I'm trying to help bring Critical Patch Compliance as high as possible in our systems. I'm still very new to the patching systems in place in Kace, but I was wondering if there was any way to see why a patch has failed to deploy on certain systems. The pre-existing reports are a bit of a deluge of information and are difficult for me to parse. I also would like to know if there's a way to deploy a patch on the spot rather than waiting for a scheduled time. 

Any other advice on keeping critical patch compliance high would be appreciated.

Thank you!
1 Comment   [ - ] Hide Comment


  • how to enable agent debug log on
Please log in to comment

Answer this question or Comment on this question for clarity


Hi Evmorr12,

I believe most of your questions are covered in the K1000 management appliance documentation, however I'll take a stab at answering some of your questions.

1. Yes, you can review why patches failed, however it requires a few steps. First step being that for each machine patch detection or deployment fails on, you need to enable the agent debug log on. Once enabled, either manually run patching against that workstation or wait for the next patch cycle to complete. The agent should automatically upload debug logs to K1000. In addition to the debug logs, KACE technical support can provide additional assistance and a kapturestatelauncher utility that can collect additional details from the computer and upload the logs to the server.

2. You can manually force a patch schedule to run by navigating to the patch schedules menu, selecting the check box next to the appropriate schedule you want to run, and then selecting the "choose action" drop down > run.

3. You can customize all reports, and create new reports using the new report wizard or SQL editor.

4. In terms of patching, I patch all available patches whether they're critical or recommended unless there's known issues regarding the patch being deployed. Only deploy patches to workstations in smart label groups, do not run patching on critical appliances during business hours. For example, patching runs in my organization every Tuesday at 10pm for Desktop computers only (over 300), Laptops download patches during business hours but prompt the user when to install them, and servers patch once a month unless there is a critical security patch during non-production hours.

For a full detailed analysis of the K1000, I highly recommend reading the full documentation for the K1000 management appliance which will cover every aspect of the system, including patching and reporting as well as reviewing the Dell KACE tutorial videos hosted on the KACE web site which are free and offer additional insight into advanced topics around the K1000.
Answered 01/22/2016 by: rrjustin
Yellow Belt

Please log in to comment
Nine Simple (but Critical) Tips for Effective Patch Management
This paper reviews nine simple tips that can make patch management simpler, more effective and less expensive.