Acquire the security patches selected in "6.2.4 Select Security Patches" from Microsoft company and register to CS settings. There are 2 ways to acquire the security patches.
Automatic acquisition of security patches
Manual acquisition of security patches
Carry out automatic acquisition of security patches from Microsoft company and register to CS settings.
Take the following steps.
Log on the main menu, click Environment Setup.
The Environment Setup window will be displayed.
Click Option.
The following window will be displayed.
Input the following information to Settings of Security Patches.
Item | Description |
|---|---|
Method for registering security patches n as default | As to the registration method specified in Security Patches Distribution of Settings of Distribution Software - Detailed Settings in the main menu, select default value from below.
|
Automatically download security patches from the public site according to the schedule | In Settings of Distribution Software in the main menu, when the security patches are set as distribution objects, select this item when automatically downloading by the specified plan. Select from below for type of patches can be downloaded automatically.
Due to the massive module, it will be rather time consuming to download service pack from the public server of Microsoft company. Select Only security patches when manually registering and using the service pack provided by CD-ROM. |
Schedule | Set up the plan to download from the public server of Microsoft company. The original value is set as 3:00 each day.
|
Install security patches to CS/DS | Select when installing the security patches to CS and DS. Select more than 1 server to be installed when selecting. |
Click the Apply button.
Note
When service pack is selected for patch selection, sometimes it will take excessive time to acquire due to network conditions. Therefore it is suggested to register manually from CD-ROM or other. Refer to relevant contents in "6.2.5.2 Obtain Security Patches Manually" for manual registration.
Manually obtain security patches from Microsoft and register to CS settings. Take the following steps.
Manually obtain from Windows Update directory and log on the security patches
Register and obtain the security patches from CD-ROM and other.
Manually obtain from windows update directory and register security patches
Take the following steps to manually obtain from Windows Update directory and register the security patches.
It is necessary to connect to Microsoft company's website setup via network to download.
In addition, decide in advance if it is necessary to create a destination folder to save the downloaded security patches. At this time, also pay attention to remaining disk capacity.
Start IE, and display the Microsoft Update Catalog page:
http://catalog.update.microsoft.com/
About the latest steps, confirm from Microsoft company's home page.
Take the following steps.
Log on the main menu, click Distribution and then click Security Patches Distribution.
The following window will be displayed.
Select the directory under the security patches on left field of the window.
List of the selected security patches will be displayed on right side of the window.
Select security patches from the tree view on left field of the window, then confirm the KB number recorded in ( ) of patches list on right side of the window.
The KB number shall correspond to file name of the downloaded security patches.
Click link of the target security patches.
The following window will be displayed.
Select the single choice button of Register the downloaded security patches to specify the security patches to be downloaded manually.
Click OK button then register the security patches.
The folder name varies depending on each security patch. Do not mess up the formatted file of execution of the security patches during registration.
In most cases, a KB number is appended to the file name. Associate the file with the KB number described on the following location of the patch list in the main menu.
If the name in the patch list begins with "MS", the KB number is the number inside the parentheses.
If the name in the patch list does not start with "MS", the number beginning with "KB" is the KB number.
After confirmation of the file name, click OK button.
Repeat the operations according to number of the target security patches.
Obtaining of security patches through registration of CD-ROM and other
Take the following steps to obtain security patches through registering and passing CD-ROM and other.
Log on the main menu, click Distribution, and then click Security Patches Distribution.
The following window will be displayed.
Click the link of security patches to be registered on right side of the window.
When the security patches to be registered are not shown, select the directory under the security patches from the tree view on left field of the window to show the security patches to be registered.
Refer to "6.2.4 Select Security Patches" for selection of the security patches.
The following window will be displayed.
Select the single choice button of Register the downloaded security patches to specify the destination path to save the security patches obtained from CD-ROM and other.
Click OK button to register the security patches.
Take note of the following if selecting security patches for Windows 10.
Refer to "6.2.4 Select Security Patches" for details on how to select security patches for operating systems other than Windows 10.
Security patches for Windows 10 are provided as cumulative updates from Microsoft.
However, version V1607 or later security patches are provided as delta updates together with cumulative updates.
There are also security patches not included in the cumulative updates or delta updates that are provided separately.
Windows 10 security patches supported by Systemwalker Desktop Patrol
Systemwalker Desktop Patrol supports the following Windows 10 security patches:
Cumulative updates
All security patches, including patches that have been released in the past.
Delta updates
Security patches of the month of release only.
Separately-provided security patches
Separate security patches that are not included in the cumulative updates and delta updates.
Example
For example, the Windows 10 security patches below were provided in June 2017.
Cumulative updates
KB4022727: For Windows10 RTM
KB4022714: For Windows10 V1511
KB4022715: For Windows10 V1607
KB4022725: For Windows10 V1703
Delta updates
KB4022715: For Windows10 V1607
KB4022725: For Windows10 V1703
Separately-provided security patch
KB 4022730: For Flash Player
Point
Cumulative updates are large, so they significantly impact the network during distribution of security patches. For this reason, Microsoft started releasing delta updates from March 2017. However, in order to apply delta updates, all security patches that have been released up to the previous month must be applied beforehand.
If delta updates can be applied according to the security patch application status of the PC, load on the network during security patch distribution can be reduced by using the method below.
Select security patches to be distributed
Select security patches to be distributed, as follows:
If the name of a security patch to be distributed does not include "(Full)" or "(Delta)", the notes specific to Windows 10 security patches do not apply. Refer to "6.2.4 Select Security Patches", and select the required security patches.
If the name of a security patch to be distributed includes "(Full)" or "(Delta)", follow the procedure below to select the security patch.
Log in to the main menu, click Distribution, and then click Security Patches Distribution.
The window below will be displayed.
In the left pane, click "Windows 10" or "Windows 10[x64]".
The window below will be displayed.
Select Name, specify that the patch must contain the string "Full", and apply the filter.
The list will be filtered as follows. Only cumulative updates will be listed.
Based on the KB number included in the file name, select the Distribution check box next to the security patches to be distributed, and click Apply.
It is possible to check details on the selected security patch from Microsoft by clicking it in the Name column, and then clicking the link in the Detailed Information field.
Select Name, specify that the patch must contain the string "Delta", and apply the filter.
If the Security Patch Distribution > Detailed Information window is displayed, click Cancel, and then filter the list.
Based on the KB number included in the file name, select the Distribution check box next to the security patches to be distributed.
In the same manner as when selecting a cumulative update, it is possible to click a security patch in the Name column to view details available from Microsoft, and check the target version of the selected security patch.
From among the security patches with a different [YY-MM] part at the front of the name to that of the security patch selected in 2 above, select a security patch with the same target version as the security patch selected in 2. For the target version of the security patch to be selected, click Name in the same manner as in 2, and check the version by referring to the information available from Microsoft.
Click Apply at the top right of the window.
Note
It is not possible to select only cumulative updates or delta updates.
Follow the above procedure to select both cumulative updates and delta updates.
Manage security patch generations
When auditing/distributing Windows 10 security patches, if it is necessary to check the application of past security patches in addition to the application status of the latest security patches, it is possible to check the application status of security patches released two months prior or earlier. Follow the procedure below:
Log in to the main menu and click Environment Setup, and then click Auditing Software.
The window below will be displayed.
In the left pane, click "Windows 10" or "Windows 10[x64]".
The window below will be displayed.
Select Name, specify that the patch must contain the string "delta", and apply the filter.
The window below will be displayed.
The name of each patch begins with [YY-MM].This indicates the year and month (20YY-MM) in which the software patch was released. Select the security patch that you want to check the application status for, based on [YY-MM] and the KB number, and check if the Audit check box is selected. If not selected, select it, and click Apply.
When checking the application status, if the KB numbers are the same, the cumulative updates and delta updates will be checked without distinction. Therefore, if the names of the security patches for which you are checking the application status include "(Full)" or "(Delta)", do not select that security patch, but instead select a security patch with the same KB number in the name, and a security patch that includes the month and year (using the format "MMM YYYY") in the name.
The application status can be viewed in the window below, which is displayed by clicking PC Information > Software Auditing.
Note
If distributing security patches that include "(Full)" or "(elta)" in the name, always select one cumulative update and two delta updates for each target version. If Systemwalker Desktop Patrol determines the security patch application status of each PC, and delta updates can be applied, they will be distributed, reducing the network load during security patch distribution.
