3-CS4 patches
  • Citrix Receiver (Windows)
  • Firefox
  • Flash Player
  • Google Chrome (Windows)
  • iTunes (Mac and Windows)
  • Java
  • Microsoft Silverlight and Remote Desktop (Mac)
  • Office (Mac)
  • QuickTime Player (Mac and Windows)
  • Safari (Mac and Windows)
  • Shockwave Player
  • VLC media player (Windows)
  • VMWare Fusion, Player, Workstation
  • WinZip and 7-Zip (Windows)
When are patches delivered?

When software vendors release patches, Lumension tests them before making them available to the KBOX.  This provides a second level of review to catch any potential problems.  The KBOX downloads patches on a nightly basis.  Carleton computers are set to check for patches on one of the following schedules:

  • Thursdays at 5:55 am
    • this schedule is recommended for computers connected to the campus network at 5:55 am
    • computers should automatically power on at 5:40 am (Wake on LAN)
    • at 5:55 am the KBOX will detect and deploy patches
      • the KBOX will suspend pending tasks after 3 hours
      • if a patch is actively being installed at the 3 hour mark, it will continue installing
      • if a reboot is required, users will be prompted to reboot.  After 5 minutes a reboot will be forced and patching will continue
  • Thursdays at 12:05 pm (Common Time)
    • This schedule is recommended for computers connected to the campus network on Tuesday/Thursday from 12-1 pm
    • Tuesday at 12:05 pm the KBOX will detect which patches need to be deployed
      • no patches will be deployed at this time
      • the KBOX will suspend pending tasks after 50 minutes
    • Thursday at 12:05 pm the KBOX will deploy patches 
      • based on the patch list compiled on Tuesdays
      • the KBOX will suspend pending tasks after 30 minutes
      • if a patch is actively being installed at the 30 minute mark, it will continue installing
      • if a reboot is required, users will be prompted to reboot but a reboot will not be forced
  • Thursdays at 12:05 pm (Common Time) or next connection
    • This schedule is recommended for highly-mobile computers, or computers that are rarely connected to the campus network
    • Friday at 4:00 am the KBOX will detect which patches need to be deployed
      • if the computer is not connected to the campus network at this time, a detect will run the next time it is connected
      • no patches will be deployed at this time
      • the KBOX will suspend pending tasks after 60 minutes
    • Thursday at 12:05 pm the KBOX will deploy patches
      • if the computer is not connected to the campus network at this time, a deploy will run the next time it is connected
      • based on the patch list compiled previously
      • the KBOX will suspend pending tasks after 30 minutes
      • if a patch is actively being installed at the 30 minute mark, it will continue installing
      • if a reboot is required, users will be prompted to reboot but a reboot will not be forced
  • Thursdays at 5:00 pm
    • this schedule is recommended for computers connected to the campus network at 5:00 pm
    • at 5:00 pm the KBOX will detect and deploy patches
      • the KBOX will suspend pending tasks after 5 hours
      • if a patch is actively being installed at the 5 hour mark, it will continue installing
      • if a reboot is required, users will be prompted to reboot.  After 5 minutes a reboot will be forced and patching will continue
  • Fridays at 11:00 am (Convo)
    • This schedule is recommended for computers connected to the campus network on Thursday from 12-1 pm and Friday 11 am - 12 pm
    • Thursday at 12:05 pm the KBOX will detect which patches need to be deployed
      • no patches will be deployed at this time
      • the KBOX will suspend pending tasks after 50 minutes
    • Friday at 11:00 am the KBOX will deploy patches
      • based on the patch list compiled on Thursdays
      • the KBOX will suspend pending tasks after 30 minutes
      • if a patch is actively being installed at the 30 minute mark, it will continue installing
      • if a reboot is required, users will be prompted to reboot but a reboot will not be forced
What if my software is already up-to-date?

KBOX patch management should not reinstall patches that are already applied or downgrade your software.

Manual Updates

Most applications on campus computers have automatic update checking turned off.  Users with the proper privileges can update their software manually, or re-enable automatic update checking.

What About Exceptions?

If there is a technical reason that your software cannot be updated, or a custom schedule is needed, contact ITS HelpDesk (x5999).

  • No labels