Welcome to KACE Cloud, now with third-party application patching. Today I will show you how KASE Cloud can revision, manage, and secure your devices directly from the cloud. With KASE Cloud Zero Touch deployment for onboarding and deployment of new devices eliminates manual configuration and gets your workforce up and running quickly. Configure devices more efficiently by pushing applications, and implementing pre-configured user settings for newly deployed devices. Environments containing bring-your-own devices can be enrolled seamlessly ensuring company resources are protected and external devices are not making your network defenseless from cyber attacks.
KASE Cloud allows you to take a proactive approach to device management with automation. Use the power of perpetual policy enforcement when administrating an application, location rules, Windows custom profiles, or security standards. With policy-based endpoint management solutions you can maintain your configuration standards across every endpoint in your environment and be more responsive and less reactive to issues. Confidently deploy OS and application patches when and how you want for over 350 products. That's over 10,000 patches and growing using our KASE Cloud Patch Catalog.
Let's take a look at setting up a Windows patch policy. First we're going to click on Settings. And on the left we'll click on Settings. We'll navigate to the bottom where it says Patching. So you can see down here the two options are Active or Inactive. The default is Inactive. This just means that patches that have been replaced are set to an inactive status. And we also can see the Maximum Install Attempt and Roll Back Attempt are both set to 3 for when patches are being installed.
So we'll take those defaults. They're fine as they are. We'll go back over to the Library section. We're going to click on Patching. And here you can see our KASE Patch Catalog. This is totally managed from the cloud and will allow you to dynamically target types of patches you want to push out to your endpoints.
By default, we're going to look for only patches that have not been superseded. So you can see that in the filter right here. We can add other criteria, we can build a filter based on any of these attributes. So when it was released, who the publisher is, what operating system is it for, what severity is, does it need a reboot or not. Let's say we want to push all the patches except for ones that require a reboot. And here I have options I can select. So on Install, we want to select No. Reboot Required on Install, No. Reboot Required On Uninstall, you'll want to click No. And so you can see that's added to the filters at the bottom. It's also added up here. And then in the Action box we can save that as a patch filter. And I'll call that, "Patches No Reboot," and then we'll hit Save.
Next we're going to click on Policies. I'm going to go ahead and set a new policy up. And we'll call this our "Patch Policy No Reboot," and hit Save. So right now it's set to Inactive, which is fine. The Applies To, we're going to link a group of devices. And in here, we'll select our Windows devices and link that to the policy.
Next we're going to go to Rules over on the left. Now these pertain to if the user is notified on one, if the patch job runs, or the second option is if it needs to reboot. So we'll take a look at these options. So right now it's set to silently ran. If we hit the Snooze option you can see it opens up some other options. So we can define how long a user can snooze it, how many times they can snooze it. We'll change that to 2. Maybe we'll change the timeout to 15 minutes instead of ten. And after 15 minutes the default timeout action is to Snooze. So we can do that, or if we select OK, the patch job will go ahead and run. And we can also see the messages the user will see down here when that occurs.
So let's go ahead and preview that. So you can see we have the option to run it, the option to snooze it. The alert's going to close in 15 minutes, and they can snooze it two times for thirty minutes each. And that looks fine, so we'll hit Save. And we also have options around reboot. Since we're doing a schedule that's no reboot, I'm not going to change those. But you would get the same type of options there.
The next thing we're going to do is click on Patching on the left. So we're making a filter, and we've already made a group of patches we want to push called "Patches No Reboot," so I'm going to select that. I want to link that to the policy. And then when I'm ready, I can activate and push changes, and then I can confirm that change. So we've just set up a Windows patching policy to any patches that do not require a reboot.
Now that we've configured a patch schedule to run and update our endpoints, let's go take a look at some devices and see how things went. So I went to Libraries, and then Devices. Let's scroll down to-- and I got a couple of Windows machines here I've patched. We'll make a selection for this device. And here you can see summary information about the device. So there's the device name. It's enrolled. It's compliant, so there's no issues. And it's responding, so that means it's actively checking in. So on the left, over here, we can go down to Patching. And I'm going to pull up basically it's a recap of all the patching that has occurred on that endpoint. So you can see there's a number of patches that have been applied.
On the Status column these are green, and some of them have a little orange icon with the K in it. That means KASE deployed this particular patch. And underneath it you can see another patch that we just discovered as already being installed on the endpoint. So what's really nice with KASE is we validate that patches are on the endpoint, and then we actually did the install of the patch. So you can look through and see how well patching occurred on that particular device.
You can also click on the name of any patch, and you can see information about it. So you can see patch details. So what severity it is, what type of update is it, did it need a reboot or not. You can see the patch identifier, so the KB number, or the internal patch ID number for KASE. And if we scroll down, we can see a description of the patch as well as patches that it has replaced. So not only, again, do we validate that the patching was installed, but if you need to dive deeper and see information about particular patches you can do that.
And so we'll go back up a level. You can filter and look for inactive patches. We've got a dropdown. You can look for things released on a specific date or installed on a specific date. So if we want to look and see things that may be installed yesterday, we can click that. And I made the selection for December 15, and you can see those patches were installed on that date.
For more information or to start a free trial of KASE Cloud, please visit us at Quest.com/KASE, and follow us on Twitter @QuestExperts. Thank you.
07:41
