Patch Management for Windows 7.5 User Guide

Symantec PatchManagement Solution forWindows 7.5 powered byAltiris User Guide

Altiris Patch Management Solution for Windows7.5 from Symantec User Guide

The software described in this book is furnished under a license agreement and may be usedonly in accordance with the terms of the agreement.

Legal NoticeCopyright 2013 Symantec Corporation. All rights reserved.

Symantec, the Symantec Logo, and the Checkmark Logo, Altiris, and any Altiris or Symantectrademarks used in the product are trademarks or registered trademarks of SymantecCorporation or its affiliates in the U.S. and other countries. Other names may be trademarksof their respective owners.

This Symantec product may contain third party software for which Symantec is required toprovide attribution to the third party (Third Party Programs). Some of the Third Party Programsare available under open source or free software licenses. The License Agreementaccompanying the Licensed Software does not alter any rights or obligations you may haveunder those open source or free software licenses. For more information on the Third PartyPrograms, please see the Third Party Notice document for this Symantec product that maybe available at http://www.symantec.com/about/profile/policies/eulas/, the Third Party LegalNotice Appendix that may be included with this Documentation and/or Third Party Legal NoticeReadMe File that may accompany this Symantec product.

The product described in this document is distributed under licenses restricting its use, copying,distribution, and decompilation/reverse engineering. No part of this document may bereproduced in any form by any means without prior written authorization of SymantecCorporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIEDCONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIEDWARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE ORNON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCHDISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALLNOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTIONWITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THEINFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGEWITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer softwareas defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights inCommercial Computer Software or Commercial Computer Software Documentation", asapplicable, and any successor regulations. Any use, modification, reproduction release,performance, display or disclosure of the Licensed Software and Documentation by the U.S.Government shall be solely in accordance with the terms of this Agreement.

Symantec Corporation350 Ellis StreetMountain View, CA 94043

http://www.symantec.com

Technical SupportSymantec Technical Support maintains support centers globally. Technical Supportsprimary role is to respond to specific queries about product features and functionality.The Technical Support group also creates content for our online Knowledge Base.The Technical Support group works collaboratively with the other functional areaswithin Symantec to answer your questions in a timely fashion. For example, theTechnical Support group works with Product Engineering and Symantec SecurityResponse to provide alerting services and virus definition updates.

Symantecs support offerings include the following:

A range of support options that give you the flexibility to select the right amountof service for any size organization

Telephone and/or Web-based support that provides rapid response andup-to-the-minute information

Upgrade assurance that delivers software upgrades

Global support purchased on a regional business hours or 24 hours a day, 7days a week basis

Premium service offerings that include Account Management Services

For information about Symantecs support offerings, you can visit our website atthe following URL:

www.symantec.com/business/support/

All support services will be delivered in accordance with your support agreementand the then-current enterprise technical support policy.

Contacting Technical SupportCustomers with a current support agreement may access Technical Supportinformation at the following URL:


Before contacting Technical Support, make sure you have satisfied the systemrequirements that are listed in your product documentation. Also, you should be atthe computer on which the problem occurred, in case it is necessary to replicatethe problem.

When you contact Technical Support, please have the following informationavailable:

Product release level

Hardware information

Available memory, disk space, and NIC information

Operating system

Version and patch level

Network topology

Router, gateway, and IP address information

Problem description:

Error messages and log files

Troubleshooting that was performed before contacting Symantec

Recent software configuration changes and network changes

Licensing and registrationIf your Symantec product requires registration or a license key, access our technicalsupport Web page at the following URL:


Customer serviceCustomer service information is available at the following URL:


Customer Service is available to assist with non-technical questions, such as thefollowing types of issues:

Questions regarding product licensing or serialization

Product registration updates, such as address or name changes

General product information (features, language availability, local dealers)

Latest information about product updates and upgrades

Information about upgrade assurance and support contracts

Information about the Symantec Buying Programs

Advice about Symantec's technical support options

Nontechnical presales questions

Issues that are related to CD-ROMs, DVDs, or manuals

Support agreement resourcesIf you want to contact Symantec regarding an existing support agreement, pleasecontact the support agreement administration team for your region as follows:

[email protected] and Japan

[email protected], Middle-East, and Africa

[email protected] America and Latin America

Technical Support ............................................................................................... 4

Chapter 1 Introducing Patch Management Solution forWindows ........................................................................... 9

About Patch Management Solution for Windows ................................... 9How Patch Management Solution for Windows works .......................... 10Components of Patch Management Solution for Windows .................... 11Where to get more information ........................................................ 12

Chapter 2 Implementing Patch Management Solution forWindows .......................................................................... 15

Preparing your environment for Patch Management ............................ 15Installing the software update plug-in .......................................... 16Configuring Windows software updates distribution ....................... 17Downloading the Windows software updates catalog ..................... 18

Distributing Software Updates ......................................................... 19Running compliance and vulnerability reports ............................... 20Downloading and distributing software updates ............................ 21Viewing software update delivery results ..................................... 23

Chapter 3 Performing Advanced Configuration .............................. 24Upgrading the software update plug-in .............................................. 24Uninstalling the software update plug-in ............................................ 25Configuring software updates download location ................................. 25Creating and assigning custom severity levels .................................... 26Configuring software updates installation settings ............................... 27Configuring the system assessment scan interval ............................... 27Relocating or checking the integrity of software update packages ........... 28Staging software bulletins .............................................................. 29

Contents

Chapter 4 Replicating Patch Management Solution forWindows data in hierarchy ......................................... 31

About replicating Patch Management Solution for Windows data inhierarchy .............................................................................. 31

Replicating patch management language alerts .................................. 32Replicating the software updates catalog ........................................... 33Replicating a software update policy ................................................. 34

Appendix A Technical reference ............................................................ 36About hierarchy and data replication direction .................................... 36About Patch Management Solution security roles ................................ 38

Appendix B Altiris Patch Management Solution for Windows7.5 from Symantec Third-Party LegalNotices ............................................................................. 39

Third-Party Legal Attributions .......................................................... 39CabDotNet .................................................................................. 40XML-RPC.NET ............................................................................ 40MICROSOFT PLATFORM SOFTWARE DEVELOPMENT KIT FOR

MICROSOFT WINDOWS SERVER 2003 SERVICE PACK 1 ........... 41

Index .................................................................................................................... 47

8Contents

Introducing PatchManagement Solution forWindows

This chapter includes the following topics:

About Patch Management Solution for Windows

How Patch Management Solution for Windows works

Components of Patch Management Solution for Windows

Where to get more information

About Patch Management Solution for WindowsPatch Management Solution for Windows lets you inventory managed computersto determine the software updates (patches) that they require. The solution thenlets you download the required software updates from the software vendor andprovides you with the tools to install the software updates. Software updates includebut are not limited to security updates, hot fixes, and service packs.

Integration with Notification Server 7.x includes features such as hierarchy andmaintenance windows. Hierarchy lets you configure features and settings for aparent Notification Server computer, then pass the settings down to child NotificationServer computers.

See Preparing your environment for Patch Management on page 15.

Patch Management Solution for Windows lets you install software updates forsoftware from the following vendors:

1Chapter

7-Zip

Adobe Systems

AOL Inc

Apple

Citrix Systems

Foxit Corporation

Google

Hewlett-Packard

Microsoft

Mozilla

Nullsoft

Opera Software

Oracle

RealNetworks

RealVNC

Research In Motion

Skype Technologies S.A.

Sun Microsystems

WinZip

HowPatchManagement Solution forWindowsworksPatch Management Solution for Windows uses inventory information to decidewhich software update packages to distribute. From software bulletins, you createthe software update policies that send the associated packages to managedcomputers and install the appropriate software update programs.

After you install Patch Management Solution for Windows, you download completesoftware bulletin information from the Symantec website. Information includes theseverity of each software bulletin, details on its software updates, and where theycan be downloaded from the vendors. This information also includes rules forcreating filters and rules on how to verify that a software update is installed. Thenyou deploy the software update plug-in to managed computers, which gathersinventory. Inventory includes software vendor, software release, and service pack

10Introducing Patch Management Solution for WindowsHow Patch Management Solution for Windows works

information. From this inventory, Patch Management Solution for Windows createsspecific filters to target only the computers requiring individual software updates.

You use the Distribute Software Updates wizard to automate the downloadingand distribution of software updates. Instead of creating a policy for each individualsoftware update, you use this wizard to create a single policy for the relevantsoftware bulletins. You can add multiple software bulletins to a policy. If you wantto, you can modify any default settings and command-line options in a softwareupdate policy.

When you download a software bulletin, each associated software update executableis downloaded from the vendor to the Notification Server computer. From theinformation in software bulletin executables, Patch Management Solution forWindows then creates a software update package for each software update. Fromthe downloaded software bulletins, you then create software update policies todistribute software update packages to the appropriate computer filters. When amanaged computer receives a software update policy, it verifies that the update isneeded, then downloads the software update package from the Notification Servercomputer or a package server. The managed computer then installs the update.At an interval, the software update policy is re-evaluated and software updates arereinstalled if needed. For example, if an operation removes a software update, it isreinstalled. Or if a vendor revises a software update, it is reinstalled.

After the software update plug-in distributes software updates, it sends results ofpatch deployment to the Notification Server computer. This information can beviewed through reports and the Dashboard.

Components of Patch Management Solution forWindows

The process of populating the information repository from the patch managementmetadata files can be started after you complete the installation of the solution.

A software update or patch is any update or hot fix that is used to improve or fix asoftware product. A software bulletin is a bundle of software updates that arereleased together.

Patch Management Solution for Windows uses targeted deployments. Updates arenot deployed to a computer unless that computer specifically needs that softwareupdate. If a managed computer meets the prerequisites of a software update, itfalls into a targeted filter. The prerequisites are matched against the data that issent to Notification Server by the software update plug-in: for example, the InternetExplorer and operating system versions. Software updates are then installedaccording to the software vendor specifications. For example, if the update requires

11Introducing Patch Management Solution for WindowsComponents of Patch Management Solution for Windows

a restart, then the computer is restarted after the update is installed. Service Packsare installed before other software updates.

When a software update has been superseded and rendered obsolete by anotherupdate or updates, the later update is installed.

The software vendor assigns severity levels to software updates, but you can alsocreate a custom severity level.

See Creating and assigning custom severity levels on page 26.

Warning: You must ensure that each software update works correctly in yourenvironment before deploying it. Symantec recommends that you first distributeany required software update in a test environment before deploying it to yourproduction environment.

Where to get more informationUse the following documentation resources to learn about and use this product.

Table 1-1 Documentation resources

LocationDescriptionDocument

The Supported Products A-Z page, which is available at the followingURL:

http://www.symantec.com/business/support/index?page=products

Open your product's support page, and then under Common Topics,click Release Notes.

Information about newfeatures and importantissues.

Release Notes

The Documentation Library, which is available in the SymantecManagement Console on the Help menu.

The Supported Products A-Z page, which is available at thefollowing URL:http://www.symantec.com/business/support/index?page=productsOpen your product's support page, and then underCommon Topics,click Documentation.

Information about how touse this product,including detailedtechnical information andinstructions forperforming commontasks.

User Guide

12Introducing Patch Management Solution for WindowsWhere to get more information

Table 1-1 Documentation resources (continued)

LocationDescriptionDocument

The Documentation Library, which is available in the SymantecManagement Console on the Help menu.

Context-sensitive help is available for most screens in the SymantecManagement Console.

You can open context-sensitive help in the following ways:

Click the page and then press the F1 key.

Use the Context command, which is available in the SymantecManagement Console on the Help menu.

Information about how touse this product,including detailedtechnical information andinstructions forperforming commontasks.

Help is available at thesolution level and at thesuite level.

This information isavailable in HTML helpformat.

Help

In addition to the product documentation, you can use the following resources tolearn about Symantec products.

Table 1-2 Symantec product information resources

LocationDescriptionResource

http://www.symantec.com/business/theme.jsp?themeid=support-knowledgebaseArticles, incidents, andissues about Symantecproducts.

SymWISESupportKnowledgebase


Table 1-2 Symantec product information resources (continued)

LocationDescriptionResource

http://www.symantec.com/connect/endpoint-management/forums/endpoint-management-documentation

Here is the list of links to various groups on Connect:

Deployment and Imaginghttp://www.symantec.com/connect/groups/deployment-and-imaging

Discovery and Inventoryhttp://www.symantec.com/connect/groups/discovery-and-inventory

ITMS Administratorhttp://www.symantec.com/connect/groups/itms-administrator

Mac Managementhttp://www.symantec.com/connect/groups/mac-management

Monitor Solution and Server Healthhttp://www.symantec.com/connect/groups/monitor-solution-and-server-health

Patch Managementhttp://www.symantec.com/connect/groups/patch-management

Reportinghttp://www.symantec.com/connect/groups/reporting

ServiceDesk and Workflowhttp://www.symantec.com/connect/workflow-servicedesk

Software Managementhttp://www.symantec.com/connect/groups/software-management

Server Managementhttp://www.symantec.com/connect/groups/server-management

Workspace Virtualization and Streaminghttp://www.symantec.com/connect/groups/workspace-virtualization-and-streaming

An online resource thatcontains forums, articles,blogs, downloads,events, videos, groups,and ideas for users ofSymantec products.

SymantecConnect


Implementing PatchManagement Solution forWindows


Preparing your environment for Patch Management

Distributing Software Updates

Preparing your environment for Patch ManagementPatch Management Solution for Windows requires some components to beconfigured or enabled before others can function correctly. When you completeeach task for the first time, you can also configure it for future automation.Automation is a key feature of Patch Management Solution for Windows as it reducessystem administration workload and enhances overall security.

See About Patch Management Solution for Windows on page 9.

Table 2-1 Process for implementing PatchManagement Solution forWindows

DescriptionActionStep

Use Symantec Installation Manager to install the solution.Install or upgrade thesolution.

Step 1

2Chapter

Table 2-1 Process for implementing PatchManagement Solution forWindows(continued)


Install or upgrade the Symantec Management Agent on every computerto which you want to send patches.

For more information, see the topics about installing or upgrading theSymantec Management Agent in the IT Management SuiteAdministration Guide.

See Where to get more information on page 12.

Install or upgrade theSymantec ManagementAgent.

Step 2

Install the plug-in that manages all of the Patch Management Solutionfor Windows functionality on a client computer.

See Installing the software update plug-in on page 16.

See Upgrading the software update plug-in on page 24.

Install or upgrade thesoftware update plug-in.

Step 3

(Optional)

Configure the software update files storage location settings.

See Configuring software updates download location on page 25.

Configure the software filesupdate location settings.

Step 4

(Optional)

Configure the time when you want to perform software updateinstallation and computer restarts.

See Configuring software updates installation settings on page 27.

Configure the softwareupdates installation settings.

Step 5

(Optional)

Configure when to run the system assessment scan, which inventoriesmanaged computers for the software updates that they require.

See Configuring the system assessment scan interval on page 27.

Configure the systemassessment scan interval.

Step 6

Download the Windows software updates metadata and configure themetadata update schedule.

See Downloading the Windows software updates catalog on page 18.

Download the Windowssoftware updates metadata.

Step 7

Installing the software update plug-inThe software update plug-in manages all of the Patch Management Solution forWindows functionality on a client computer. When the system assessment scantool reports to Notification Server that a certain software update is required for amanaged computer, the update is then sent to the software update plug-in. The

16Implementing Patch Management Solution for WindowsPreparing your environment for Patch Management

software update plug-in ensures that the update is applicable and not alreadyinstalled, and then installs it.

After you install the software update plug-in on a managed computer, the SoftwareUpdates tab appears on the Symantec Management Agent user interface. Thistab displays the status software updates for that computer. To open the SymantecManagement Agent user interface, click the Symantec Management Agent icon inthe system tray of the managed computer.


The software update plug-in manages all of the Patch Management Solutionfunctionality on a client computer.

Note: If you have a large number of computers on which to install the softwareupdate plug-in, consider deploying it during off-peak hours to minimize networktraffic. Deploying the software update plug-in can take some time, depending onthe number of managed computers and the Symantec Management Agent settings.


To install the software update plug-in

1 In the Symantec Management Console, on the Actions menu, clickAgents/Plug-ins > Rollout Agents/Plug-ins.

2 In the left pane, expand Software > Patch Management > Software UpdatePlug-in Install.

3 (Optional) In the right pane, make any necessary changes.

For help, press F1 or, on the Help menu, click Context.

4 At the upper right of the page, click the colored circle, and then click On.

5 Click Save changes.

The next step is to configure the Patch Management Solution core settings.


Configuring Windows software updates distributionYou can set up how you want Windows software updates distributed. You canconfigure package distribution and program settings.

You can add the software update languages that you use in your organization. Bydefault, only English is selected. Other languages are excluded to ensure thatunnecessary files are not downloaded.


To configure Windows remediation settings

1 In the Symantec Management Console, on the Settings menu, click AllSettings.

2 In the left pane, click Software > Patch Management.

3 Click Windows Settings > Windows Patch Remediation Settings.

4 In the right pane, make any wanted changes, or leave the default values.


Downloading the Windows software updates catalogYou must download the Windows software updates catalog (patch managementmetadata, or patch management import files) before you can download softwareupdates or create software update policies.


Note: If the Altiris Log Viewer is open, close it before you perform this task. Byclosing the viewer, you can improve the tasks performance by as much as 50percent.

You may want to create a schedule for this task as well. This procedure ensuresthat you have the latest, most accurate data, and your software update tasks arekept up-to-date. Symantec recommends that you configure this task to run daily.

Before you perform this step, ensure that you have installed or upgraded the softwareupdate plug-in.



To download the Windows software updates catalog immediately

1 In the Symantec Management Console, on the Manage menu, click Jobs andTasks.

2 In the left pane, expand Jobs and Tasks > System Jobs and Tasks >Software > Patch Management > Import Patch Data for Windows.

3 In the right pane, under Vendors and Software, click Update.

4 When the available products list import is complete, under Vendors andSoftware, check the software for which you want to download the patchmanagement metadata.

5 (Optional) Make any other necessary changes.



7 Under Task Status, click New Schedule.

8 In the New Schedule dialog box, click Now, and then click Schedule.

To configure a schedule for downloading the software updates catalog

1 On the Import Patch Data for Windows page, under Task Status, click NewSchedule.

2 In theNewSchedule dialog box, clickSchedule, and then configure a scheduleon which to run this task.

Symantec recommends that you configure this task to run daily.

3 Click Schedule.

Distributing Software UpdatesAfter you configure Patch Management Solution to work in your environment, youcan gather information about the needs and priorities for patching in yourenvironment. Use this information to set up software update policies, and thenevaluate the results with software update delivery reports.


Table 2-2 Process for installing software updates


Check your environment for vulnerabilities and evaluate which softwareupdates you need to distribute.

See Running compliance and vulnerability reports on page 20.

Run compliance andvulnerability reports

Step 1

View which software bulletins you need to install, then download updatesand create software update policies.

See Downloading and distributing software updates on page 21.

See Staging software bulletins on page 29.

Review and distributeavailable software updates.

Step 2

Evaluate the results by running the Software Update DeliverySummary report and revisiting compliance reports.

See Viewing software update delivery results on page 23.

Evaluate the results.Step 3

19Implementing Patch Management Solution for WindowsDistributing Software Updates

Running compliance and vulnerability reportsYou can view and manage your patch management data through reports. Reportsgive you the information that is specific to Patch Management Solution. For example,you can use compliance reports to determine how many urgent software updatesyour managed computers require.

Reports let you view information in various ways. You can see your information intables or graphically in charts. You can also drill down on specific items in a reportto obtain additional information.

You can download or distribute software updates directly from reports byright-clicking the update name in the report.

Table 2-3 Patch Management Solution reports

DescriptionReport type

Compliance reports let you quickly determine which software updatesyour managed computers require. Compliance reports are used todetermine if the computers are up-to-date with the latest softwareupdates. These reports are also used to check if a particular softwarebulletin or update is installed on your managed computers. Thiscapability is useful if a specific security issue affects your networkenvironment, and a certain update addresses the problem.

Compliance reports

The diagnostics reports display vulnerability summary and softwareupdate plug-in installation information.

Diagnostics reports

The remediation status reports summarize and detail software updateassociations and activities.

Remediation statusreports

The software bulletins reports summarize and detail software bulletinsactivity and status.

Software bulletinsreports

To view Patch Management reports

1 In the Symantec Management Console, on the Reports menu, click AllReports.

2 In the left pane, expand Software > Patch Management.

3 Click the report that you want to view.

For example, click Compliance > Windows Compliance by Bulletin.


4 In the right pane, leave the default settings, and then click Refresh.

5 If you want to view more information about an update, right-click any update,and then click Resource Manager.

Each type of compliance report opens a different Resource Manager, dependingon the type of results. For example, the Windows Compliance by Computerreport opens a computer-type Resource Manager. When you open a ResourceManager for a software update, you can click Summaries > Software BulletinDetails, and, under Additional Information, you can find a hyperlink to theMicrosoft TechNet article on the bulletin.

The next step is to review and distribute available software updates.



Downloading and distributing software updatesYou can stage software bulletins and download software update packages on thePatch Remediation Center page, where all available software updates are listed.You can also do this from any Patch Management Solution report.

When you stage a software bulletin, all associated updates are downloaded to theNotification Server computer.

When the number in the Updates column equals the number in the Downloadedcolumn, all updates for the software bulletin have been downloaded. Also, the valuein the Staged column changes to True.

You can choose to download the software update packages and distribute them tothe client computers at a later time. You can also distribute the software updatesonce the download is complete.



Sometimes, not all software updates can be downloaded for a software bulletin.For example, Microsoft may stop hosting the bulletin or relocate it. You cannotcreate a software update policy unless all updates for a particular software bulletinor update have been downloaded.

When distributing updates, you should consider the effects it can possibly have onyour network environment. Symantec recommends that you distribute new updatesto a test environment first.

To deliver and install the software updates to the appropriate computers, you mustcreate software update policies.


TheDistribute Software Updateswizard lets you create software update policies.If the associated software updates are not yet downloaded, Patch ManagementSolution creates a download task. When download is completed, the softwareupdate policy is distributed to the target computers.

If you want to install a Service Pack, Symantec recommends that you create asoftware update policy for this service pack only, without any other bulletins includedin it. Also, in the wizard, check the Allow immediate restart if required box.

The policies that you create are stored in the Manage > Policies > Software >Patch Management > Software Update Policies folder. You can view the detailsof the policy and change settings if necessary.

You can view the software update policies distribution results in reports.



Before you perform this step, ansure that you have run the compliance andvulnerability reports.


To distribute software updates

1 In the Symantec Management Console, on the Actions menu, click Software> Patch Remediation Center.

2 In the right pane, in the Show drop-down box, click Windows Complianceby Bulletin, and then click the Refresh symbol.

These reports let you see which updates the target computers require.

3 Click the bulletins that you want to distribute.

For example, click the bulletins that have a high number in the Not Installedcolumn. You can select multiple items while holding down the Shift or Controlkey.

4 Right-click the selected bulletins, and then click Distribute Packages.

5 (Optional) Configure the settings as needed.

6 Click Next.

7 (Optional) On the second page of the wizard, check the updates that you wantto distribute.

8 At the upper right of the page, click the colored circle, and then click On.

You can also turn on the policy later.

9 Click Distribute software updates.


The next step is to view the results.

Viewing software update delivery resultsThe Windows Software Update Delivery - Details report summarizes the resultsof all scheduled Microsoft software update policies. It shows you which computersthe software update tasks target, and if the updates have been successfully installed.The report also shows you if any software update tasks failed, or if they have notyet been completed.

Patch Management Solution for Windows also provides other reports that you canview.


To view the software update delivery summary report

1 In the Symantec Management Console, on the Reports menu, click AllReports.

2 In the left pane, expand Software > Patch Management > RemediationStatus, and then click Windows Software Update Delivery - Details.

3 In the right pane, leave the default settings, and then click Refresh.


Performing AdvancedConfiguration


Upgrading the software update plug-in

Uninstalling the software update plug-in

Configuring software updates download location

Creating and assigning custom severity levels

Configuring software updates installation settings

Configuring the system assessment scan interval

Relocating or checking the integrity of software update packages

Staging software bulletins

Upgrading the software update plug-inIf you upgraded Patch Management Solution from a previous version, you mustalso upgrade the Symantec Management Agent and the software update plug-insthat are installed on the target computers.

For more information about upgrading the Symantec Management Agent, see ITManagement Suite Administration Guide.


3Chapter

To upgrade the software update plug-in


2 In the left pane, click Software > Patch Management > Software UpdatePlug-in Upgrade.

3 (Optional) In the right pane, make any wanted changes.

For help, press F1 or click Help > Context.

4 Turn on the policy.


The next step is to configure the Patch Management Solution core settings.


Uninstalling the software update plug-inYou can uninstall the software update plug-in if there is an extended period of timewhen you do not want to use the patch management features on a managedcomputer and you want to eliminate any overhead that is caused by the plug-in.

Ensure that the Software Update Plug-in Install policy is turned off beforeuninstalling the software update plug-in.


To uninstall the software update plug-in


2 In the left pane, click Software > Patch Management > Software UpdatePlug-in Uninstall.

3 (Optional) In the right pane, make any wanted changes.

For help, press F1 or click Help > Context.

4 Turn on the policy.


Configuring software updates download locationYou can configure to which location the software updates should be downloaded.

25Performing Advanced ConfigurationUninstalling the software update plug-in

The settings that you configure apply to Windows and Linux components of PatchManagement Solution.


Before you perform this step, ensure that you have installed or upgraded the softwareupdate plug-in.



To configure software updates download location


2 In the left pane, expand Software > Patch Management > Core Services.

3 In the right pane, on the Locations tab, specify the software updates downloadlocation.

4 Click Save Changes.

If you change the location and you want to relocate existing software updatepackages, use the Check Software Update Package Integrity task.

See Relocating or checking the integrity of software update packages on page 28.

The next step is to configure the software updates installation settings.

Creating and assigning custom severity levelsA software update marked critical may not necessarily be critical in your environment.You can create your own custom severity levels and assign them to softwarebulletins.

You first create custom severity levels, and then assign them to bulletins. You canalter custom severity levels. You cannot alter the vendor-specified severity levels.

The settings that you configure apply to Windows and Linux components of PatchManagement Solution.

To create a custom severity level


2 In the left pane, expand Software > Patch Management > Core Services.

3 In the right pane, click the Custom Severity tab.

4 On the Custom Severity tab, in the Severity Level box, type the name thatyou want to give the custom severity level. For example, "Install right away!"

26Performing Advanced ConfigurationCreating and assigning custom severity levels

5 Click Add.

6 Click Move Up or Move Down to position the custom severity levels in the list.

7 Click Save Changes.

To assign a custom severity level to a software bulletin


2 On the Patch Remediation Center page, in the software bulletin list, right-clicka software bulletin, and then click Custom Severity.

3 Click a severity level.

4 Click Refresh to view the new data in the Custom Severity column.

Configuring software updates installation settingsThe Default Software Update Plug-in Policy page lets you configure when thesoftware update plug-in can install software updates and restart the target computer.


To configure the software updates installation settings


2 In the left pane, expand Agents/Plug-ins > Software > Patch Management> Windows > Default Software Update Plug-in Policy.

3 In the right pane, configure when and how you want to install the updates, orleave the default values.


Configuring the system assessment scan intervalThe system assessment scan lets you periodically inventory operating systems,applications, and installed patches on managed computers with the software updateplug-in installed. System assessment information is then used to determine whichsoftware updates the managed computer requires. Based on this information, filtersare automatically created to assist with the targeting of software update policies.

You can configure how often you want to run the system assessment scan.


27Performing Advanced ConfigurationConfiguring software updates installation settings

To configure the system assessment scan interval


2 In the left pane, expand Software > Patch Management > Windows SystemAssessment Scan.

3 In the right pane, under Schedule, configure how often you want the softwareupdate plug-in to perform the system assessment scan on the managedcomputers and report it back to Notification Server.

4 If you want the plug-in to report inventory only if it has changed, check SendInventory Results Only if Changed .

This option is checked by default.

5 Do not change the targeted filter from Windows Computers with SoftwareUpdate Plug-in Installed Target unless you have a specific reason to do so.


Relocating or checking the integrity of softwareupdate packages

When you change package or program settings in the Patch Remediation Settingspolicies, you can choose to run the Check Software Update Package Integritytask. This task checks that all software update packages have the correct newsettings and values.

See Configuring Windows software updates distribution on page 17.

You can also run this task manually to verify that software update packages insoftware update tasks have the correct global server settings applied.

The task also relocates the software update packages in case you changed thedefault software update package location on the Core Services page.


To relocate or check the integrity of software update packages


2 In the left pane, expand System Jobs and Tasks > Software > PatchManagement, and then click Check Software Update Package Integrity.

3 If you want to delete the downloaded updates that are not part of any softwareupdate policy or belong to a superseded bulletin, check Delete the updatesthat are no longer in use from the file system.

28Performing Advanced ConfigurationRelocating or checking the integrity of software update packages

4 If you changed the Software Update Package Location value on the CoreServices page and want to relocate downloaded updates, check Relocateexisting packages if default Software Update package location on CoreServices page has changed.

5 Under Task Status, click New Schedule and specify a schedule on which torun the task.

Staging software bulletinsYou can download a software bulletin and its associated updates to the NotificationServer computer.

Symantec recommends that you download only the bulletins that the targetcomputers require. On the Patch Remediation Center page, in the compliancereports, you can view how many computers require an update.

After the updates are downloaded, you can create a software update policy todistribute the updates to managed computers.


When you choose to download a software bulletin, a task is created that downloadsthe associated software updates. You can view the status of this task to troubleshootthe download of software updates.


Before you perform this step, esure that you have run the compliance andvulnerability reports.


To download software updates


2 In the right pane, in the Show drop-down box, click Windows Complianceby Bulletin, and then click the Refresh symbol.

These reports let you see which updates the client computers require.

3 Click the bulletins that you want to download.

For example, click the bulletins that have a high number in the Not Installedcolumn. You can select multiple items while holding down the Shift or Controlkey.

4 Right-click the selected bulletins, and then click Download Packages.

You can close the status dialog box; the download continues in the background.

29Performing Advanced ConfigurationStaging software bulletins

To view the status of a software updates download


2 In the left pane, expand System Jobs and Tasks > Software > PatchManagement > Download Software Update Package.

3 In the right pane, view the status of download tasks.

The next step is to view the results.


30Performing Advanced ConfigurationStaging software bulletins

Replicating PatchManagement Solution forWindows data in hierarchy


About replicating Patch Management Solution for Windows data in hierarchy

Replicating patch management language alerts

Replicating the software updates catalog

Replicating a software update policy

About replicating Patch Management Solution forWindows data in hierarchy

Downloading software update catalog files (patch management metadata, or patchmanagement import files) to multiple Notification Server computers can consumeconsiderable network resources and time. Notification Server hierarchy featuresremove the need to download patch management metadata files individually. Youcan download the files once to a single parent Notification Server. Then you canuse Patch Management Solution replication rules to send the relevant data to anynumber of child Notification Server computers. The replicated data on the childNotification Server computers is identical to the data on the parent.

Patch Management Solution supports only two-level hierarchy. A child NotificationServer computer cannot be a parent to another child.

New Package Distribution Hierarchy Editable Property (HEP) is introduced inPatch Management Solution for Windows 7.5. It allows you to control on the parent

4Chapter

Notification Server, if the Package Distribution section on the Windows PatchRemediation Settings page is editable on the child Notification Server.

If you enable this feature on the parent Notification Server, and then replicate itdown to the child Notification Servers, the Windows Patch Remediation Settingspage becomes editable on these child Notification Servers. This means that thesesettings can then be managed on the child Notification Servers independently fromthe parent Notification Server.

If you disable this feature on the parent Notification Server, and the replicate thischange down the hierarchy, the Windows Patch Remediation Settings pagebecomes read-only on the child Notification Servers and the corresponding settingsthen become inherited from the parent Notification Server.

See About hierarchy and data replication direction on page 36.

Before you can replicate data, you must run the Patch Management LanguageAlerting rule.

See Replicating patch management language alerts on page 32.

See Replicating the software updates catalog on page 33.

See Replicating a software update policy on page 34.

Replicating patch management language alertsDifferent Notification Server computers within a hierarchy may manage differentpatch management language resources. The Patch Management LanguageAlerting replication rule ensures that child Notification Server computers onlyreceive data and software update policies for their managed languages. This rulereplicates information about the managed languages of the child Notification Servercomputer up to the parent. You must run this rule on a child before any attempt ismade to replicate patch management data or software update policies. A parentNotification Server computer must manage all of the languages that its childrenrequire.

The rule is preconfigured to run daily at 20:00.

See About replicating Patch Management Solution for Windows data in hierarchyon page 31.

To replicate patch management language alerts on a schedule

1 On the child Notification Server computer, in the Symantec ManagementConsole, on the Settings menu, click Notification Server > Hierarchy.

2 In the left pane, click Hierarchy > Hierarchy Management.

3 In the right pane, click the Replication tab.

32Replicating Patch Management Solution for Windows data in hierarchyReplicating patch management language alerts

4 Expand the Resources section.

5 Click Patch Management Language Alerting.

6 Click the Edit symbol.

7 Set a schedule to run before running other patch management replicationfunctions.

Replicating the software updates catalogDownloading Windows patch management software update catalog files to multipleNotification Server computers can consume considerable network resources.Notification Server hierarchy features remove the need to download patchmanagement software update catalog files individually. You can download the filesonce to a single parent Notification Server computer. Then you can use the PatchManagement Import Data Replication for Windows rule to send the relevantdata to any number of child Notification Server computers. The replicated data onthe child Notification Server computers is identical to the data on the parent,depending on managed languages.

The rules are preconfigured to run daily at 23:00.

Warning: You must configure the Patch Management Language Alerting rule torun on the child Notification Server computer before the software catalog datareplication.



To replicate the software updates catalog on a schedule

1 On the parent Notification Server computer, in the Symantec ManagementConsole, on the Settings menu, click Notification Server > Hierarchy.

2 In the left pane, select Hierarchy > Hierarchy Management.

3 In the right pane, click the Replication tab.

4 Expand the Resources section.

5 Click Patch Management Import Data Replication for Windows.

6 Click the Edit symbol.

33Replicating Patch Management Solution for Windows data in hierarchyReplicating the software updates catalog

7 Under Replicate, select Differential if you want to only replicate changed ornew data. Select Complete to send all Windows patch management softwareupdate catalog files to child Notification Server computers each time the taskruns.

8 Under Schedule, set the schedule a few hours after the Patch ManagementLanguage Alerting rule schedule.

9 Under Data Verification, specify a percentage of data to be verified duringeach replication, and check Verify data integrity if you want.

10 Turn on the rule.


Replicating a software update policySoftware update policies distribute software updates to the target computers.


In Patch Management Solution 7.1 and later, the software update policies are alwaysreplicated to child Notification Server computers. Replication occurs on the defaultNotification Server replication schedule.

All software update policies are replicated to child Notification Server computerson the default replication schedule. If you want, you can also manually replicate apolicy immediately.

Another option is to replicate a policy immediately after you create it. To do this,check the Immediately replicate that policy down the hierarchy option in theDistribute Software Updates wizard.

Replicating software update policies does not replicate the actual software updatefiles. Child Notification Server computers download the needed software updatefiles from the vendor.

You can replicate a single policy or a collection of policies. If you want to manuallyreplicate a collection of policies, you must create a new folder and move policiesunder this folder. Then you can right-click the folder and launch replication.

Warning: Before you replicate software update policies, ensure that the PatchManagement Language Alerting rule and the Patch Management Import DataReplication rule have run.


See Replicating the software updates catalog on page 33.

34Replicating Patch Management Solution for Windows data in hierarchyReplicating a software update policy


To replicate a software update policy manually

1 In the Symantec Management Console, on the Manage menu, click Policies.

2 In the left pane, expand Software > Patch Management > Software UpdatePolicies.

3 Right-click a policy or a folder, and then click Hierarchy > Replicate Now.

35Replicating Patch Management Solution for Windows data in hierarchyReplicating a software update policy

Technical reference

This appendix includes the following topics:

About hierarchy and data replication direction

About Patch Management Solution security roles

About hierarchy and data replication directionPatch Management Solution for Windows and Patch Management Solution forLinux support the hierarchy and the replication features of the SymantecManagement Platform. These features let you create settings, schedules, and otherdata at the top-level Notification Server computer and replicate them to child-levelNotification Server computers.

Patch Management Solution for Mac does not support replication.


Table A-1 Items that are replicated by the default Notification Serverreplication schedule with no custom replication rules

Replication directionItem

DownAll the server tasks settings and schedules:

Check Software Update Package Integrity

Import Patch Data for Windows/Red Hat/Novell

DownRun SystemAssessment Scan onWindows/LinuxComputerstask settings and schedules

DownWindows/Linux System Assessment Scan policy settings

DownWindows/Red Hat/Novell Patch Remediation Settings policy

AAppendix

Table A-1 Items that are replicated by the default Notification Serverreplication schedule with no custom replication rules (continued)

Replication directionItem

DownDefault Software Update Plug-in Policy settings

DownSoftware update plug-in install, upgrade, and uninstall policysettings

DownSoftware update policies

Table A-2 Items that are replicated with custom replication rules

DescriptionReplicationdirection

Item

This information is replicated when thePatch Management Language Alertingrule is enabled.

UpLanguage support information

(Patch for Windows only)

This information is replicated when thePatch Linux OS Channel ResourceReplication Rule is enabled.

UpOS inventory data

(Patch for Linux only)

This information is replicated when thePatch Management Import DataReplication for Windows/Red Hat/Novellrules are enabled.

For Windows, only the updates and bulletinsthat are associated with the child computer'ssupported languages are replicated.

For Linux, only the metadata for thechannels that are relevant to the childNotification Server's client computers isreplicated.

DownPatch management metadata

This information is replicated when thePatch Compliance Summary Replicationrule is enabled.

The system assessment scan result isreplicated up as a summary.

UpCompliance summary

37Technical referenceAbout hierarchy and data replication direction

About Patch Management Solution security rolesYou can assign the following security roles to Symantec Management Consoleusers:

Patch Management Administrators

Patch Management Rollout

Users with the Patch Management Administrators role have full access to PatchManagement Solution functionality, but no access to the rest of the SymantecManagement Console.

Users with the PatchManagement Rollout role have limited access to the followingPatch Management Solution functionality:

Software update policies

Reports

Patch Remediation Center page

Users with the Patch Management Rollout role can perform the following actions:

Enable, disable, and change settings in the software update policies.

View reports.

See About Patch Management Solution for Windows on page 9.

38Technical referenceAbout Patch Management Solution security roles

Altiris PatchManagementSolution for Windows 7.5from SymantecThird-Party Legal Notices

This appendix includes the following topics:

Third-Party Legal Attributions

CabDotNet

XML-RPC.NET

MICROSOFT PLATFORM SOFTWARE DEVELOPMENT KIT FOR MICROSOFTWINDOWS SERVER 2003 SERVICE PACK 1

Third-Party Legal AttributionsThis Symantec product may contain third party software for which Symantec isrequired to provide attribution (Third Party Programs). Some of the Third PartyPrograms are available under open source or free software licenses. The LicenseAgreement accompanying the Software does not alter any rights or obligations youmay have under those open source or free software licenses. This appendix containsproprietary notices for the Third Party Programs and the licenses for the Third PartyPrograms, where applicable.

BAppendix

CabDotNetMIT License

This code is licensed under the license terms below, granted by the copyright holderlisted above. The term copyright holder in the license below means the copyrightholder listed above.

Copyright (c) 2005-2006, Jim Mischel

Permission is hereby granted, free of charge, to any person obtaining a copy of thissoftware and associated documentation files (the "Software"), to deal in the Softwarewithout restriction, including without limitation the rights to use, copy, modify, merge,publish, distribute, sublicense, and/or sell copies of the Software, and to permitpersons to whom the Software is furnished to do so, subject to the followingconditions:

The above copyright notice and this permission notice shall be included in all copiesor substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIESOF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE ANDNONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHTHOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISINGFROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OROTHER DEALINGS IN THE SOFTWARE.

XML-RPC.NETMIT License

This code is licensed under the license terms below, granted by the copyright holderlisted above. The term copyright holder in the license below means the copyrightholder listed above.

Charles Cook Copyright (c) 2006 Charles Cook The MIT License Copyright (c) 2006Charles Cook

Permission is hereby granted, free of charge, to any person obtaining a copy of thissoftware and associated documentation files (the 'Software'), to deal in the Softwarewithout restriction, including without limitation the rights to use, copy, modify, merge,publish, distribute, sublicense, and/or sell copies of the Software, and to permitpersons to whom the Software is furnished to do so, subject to the followingconditions:

40Altiris Patch Management Solution for Windows 7.5 from Symantec Third-Party Legal NoticesCabDotNet

The above copyright notice and this permission notice shall be included in all copiesor substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIESOF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE ANDNONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHTHOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISINGFROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OROTHER DEALINGS IN THE SOFTWARE.

MICROSOFT PLATFORM SOFTWARE DEVELOPMENTKIT FOR MICROSOFT WINDOWS SERVER 2003SERVICE PACK 1

MICROSOFT SOFTWARE LICENSE TERMS

These license terms are an agreement between Microsoft Corporation (or basedon where you live, one of its affiliates) and you. Please read them. They apply tothe software named above, which includes the media on which you received it, ifany. The terms also apply to any Microsoft:

updates,

supplements,

Internet-based services, and

support services

for this software, unless other terms accompany those items.

If so, those terms apply. By using this software, you accept these terms. If you donot accept them, do not use the software.

If you comply with these license terms, you have the rights below:

1 USE RIGHTS.

Use. You may install the software on any number of devices to design,develop and test your programs that run on a Microsoft Windows operatingsystem.

Other Microsoft Programs. The software contains other Microsoft programs.The license terms with those programs apply to your use of them.

41Altiris Patch Management Solution for Windows 7.5 from Symantec Third-Party Legal NoticesMICROSOFT PLATFORM SOFTWARE DEVELOPMENT KIT FOR MICROSOFT WINDOWS SERVER 2003 SERVICE PACK 1

Distributable Code. The software contains code that you are permitted tocopy and distribute in programs you develop if you comply with the termsbelow.

Right to Use and Distribute. The code and text files listed below areDistributable Code. You may:

REDIST.TXT Files. Copy and distribute the object code form of codelisted in REDIST.TXT files;

Sample Code. Modify, copy and distribute the source and objectcode form of code marked as sample except for files identified asMFCs, ATLs and CRTs (see below);

MFCs, ATLs and CRTs. Modify the source code form of MicrosoftFoundation Classes (MFCs), Active Template Libraries (ATLs), andC runtimes (CRTs) to design, develop and test your programs, andcopy and distribute the object code form of your modified files undera new name; and

Third Party Distribution. Permit distributors of your programs to copyand distribute the Distributable Code as part of those programs.

Distribution Requirements. For any Distributable Code you distribute,you must:

add significant primary functionality to it in your programs;

only invoke the software via interfaces described in the softwaredocumentation;

for any Distributable Code having a filename extension of .lib,distribute only the results of running such Distributable Code througha linker with your application;

distribute Distributable Code included in a setup program only aspart of that setup program without modification;

require distributors and external end users to agree to terms thatprotect it at least as much as this agreement;

display your valid copyright notice on your programs;

for Distributable Code from the Windows Media Services SDKportions of the software, include in your programs Help-About box(or in another obvious place if there is no box) the following copyrightnotice: Portions utilize Microsoft Windows Media Technologies.Copyright (c) 1999-2005 Microsoft Corporation. All Rights Reserved;and


indemnify, defend, and hold harmless Microsoft from any claims,including attorneys fees, related to the distribution or use of yourprograms.

Distribution Restrictions. You may not:

alter any copyright, trademark or patent notice in the DistributableCode;

use Microsofts trademarks in your programs names or in a way thatsuggests your programs come from or are endorsed by Microsoft;

distribute Distributable Code to run on a platform other than theWindows platform;

include Distributable Code in malicious, deceptive or unlawfulprograms; or

modify or distribute the source code of any Distributable Code sothat any part of it becomes subject to an Excluded License. AnExcluded License is one that requires, as a condition of use,modification or distribution, that:

the code be disclosed or distributed in source code form, or

others have the right to modify it.

2 TRANSFER. The first user of the software may transfer it and this agreementdirectly to a third party. Before the transfer, that party must agree that thisagreement applies to the transfer and use of the software. The first user mustuninstall the software before transferring it separately from the device. The firstuser may not retain any copies.

3 BACKUP COPY. You may make one backup copy of the software. You mayuse it only to reinstall the software.

4 DOCUMENTATION. You may copy and use the documentation for your internal,reference purposes.

5 EXPORT RESTRICTIONS. The software is subject to United States exportlaws and regulations. You must comply with all domestic and internationalexport laws and regulations that apply to the software. These laws includerestrictions on destinations, end users and end use. For additional information,see www.microsoft.com/exporting.

6 SUPPORT SERVICES. Because this software is as is, we may not providesupport services for it.

7 SCOPE OF LICENSE. The software is licensed, not sold. This agreement onlygives you some rights to use the software. Microsoft reserves all other rights.Unless applicable law gives you more rights despite this limitation, you may


use the software only as expressly permitted in this agreement. In doing so,you must comply with any technical limitations in the software that only allowyou to use it in certain ways. You may not:

work around any technical limitations in the software,

reverse engineer, decompile or disassemble the software, except and onlyto the extent that applicable law expressly permits, despite this limitation,

make more copies of the software than specified in this agreement orallowed by applicable law, despite this limitation,

publish the software for others to copy,

rent, lease or lend the software, or

use the software for commercial software hosting services.

8 ENTIRE AGREEMENT. This agreement and the terms for supplements,updates, Internet-based services and support services that you use are theentire agreement for the software and support services.

9 APPLICABLE LAW.

United States. If you acquired the software in the United States, Washingtonstate law governs the interpretation of this agreement and applies to claimsfor breach of it, regardless of conflict of laws principles. The laws of thestate where you live govern all other claims, including claims under stateconsumer protection laws, unfair competition laws, and in tort.

Outside the United States. If you acquired the software in any other country,the laws of that country apply.

10 LEGAL EFFECT. This agreement describes certain legal rights. You may haveother rights under the laws of your country. You may also have rights withrespect to the party from whom you acquired the software. This agreementdoes not change your rights under the laws of your country if the laws of yourcountry do not permit it to do so.

11 DISCLAIMER OF WARRANTY. The software is licensed as-is. You bear therisk of using it. Microsoft gives no express warranties, guarantees or conditions.You may have additional consumer rights under your local laws which thisagreement cannot change. To the extent permitted under your local laws,Microsoft excludes the implied warranties of merchantability, fitness for aparticular purpose and non-infringement.

12 LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. Youcan recover from Microsoft and its suppliers only direct damages up to U.S.$5.00. You cannot recover any other damages, including consequential, lostprofits, special, indirect or incidental damages. This limitation applies to:


anything related to the software, services, content (including code) on thirdparty Internet sites, or third party programs, and

claims for breach of contract, breach of warranty, guarantee or condition,strict liability, negligence, or other tort to the extent permitted by applicablelaw.

It also applies even if Microsoft knew or should have known about the possibilityof the damages. The above limitation or exclusion may not apply to you becauseyour country may not allow the exclusion or limitation of incidental,consequential or other damages.

Please note: As this software is distributed in Quebec, Canada, some of the clausesin this agreement are provided below in French.

Remarque: Ce logiciel tant distribu au Qubec, Canada, certaines des clausesdans ce contrat sont fournies ci-dessous en franais.

EXONRATION DE GARANTIE. Le logiciel vis par une licence est offert tel quel. Toute utilisation de ce logiciel est votre seule risque et pril. Microsoft naccordeaucune garantie ou condition expresse. Vous pouvez disposer de droits deconsommateur additionnels que vous confrent vos lois locales, que la prsentelicence ne peut modifier. Dans la mesure permise par vos lois locales, les garantiesimplicites de qualit marchande, dadaptation un usage particulier et dabsencede contrefaon sont exclues.

LIMITATION DES DOMMAGES-INTRTS ET EXCLUSION DE RESPONSABILITPOUR LES DOMMAGES. Vous pouvez obtenir de Microsoft et de ses fournisseursune indemnisation en cas de dommages directs uniquement hauteur de 5,00 $US. Vous ne pouvez prtendre aucune indemnisation pour les autres dommages,y compris les dommages spciaux, indirects ou accessoires et pertes de bnfices.Cette limitation concerne:

toute matire relie au logiciel, aux services ou au contenu (y compris le code)figurant sur des sites Internet dune tirce partie ou dans des programmes dunetirce partie, et

les rclamations au titre de violation de contrat ou de garantie, ou au titre deresponsabilit stricte, de ngligence ou dune autre faute dans la limite autorisepar la loi en vigueur.

Elle sapplique galement, mme si Microsoft connaissait ou devrait connatrelventualit dun tel dommage. Si votre pays nautorise pas lexclusion ou lalimitation de responsabilit pour les dommages indirects, accessoires ou de quelquenature que ce soit, il se peut que la limitation ou lexclusion ci-dessus ne sappliquerapas votre gard.

EFFET JURIDIQUE. Le prsent contrat dcrit certains droits juridiques. Vouspourriez avoir dautres droits prvus par les lois de votre pays. Le prsent contrat


ne modifie pas les droits que vous confrent les lois de votre pays si celles ci nele permettent pas.


Aanalyzing vulnerabilities. See assessing systemsassessing systems 27assigning severity levels 26

CCheck Software Update Package Integrity task

about 28checking package integrity 28compliance analysis. See system assesment scanconfiguring

Patch Management Solution core settings 25severity levels 26updates installation settings 27Windows remediation settings 17

context-sensitive help 12Core Services settings

configuring 25

DDistribute Software Updates wizard 21distributing software bulletins

viewing update summary reports 23distributing software updates 21documentation 12download location 25downloading

patch management metadata 18software updates catalog 18

downloading and distributing software updates 21downloading software updates 29

Hhelp

context-sensitive 12hierarchy

replicating data 3132, 34replicating patch management metadata 33replicating software updates catalog 33

IImport Patch Data for Windows task

about 18installing

software update plug-in 16inventory

collecting. See system assesment scan

Ppatch management import data. See patch

management metadataPatch Management Import Data Replication rule

configuring 33Patch Management Language Alerting rule

configuring 32patch management metadata

downloading 18replicating 33

Patch Management Solution for Windowsabout 9distributing software updates 19implementing 15overview 10recommended workflow 15

patchingrecommended workflow 15

PMImport. See patch management metadata

RRelease Notes 12relocating packages 28replicating data in hierarchy 3132, 34replicating software update policies 34replication direction 36reports

compliance 20diagnostic 20remediation status 20software bulletin 20viewing 20

Index

restartsconfiguring 27

Ssecurity roles 38severity levels

assigning 26configuring 26

software bulletinsconfiguring installation settings 27viewing update summary reports 23

software update plug-inabout 16installing 16uninstalling 25upgrading 24

software update policyreplicate now 34replicating 34

software updatescomputer restart time 27distributing 21downloading 29downloading and distributing 21installation settings 27installation time 27

software updates catalogdownloading 18replicating 33

staging software updates. See downloadingsystem assesment scan

configuring 27

Uuninstalling

software update plug-in 25upgrading

software update plug-in 24

Vvulnerability analysis. See system assesment scan

WWindows Patch Remediation Settings page 17Windows remediation settings

configuring 17Windows System Assessment Scan page

about 27

48Index

Symantec Patch Management Solution for Windows 7.5 powered by Altiris User GuideTechnical SupportContents1. Introducing Patch Management Solution for WindowsAbout Patch Management Solution for WindowsHow Patch Management Solution for Windows worksComponents of Patch Management Solution for WindowsWhere to get more information

2. Implementing Patch Management Solution for WindowsPreparing your environment for Patch ManagementInstalling the software update plug-inConfiguring Windows software updates distributionDownloading the Windows software updates catalog

Distributing Software UpdatesRunning compliance and vulnerability reportsDownloading and distributing software updatesViewing software update delivery results

3. Performing Advanced ConfigurationUpgrading the software update plug-inUninstalling the software update plug-inConfiguring software updates download locationCreating and assigning custom severity levelsConfiguring software updates installation settingsConfiguring the system assessment scan intervalRelocating or checking the integrity of software update packagesStaging software bulletins

4. Replicating Patch Management Solution for Windows data in hierarchyAbout replicating Patch Management Solution for Windows data in hierarchyReplicating patch management language alertsReplicating the software updates catalogReplicating a software update policy

A. Technical referenceAbout hierarchy and data replication directionAbout Patch Management Solution security roles

B. Altiris Patch Management Solution for Windows 7.5 from Symantec Third-Party Legal NoticesThird-Party Legal AttributionsCabDotNetXML-RPC.NETMICROSOFT PLATFORM SOFTWARE DEVELOPMENT KIT FOR MICROSOFT WINDOWS SERVER 2003 SERVICE PACK 1

Index

Documents

Patch Management for Windows 7.5 User Guide