Patch Management ^
Patch Management is the Symantec equivalent of Microsoft’s Windows Server Update Services. Patch Management exceeds WSUS by offering:
- Popular Software Updates and Microsoft Updates
- Finer Deployment Control
- Throttling via the Symantec Client
- Package Pushing
- Supreme Reporting
Patch Management is similar to Software Management in many ways. Packages for new patches are created and pushed out to the client machines via scheduled policies or tasks, and they can be reported on for compliance, saturation, and utilization. The major difference between the two is how the installations are obtained.
In Patch Management updates are downloaded to the server through the Vendors and Software area of the SMC. Shown below is a small list of the many software vendors that updates can be downloaded for.
Patch Management vendors
When expanded, the different software titles from the vendors are shown. There are even different versions of the same titles that patches can be obtained for. Symantec has gone to great lengths to keep this list of software updated in order to make management much easier for the admin.
Patch Management vendors expanded
Once downloaded, tasks and policies can be created for the patch and then pushed to any machines that require it.
I’ll write more on reporting shortly, however, I think it’s pertinent to mention at this point of the article that finding what devices need a patch is as easy as running a report in the Reporting section of SMC. Symantec has a whole list of reports that can be run for updates.
Patch Management reporting
This particular report conveys how many devices need an update, what the compliancy percentage is, what type of patch it is, and a slew of other important information. Creating a package to deploy may not even be worthwhile as only a few computers need it.
Patch Management reporting info
A must have in any admin’s tool belt is a way to remotely connect to and control a user’s computer to teach, fix, or just to get a clearer idea of the problem. Symantec Management Platform comes with one of the best remote desktop tools available: PCAnywhere.
As a quick side note, I would like to mention SMC also supports opening via RDP and VNC if they are installed and configured on both the client and administrator machines.
When the Symantec Client is deployed onto a device, as an option, PCAnywhere can be automatically installed with it. Permissions can then be given to certain groups or people to access these devices. Groups and users can include:
- Any LDAP/AD Group or User
- Any Group or User on the SMP Server
- Manually Created Users
Permissions can include:
- View Only
- Full Control
- Lock the Host Keyboard and Mouse
- Completely Blank the Host Screen
- Accepted by Client Only
Using these permissions, users can be set up to allow view only permissions so someone in the finance department can show someone in the credit department how they use an application; or full control can be given so that an admin can fix a nagging issue on the user’s machine.
Just as the Patch Management solution has reporting, so does PCAnywhere. Reports can be pulled to see who connected to what computer, when, and for how long. These are paramount when it comes to PCI or any other auditing.
Reporting is one of the major selling points of this software platform in my opinion. Reports can be generated and created for just about anything in the database. Out of the box examples include:
- Software and Update Compliancy
- Server and Desktop OS’s
- Primary Users for a Device
- Power Scheme Settings
And the list goes on and on.
Custom reports can also be created and ran against specific groups of devices, users, or a hybrid of both. A quick example would be creating a report to find out which computers are needed for a motherboard recall by using the serial number field and who they belong to by the primary user field.
Custom reports can be as simple as selecting items that you want to report on or creating custom SQL queries to run inside the report.
This concludes the second part of this three part series over Altiris Symantec Management Platform. So far Computer Management, Software Management, Patch Management, PCAnywhere, and several aspects of reporting have been covered for various pieces of the SMP.
The next and final article in this series will cover computer imaging and what Symantec Management Platform brings to the table that Ghost and others don’t.
Until then, thanks for reading!