About Patch Management Solution for Windows

Patch Management Solution for Windows lets you inventory managed computers to determine the software updates (patches) that they require. The solution then lets you download the required software updates from the software vendor and provides you with the tools to install the software updates. Patch Management provides all security updates, critical updates and hotfixes but does not provide all optional updates.
Patch Management Solution for Windows supports hierarchy and maintenance windows. Hierarchy lets you configure features and settings for a parent Notification Server computer, then pass the settings down to child Notification Server computers.
Patch Management Solution for Windows uses targeted deployments. Updates are not deployed to a computer unless that computer specifically needs that software update. If a managed computer meets the prerequisites of a software update, it falls into a targeted filter. The prerequisites are matched against the data that is sent to Notification Server by the software update plug-in: for example, the Internet Explorer and operating system versions. Software updates are then installed according to the software vendor specifications. For example, if the update requires a restart, then the computer is restarted after the update is installed. Service Packs are installed before other software updates.
When a software update has been superseded and rendered obsolete by another update or updates, the later update is installed.
The software vendor assigns severity levels to software updates, but you can also create a custom severity level.
For more information about the vendors that Patch Management Solution for Windows supports, see the following knowledge base article:
You can also use Patch Management Workflow Web Service that is installed with Patch Management Solution. The service contains API that accesses the functionality of Notification Server and lets you perform various patch management actions.
  • The PatchWorkflowSvc Web Service page presents the list of available methods along with method call examples. You can invoke the methods on this page.
    You can access the page at http://localhost/Altiris/patchmanagementcore/patchworkflowsvc.asmx
  • Starting from 8.5 RU3, the HTML Help page is introduced. The page includes list of available methods, detailed descriptions of methods and their parameters, and usage examples for some methods.
    You can access the page at http://localhost/Altiris/patchmanagementcore/patchworkflowsvc.html
Patch Management Solution for Windows provides the following patching methods:
  • Windows Update patching
    You can choose to use only one of the patching methods or both methods together. If both methods are used during the same patch cycle, the traditional patching installs its updates first, and then Windows Update patches are installed. Note that the two methods can report different information because they use different sources of metadata for update identification.
You must ensure that each software update works correctly in your environment before deploying it. Symantec recommends that you first distribute any required software update in a test environment before deploying it to your production environment.