In this article, we will discuss the best practices when it comes to using Patch Management and IT Automation profiles in Atera and getting a high success rate.
It is important not to use one IT automation profile for all your monitored agents. First, please ensure to split the profiles based on systems' OS: one profile for Windows workstations, one for Windows Servers and one profile for MACs.
Next, separate main tasks into separate profiles based on how much weight they put on a system. Also, schedule them to run at one hour or one hour and a half between each other.
An example of how you can create the profiles:
1. First profile to Create System Restore Point (this takes a while)
2. Second Profile to Delete Temp Files then Delete internet history
3. Third profile to perform the necessary updates
The best practice when running patches and updates that require a system reboot would be to have a separate IT Automation Profile dedicated only for the system reboot that runs a couple of hours after the first profile execution ended. This is because the IT Automation Profile will trigger all tasks related to it simultaneously and the machine could reboot before actually installing the missing patches.
NOTE: Do take into account devices that are offline during the profile execution as that could cause unwanted reboots when the profile is triggered (based on "Run on offline agents" setting). We recommend running all profiles outside of business hours and instructing the users to not turn off their machines to ensure a high success rate.
Low feedback success score
Sometimes you may get a low success rate after executing an IT Automation profile and checking the Feedback report.
Do note that the Patch & Automation Feedback email is always sent one hour after the IT automation was executed. However, if the "Run on offline agents" setting is set for more than 1 hour than more results will keep coming after the email was sent and the report will be different from the e-mail. Therefore, while some tasks may still be running in the backend, the feedback report would show these as failed.
In this case, try to schedule/check the Feedback report a few hours after the profile was executed.
For more details on patch management troubleshooting, please check this article.