Configuring Patch Management on a Group
Patch Management can be configured per device or on a group of managed devices. This topic describes how to configure Patch Management on a group.
DevicesMachines connected to a network that have been discovered by GFI OneGuard. joined to a group inherit the group's patch management settings.
To access group patch management settings:
- Log in to GFI OneGuard and go to Manage > Devices.
- In the left pane, under Managed Groups, hover your mouse over the group you want to configure.
- Click the pulldown menu arrow
and select Configure group. - Go to the Patch Management tab to start customizing patch management settings in this group.
Enabling the patch management settings
Enabling/Disabling Patch Management
To enable or disable patch management, use the switch Enable Patch Management for this group.
If enabling patch management, you may proceed to configure the other settings.
If disabling patch management, no other settings need to be configured and you can click Save Settings to apply the change.
Inherit policy from parent group
Use this option to automatically inherit patch management settings from the parent group, according to the hierarchy shown in the Managed Groups section in the left pane. If this option is selected, the options below this setting are hidden.
Import or Export a Policy
You can use these options to export a policy from an existing GFI OneGuard deployment and import them into another. This is useful for example when moving your GFI OneGuard installation from one server to another.
Select from the following options:
| Option | Description |
|---|---|
| Import Policy | Click to select a policy settings file from a saved location. |
| Export Policy | Use this option to save the currently configured settings to a desired location. |
Patch Scanning and Installation scheduling
Use the scheduler to configure how frequent GFI OneGuard scans managed devices for missing patches.
Configure also other patch scanning options:
NOTE
GFI OneGuard automatically installs approved missing patches when a scan completes.
Patch approvals
Use this area to maintain a list of actions for patches issued by specific vendors. When a patch by a vendor is available, GFI OneGuard runs the action configured here. For example, GFI OneGuard can automatically approve and install the patch.
Group patch approvals area
To enable this feature, switch ON the Auto Approvals option. When this option is disabled, all patches to deploy must be manually approved for deployment one-by-one. To do this, go to DashboardA graphical representation that indicates the status of various operations that might be currently active, or that are scheduled. > Patch Management and review, approve and install missing patches from the Patched & Updates table. For more information refer to Monitoring patch deployment.
In the Vendors table, configure the approval action for each vendor and for each software product issued by that vendor. Choose the action to take for Security updates, Non-Security updates and for Service Packs or Major Upgrades. The possible actions are:
The All vendors role defines the action to take by default on all vendors and software. When an action in this row is chosen, the action of all vendors and software is automatically set to the action chosen.
Notifications
Configure system alerts and email notifications based on the status of patch availability and deployment.
| Notification type | Description |
|---|---|
| Alerts | Choose to enable or disable system alerts shown in the top navigation bar. |
| Send an email alert when a patch fails to install | Send an email notification when a patch fails to install. The notification can either be sent to all users that have access to the group or to a custom email address list. |