Atera’s Patch Management and IT Automation lets you perform a variety of crucial support tasks including patching, software bundle installation, Windows version upgrades, disk management, maintenance, automated scripting, and more. An automation profile with any of the above tasks can be scheduled to run one-time, weekly, monthly, or flexibly.
Automation profile tasks
OS patch management
Install all Windows patch updates
Note: Windows Optional updates cannot be patched automatically via automation profiles. They can be installed manually if the patch is available through WUA API, which Atera communicates with.
Critical updates
Critical updates include fixes for non-security problems that can negatively affect your system's compatibility, performance, and interoperability.
Note: Any updates hidden on Windows OS will not be installed by Atera (even when selecting the 'Install all Windows patch updates' option.
Security updates
- Security updates: Address vulnerabilities to keep your system secure.
- Definition updates: Keep Windows Defender updated with the latest security patch definitions.
- Update rollups: A bundled set of updates for security and reliability that require immediate deployment.
Service packs
- Service pack updates: Enhance security and performance, and provide compatibility for new hardware types.
- Feature packs: Deliver both fixes and new functionalities, along with performance enhancements.
- Updates: Fix bugs that aren't related to security nor considered critical updates.
Drivers and tools
- Hardware driver updates: Keep your hardware running efficiently with the latest drivers to fix common issues and deliver stability and performance improvements.
- Office updates: Ensure your Microsoft Office suite is up-to-date with the latest productivity and security features.
- Tool updates: Provide updates to essential utilities and features that help users complete tasks more effectively.
Install all Mac patch updates
Recommended: Install recommended updates to maintain both security and stability on Mac devices.
Linux package upgrades
Upgrade all: Upgrade all installed packages on Linux systems to their latest available versions.
Reboot device
Reboot if needed: Trigger an automatic system reboot — when required — after patch installation, ensuring that updates are properly applied and active.
Note: Configuration policies override the "Reboot if needed" option found in IT automation profiles. For example, if you have set up a configuration policy with "Restart outside of active hours", the agent will reboot only after working hours have ended. Learn more
Software patch management
Update software via Chocolatey, Homebrew, and WinGet to ensure your software has the latest features and security enhancements. No matter how the software was installed, if it's managed by Chocolatey, Homebrew, or WinGet, and a new version is available, it will be updated. You can also exclude specific software from being updated, giving you control over which versions are maintained in your environment. Learn more
Chocolatey (Windows) and Homebrew (Mac)
Update all: Update all software via Chocolatey and Homebrew (if version updates are available).
Excluded software patches: Prevent selected software from being updated via Chocolatey and Homebrew.
WinGet (Windows)
Update all: Update all software via WinGet (if version updates are available).
Excluded software patches: Prevent selected software from being updated via WinGet.
Software bundle
Software bundles make it easy to install multiple applications in one automated step via Chocolatey (for Windows), Homebrew (for Mac), and your private repository
Upgrades
Upgrade to the most recent builds of Windows operating systems (10 or 11), prioritizing device compatibility.
Note:
- Windows upgrades take time, use network and disk resources, and may require multiple restarts. When both Windows 10 and 11 options are selected, the profile checks the device's eligibility and upgrades it to the latest compatible version.
- A valid license for the selected version is required.
Disk management
- Defragment (all disks): Reorganizes data on the disks to improve speed and efficiency.
- Run check disk (all disks): Performs a scan of all disks to report on their current health status, identifying any potential issues — without attempting repairs.
Maintenance
- Create system restore point: Safeguard the system by setting a restore point to revert to in case of an unexpected issue or update problem.
- Delete temporary files: Clear out temporary files to free up disk space and improve system performance.
- Delete internet history: Clean browser history for privacy and to enhance browser performance.
- Reboot: Safely restart the computer to complete updates or as part of routine maintenance.
- Shutdown: Allow for a scheduled shutdown of the system to conserve power or follow operational hours.
Note:
- The 'Create System Restore Point' task will not work if System Restore is turned off on the local machine.
- The 'Delete Temp Files' task will remove files from:
- "C:\Windows\Temp"
- "C:\Users\[user]\AppData\Local\Temp"
- For optimal results during reboot and shutdown maintenance, we highly recommend creating individual automation profiles for each task.
- Configuration Policies override reboot tasks in automation profiles. For example, if you have set up a Configuration Policy with 'Restart outside of active hours', the agent will reboot only after working hours have ended.
Scripts
Enhance automation by attaching custom or predefined scripts to the profile. Tailor complex tasks with the flexibility to edit variable values, allowing the same script to run across different scenarios with unique parameters. For more information, see Add scripts to automation profiles
OS patch approval settings
Configure settings for installing and excluding operating system updates on your end-user devices for greater control, adaptability, and security when it comes to critical, non-critical, and recommended updates. Learn more
Create automation profile
After setting up your automation profile, apply it to your sites(s), site folders, or specific agents. You can also specify certain settings to apply to all automation profiles, in addition to the settings you've applied to individual profiles. Learn more
After setting up your automation profile, apply it to your customer(s), customer folders, or specific agents. You can also specify certain settings to apply to all automation profiles, in addition to the settings you've applied to individual profiles. Learn more
To create an automation profile:
1. Go to Admin > Monitoring and automation > Patch management and IT automation.
The Patch Management and IT Automation page appears.
2. Click Add Profile.
The Add patch and IT automation profile window appears.
3. Enter a name for the profile. Then click Save.
The Profile page appears.
4. Configure the profile:
- Select the tasks (patches, software updates, and other automations).
- Manage approval settings (postpone and excluding OS patches). Learn more
- Set the profile execution preferences
- Assign the profile
- Add the schedule(s)
Profile execution preferences
Offline agent execution preference
You can configure offline agent execution preferences to determine what happens when an IT automation profile is scheduled to run and you have some offline devices. When a device is offline, you have the option to queue tasks for a specified duration. These tasks will remain in the queue until the device is back online or the time limit expires. You can choose to run the execution either according to the profile-specific settings or the global default setting.
The following options are available:
- Online agents only: Scheduled automation profiles will run on online agents only and will not be queued for offline agents.
- Queue for up to 1 hour: Scheduled automation profiles will run if agents come online within 1 hour.
- Queue for up to 1 day: Scheduled automation profiles will run if agents come online within 1 day.
- Queue for up to 1 week: Scheduled automation profiles will run if agents come online within 1 week.
- Queue for up to 2 weeks: Scheduled automation profiles will run if agents come online within 2 weeks.
- Queue for up to 1 month: Scheduled automation profiles will run if agents come online within 1 month.
In the example below, the profile is set to "Queue for up to 1 day (default)".
- This means tasks will remain in the queue for up to 24 hours, waiting for the device to come online.
- If the device reconnects within the the specified time, the tasks will execute automatically.
- If the device does not come online within the specified time, the tasks will not be executed.
- An option marked as "(default)" refers to the global setting configured on the Patch Management & IT Automation page. The execution setting configured at the profile level will override the global setting, unless you have specifically selected the global option within the profile. For more information, see Patch and automations settings for all profiles
Time zone preference
Select the time zone preference for scheduling the automation profile.
The following options are available:
- Device local time: Schedules profiles to run based on each device's local time zone, making it easier to manage devices spread across multiple locations via a single profile.
- Account time zone: Schedules profiles to run based on your account time zone (displayed in Admin > My account > Account settings > General).
Note:
- The default time zone setting is 'Account time zone'.
- Profiles with 'Device local time' selected show Patch and automation feedback report information only after the profile has run locally.
- Profiles with 'Device local time' selected will not display the next scheduled execution time under 'Next execution time'. This is because the profile will run at different times, according to each local device's associated time zone.
- Switching between ‘Device local time’ and ‘Account time zone’ deletes all one-time schedules. This means you’ll need to reschedule them after updating the time zone settings.
- Profiles with 'Device local time' selected won’t run on devices without time zone information. You can review a device's time zone information in the Overview tab in the Agent console
Set execution preferences
To set execution preferences for an automation profile:
1. Once you've created an automation profile, update the Execution settings:
- Time zone: 'Account time zone' or 'Device local time'.
- Offline agent execution preference: Online agents only or queued offline agents (see options).
2. Click Save.
You can see in-depth details of completed tasks by clicking the external link icon () under 'Last execution time'. This will open the Patch and Automation Feedback report (filtered by the automation profile).
Assign the profile
Once you have created an automation profile, assign it to a site, folder, or agent for it to take effect. Learn more
Once you have created an automation profile, assign it to a customer, folder, or agent for it to take effect. Learn more
Schedule the profile
You can add as many schedules to the automation profile as you want.
Schedules can be edited by clicking the edit icon (), or deleted by clicking the delete icon () next to the schedule.
Note:
- Using multiple profiles with 'Run the profile on newly installed agents' on the same site can cause conflicts. Ensure tasks don’t overlap and that scripts from different profiles can run at the same time.
- Using multiple profiles with 'Run the profile on newly installed agents' on the same customer can cause conflicts. Ensure tasks don’t overlap and that scripts from different profiles can run at the same time.
To schedule the automation profile:
1. Once you've created an automation profile, click + Add schedule.
2. Click the Select frequency dropdown. Then select daily, weekly, monthly, or annually.
3. Configure the rest of the schedule. Then click Save.
The schedule is added to the automation profile.
4. If you haven't done so already, select the execution settings
5. Click Save to save the profile.
The profile will run on the assigned devices at the scheduled time. You can review the next execution time in the side panel.
Note: Profiles with 'Device local time' selected will not display the next scheduled execution time under 'Next execution time'. This is because the profile will run at different times, according to each local device's associated time zone.
Run profile immediately
After configuring the profile, click Run now (top right of the page).