This section explains how to select and apply security patches to a specific PC.
Usually, the security patches you select at "6.2.4 Select Security Patches" are distributed and applied. Therefore, you do not need to select a patch application policy for a policy group whose Group Type is CS or DS in Policy Group List of Policy Groups.
However, you need to select security patches for PCs whose operation is affected when specific security patches are applied.
You can select a patch application policy for a policy group whose Group Type is Policy Group in Policy Group List of Policy Groups.
Exceptional operation of patches installation can be performed for the PC having had problems in operation after installation of the specific security patches. This kind of exceptional operation works for both the security patches of automatic installation and manual installation (install patches from software download window by clicking Start or Apps > Patch Application).
Complete the following setup to select the security patches to be installed.
For the specific PC, select Settings of the security patches to be installed
For the specific PC, Settings of security patches provided in future not to be installed
The above setups can also be installed in combination.
Operation graph
See below for operation graph of the security patches selected and installed to the specific PC.
"Set the security patches that are applied to all PCs (default)" in the image is for PCs belonging to the following groups:
Group Type is CS or DS
Group Type is a policy group, for which a patch application policy has not been set
All the patches targeted for distribution as described in "6.2.4 Select Security Patches" will be applied to this PC.
"Select the applied security patch (Policy group unit)" in the image is for PCs belonging to the following groups:
Group Type is a policy group, for which a patch application policy has been set
Of the patches targeted for delivery as described in "6.2.4 Select Security Patches", only the patches selected for application in the patch application policy will be applied to this PC.
By using a group for which the patch application policy is set in this way, you can operate specific PCs with some patches excluded.
Setup steps
The patch application policy setting procedure is as follows.
Refer to "2.3.1.1 Add Policy Group" for details on how to select a patch application policy to be used by a group.
Click Policy Groups in Environment Setup.
The following window will be displayed.
Click the Customize Various Policies button.
The following window will be displayed.
Click the Patch Installation Policy tab.
Click the link of the policy name, the following window will be displayed.
Select the patch group to have the security patches setup modified and installed from the tree on the left field.
The security patches under the selected patches group will be displayed in the field on the right.
Delete the Select Security Patches not to be installed from the security patches in the field on the right. Finish the following setup as well.
The security patches added to displayed range is automatically audited
Delete the selected check box if the security patches under the selected patch group added in future will not be regarded as objects.
After deleting selection of check box, none of the security patches will be regarded as installation object for the ones whose definition is added to the software dictionary in future, or the security patches are selected under its own patches group from window of Distribution > Security Patches Distribution.
Click Apply button to save the setup.
Repeat step "3." to "7." for modification of Settings of multiple patches groups.
To confirm contents of setup modification, repeat step "3.", select the patches group and confirm.
Icon of patches group having had the installation security patches setup modified will change as below.
Icon | Description |
|---|---|
| All the security patches are installation objects. |
| Security patches of non-installation objects exist. |
The patches groups shown in the tree are the whole patches groups. Delete the selected patches group in window of Distribution > Security Patches Distribution, the installation will be disabled even it is selected in Patch installation policy.
Note
About Windows(R) 10 security patches, and security patches released by Microsoft after October 2016
Windows(R) 10 security patches, and Windows(R) 7, Windows(R) 8.1, Windows Server(R) 2008 R2, Windows Server(R) 2012, Windows Server(R) 2012 R2, and Windows Server(R) 2016 security patches released by Microsoft after October 2016 will be provided as a rollup package containing a few patches for vulnerabilities. For details on the vulnerabilities addressed by each security patch, refer to Microsoft information (Software Information > Detailed Information) which can be viewed by clicking the Software List > Name link.
The above rollup package of security patches is large, so it is recommended to alternate security patch distribution times by group to balance the network load. Refer to "6.2.6 Settings of Installation & Distribution Intervals of Security Patches" for details on how to set the distribution times.
