Patch management is the process of obtaining, testing, and
installing patches for software on devices. The K1000 enables you to automate
patch management, which helps to improve software functionality and protect
devices and networks from vulnerabilities. With patch management you can detect
and deploy the latest security patches and software updates for Windows and Mac
devices that use the K1000 appliance.
The purpose of this article is understand how patching works and
apply best practices to accomplish better results without impacting system
performance (clients and K1000 Appliance respectively)
NOTE: The Patch
Management component is supported on Windows and Mac devices only. Patch
Management is not available for Linux
creating patching task, there are some pre-requirements that need to be checked:
Websites that must be
accessible to the K1000 appliance – Patch download requires ports and URL’s to
be whitelisted. For additional information and details review web resources
network ports and URLs are required for the KACE K1000 appliance to function?
workflow and Download settings
How to apply Patch
subscriptions prior downloading patches (patch signatures and packages).
Patch-subscriptions allows selection of desired patches (based on publishers);
prior proceed with patch downloads. For additional details review link below.
Smart Labels - Using Smart Labels for patching
You can use Smart
Labels to automatically group patches, filter patches by category and severity;
Using Smart Patch Labels help to address patching tasks quicker; Patch Smart
labels are used for detect and deploy respectively.
How to create and use
smart labels, please check web resource below:
Smart Labels to organize devices by type, such as desktop, server, and laptop. Restrict
the patch actions to the devices in the labels that you select. Limiting the
run to labels, especially Smart Labels, helps to ensure that patches are
More about patch smart
Detect, deploy and
rollback task selection take place in patching schedule configuration;
appropriate and balanced schedule configuration provide best patching results
and faster patching completion time.
Details about patch
process and different stages
During patching process
different type of activities take place, each activity counts as a unique
stage, these are handshake, detect, deploy, verify, or rollback depending on
type of activity selected (patch schedule).
For each stage agent
(client or computer) communicates back with K1000 (upload logs) to then
continue with the next activity or stage; however sometimes upload logs can
result as an error preventing patching activity to complete.
For this type of
situation please review:
What does "Error (Log
Upload Failed)" mean in the Current Phase of the schedule? (204675)
Patching error codes and common issues
A List of Failed Error
Codes for Scripting or Patching (Detection or Deployment Phase) in K1000 Server
Error Message: Your
patch subscription has expired. Please contact support for assistance. (146363)
What items to check for
when getting "HANDSHAKE error" during a scheduled patching job?
K1000 Patch Status Showing Downloading (147748)
patching useful resources – Best practices and tips.
KACE SMA Patching - Best practices and recommendations (206616)
Administrator Guide -
Best practices for patching
and operating systems for K1000 patching (112030)
Patching is great and complete feature that allow system administrators keep system
safe of potential vulnerabilities, understanding the options and resources
available is important to optimize patching results. Issues, questions or
suggestions feel free contact Kace Support.