Windows Updates on Assets
Table of Contents
After you've scheduled your Windows Updates, you can view the current status of Windows Updates (and if necessary, take further patch management actions) on an asset by following these steps:
- Navigate to the Assets & RMM tab.
- Click the hyperlinked Name of any Windows asset to view its Details page, then select the Windows Patches subtab:
Note: The number to the right of the Windows Patches subtab label is the number of missing patches.
Syncro displays four sections: MISSING PATCHES, FAILED PATCHES, REJECTED PATCHES, and RECENTLY INSTALLED:
Each of these sections is described in more detail in this document.
Missing & Failed Patches
Missing Patches are patches that had their Approval setting in a Windows Update Policy set to Defer or Manual:
Failed Patches are patches Microsoft failed to install for one reason or another:
- Click Install for any missing patch to install it.
- Check the box in the header row, then click Install Selected Missing/Failed Patches in the upper-right corner of the section to install multiple missing patches at once:
- If available, click Details to see details about that KB in Microsoft's documentation.
Note: Either install button pushes the update in real-time; you can watch the patch’s install progress on the Scripts subtab. If the asset is offline, Syncro queues the update for when it comes back online.
Rejected Patches
Rejected Patches patches had their Approval setting in a Windows Update Policy set to Reject:
Notes:
- You'll only see an Install button in this section if you are a Global Admin, or you belong to a Security Group with the “Assets - Allow Installation Of Rejected Patches” box checked.
- On the following screen, the second row is a driver:
Since it does not have a KB number, you cannot specifically exclude it. However, you can set the category of Drivers to Reject in a Windows Update Policy, then selectively install the ones you want.
Recently Installed Patches
Recently Installed patches are those that have been successfully updated:
- Click View Records to open the “History for the KB” pop-up window, which shows the Titles and Installation Dates in reverse chronological order:
- If available, click Details to see details about that KB in Microsoft's documentation.
Windows Update Reports
There are two RMM Reports that provide Windows Update information:
To view these reports, navigate to Admin > Syncro Administration - Reports. Then look in the RMM section:
Find Missing/Installed Windows Updates
You can use a Saved Asset Search to find assets that are missing or have installed Windows updates by their KB#:
For more information, see Create & Save Custom Asset Searches.
Troubleshooting
When using Windows Updates, first ensure you're following best practices:
- Ensure your scheduled tasks have enough time to successfully complete. Scheduling too many updates at once can cause issues (such as missing the "Reboot By" time). For example, you shouldn't schedule a month worth of updates with several categories to install, with only a few hours to do it.
- It's important to have scheduled downtime for servers, so updates can be applied to prevent issues with server inaccessibility.
- It may take some tweaking to get a Windows Update schedule that works for you. You should initially test the schedule and patches on noncritical systems.
About Reboots
- Reboots only happen if the Windows Update requires one. If an update requires a reboot, the reboot will happen as you specified in the REBOOT SPECIFICATION section when you created the policy. If an update does not require a reboot, that asset will simply not reboot regardless of the reboot setting in the policy.
- If patches aren't installed, check that you rebooted the asset. If the asset does not reboot, you may not see the patches as installed, as many patches require a reboot to successfully install.
- If the the asset didn't reboot at the "Reboot By" time, it's possible the asset simply has not finished installing the specified updates by the "Reboot By" time, which causes the agent to skip it.
IMPORTANT NOTE: Pending Reboot will not clear for assets with Windows 8 and higher with a shutdown; you need to actually restart the asset. This is because of "Fast Startup" which essentially puts the computer into a deep hibernation mode. A restart will actually clear the RAM, processor cache, and kill all processes.
Other Possibilities
If the same update is showing as available AND installed, this is most likely the same KB receiving a version update from Microsoft, such as with a Windows Defender definition update.
See also About the Windows Updates Policy Module for what Syncro does and does not support.