Patch management is a crucial aspect of IT administration. It involves patching security vulnerabilities, eradicating bugs, as well as improving usability and performance by making sure software is up to date. Atera's Patch Management gives you total administrative control over patching, from within the platform. To learn more, check out this short video or read our Patch Management Q&A.
Set up automated patch management
1. From Admin, click on Patch Management and IT Automation.
2. Select Add Profile (bottom, right of the page) to create an IT Automation profile.
3. Enter a name for the profile, and click Save. The Edit Automation Profile screen appears.
4. Check the boxes of the patches you wish to install and the automation you wish to include.
- OS Patch Management (Includes critical, security, service packs, drivers, and tools (this category includes Office and tools updates as well as drivers such as Java and Adobe), and Mac OS updates). Note: Any updates hidden on Windows OS will not be installed by Atera (even when selecting the 'Install all Windows patch updates' option.
- OS Excluded Patches (You can exclude certain OS patches). Learn more
- Software Patch Management (Software patches are installed via Chocolatey for Windows and Homebrew for Mac package managers. Learn more)
- Software Excluded Patches (You can exclude certain software patches).
- Software Bundle (You can attach a software bundle, for automated installation. Learn more)
- Upgrades (upgrades to the latest Windows 10 version).
- Disk Management (Defragment or run Checkdisk).
- Maintenance (Create a system restore point, delete temp files or internet history, reboot, or shut down).
- Scripts (You can attach scripts, to have them run with the automation profile. Additionally, you can edit variable values (when applicable), enabling you to run the same script with different variables).
Install the patches immediately
Select Run Now (top of page).
Set the automation profile to run on a recurring schedule
1. After selecting the patches you wish to install, click + Add schedule (top of page).
2. Click the Select frequency dropdown and choose from daily, weekly, monthly, or annually. Then define the rest of the schedule.
3. When you're done scheduling the automation profile, click Save.
To automatically run the profile upon new agent installation, check the checkbox next to Run the profile on newly installed agents. Having multiple profiles with this option enabled, on the same customer, can create conflicts when the profile runs on a newly installed agent. Make that the tasks and scripts do not conflict with each other.
- If you wish to schedule the automated Reboot or Shutdown (under Maintenance), we strongly recommend creating separate automation profiles for these, as they may disrupt other selected actions on a profile.
- You can exclude certain patches. It can be used for excluding problematic patches after trying them out on a demo or test environment for several days. For more information, see How Can I Exclude Patches From The Automation Profile
- Optionally, you can add email addresses (i.e., technician or end-user) to receive detailed reports of patch installation success (or failure) after automation runs.
4. Click Save to save the automation profile.
- Patch automation will run at the time set up in Atera under Admin > Settings > General > Time zone.
- Windows Optional updates cannot be patched automatically through an IT Automation Profile; these can only be installed manually as long as the patch is made available through WUA API which Atera is communicating with.
- You can also specify certain settings to apply to all automation profiles, in addition to the settings you've applied to the individual profile.
- Configuration policies override the "Reboot if needed" option found in IT automation profiles. For example, if you have set up a Configuration policy with "Restart outside of active hours", the agent will reboot only after working hours have ended.
You can apply the profile to your customer(s) or a specific agent.
Apply an IT automation profile to your customer(s) or an agent
Once you have created an IT automation profile, you'll need to apply it for it to take effect.
Note: Installed patches that require a device reboot to take effect, will show a 'Reboot required' indication next to the specific device(s), on the Devices page (the indication will appear whether the patch was installed manually or via the IT automation profile).
Check out this video that explains the process of setting up Patch Management and IT Automation.