Windows OS

From Notes_Wiki
Revision as of 13:14, 2 July 2025 by Ansil (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Home > ManageEngine Endpoint Central > OS Patch Management > Windows OS

Patch Management Using Endpoint Central – Windows OS

Description

This page describes how to manage Microsoft Windows OS patches using ManageEngine Endpoint Central (EPC). Patch management involves scanning systems, identifying missing patches, approving them, and deploying them to Windows endpoints in a controlled and automated manner.

Endpoint Central supports patch management for all major Windows client and server versions and helps ensure your systems remain secure and compliant.


> ⚠️ Ensure the Windows machines are domain-joined or accessible over the network, and that the agent is installed.

1. Preparing the Windows Machine

  1. Install the Endpoint Central agent on the Windows machine.
  2. Ensure firewall rules allow communication with the EPC server.
  3. Verify internet access or WSUS/local patch sync availability.
  4. Ensure system time is in sync with the Domain Controller or NTP server.

2. Installing the Endpoint Central Agent

Step 1: Download the Agent

Go to: Agent → Computers → Download Agent → Windows → 64-bit → Download Agent

Step 2: Install the Agent

  1. Run the downloaded installer manually or deploy it via Group Policy/SCCM.
  2. The agent will auto-register with the Endpoint Central server.

Step 3: Verify Agent Installation

Navigate to: Agent → Computers

  • Confirm the system appears as "Installed".

3. Configuring Patch Settings

Step 1: Enable Patch Types

Go to: Admin → Patch Settings → Patch Database Settings

  • Enable the following:
 * Security Updates
 * Non-Security Updates
 * Feature Packs
 * Critical Updates
 * Service Packs (optional)
  • Click Save

Step 2: Configure Reboot Settings

In Deployment Policy, define:

  • Whether to force a reboot
  • Reboot during non-business hours only
  • User deferral options (optional)

Step 3: Set Proxy if Needed

Go to: Admin → Server Settings → Proxy Server

  • Configure proxy if your server accesses the internet via proxy
  • Else, choose: Direct Connection to the Internet

4. Scanning and Patching Windows Machines

Step 1: Scan the System

Go to: Threats & Patches → Scan Systems

  • Select the Windows endpoints
  • Click Scan Now to detect missing patches

Step 2: View and Approve Patches

Go to: Threats & Patches → By Patches → Missing Patches

  • Review the list of missing patches
  • Select required updates
  • Click Install / Publish Patches

Step 3: Create a Deployment Task

  1. Select the approved patches
  2. Choose a Deployment Policy
  3. Set Deployment Time (e.g., Deploy Anytime at the Earliest)
  4. Select target computers or groups
  5. Click Deploy

5. Monitoring and Reporting

Monitor patch deployment from:

  • Threats & Patches → Deployment Status
  • Reports → Patch Reports → Windows Patch Summary

6. Best Practices

  • Enable regular automatic patch scans (daily or weekly)
  • Use pilot groups for testing critical updates
  • Schedule patch deployment outside business hours
  • Enable email alerts for failed or pending deployments

References


Home > ManageEngine Endpoint Central > OS Patch Management > Windows OS

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Windows_OS&oldid=9004"