CNS offers our clients a variety of solutions to maintain software hygiene on their networks. Most of these solutions are automated, and with user cooperation to complete reboots, it's relatively easy to keep your systems up to date with current software versions.
However, there are some important limitations to the automated processes that are important to understand. This article presents those considerations.
For Complete Care Clients that do NOT Elect Third Party Patching Services:
CNS uses an automated patching system provided by Kaseya which provides patching for many Microsoft products including:
- Windows desktop operating systems, such as Windows 11.
- End of life upgrades are not covered, and addressed below.
- Windows server operating systems, such as Server 2022.
- End of life upgrades are not covered, and addressed below.
- Microsoft Office 365.
- Microsoft Edge browser.
- Microsoft .Net components (if within same version).
- Updating iSweeps, if managed by CNS.
- Updating Guapples, if managed by CNS.
For Complete Care Clients that Elect Third Party Patching Services:
Optionally, clients may select third party patching services, which uses additional components of the Kaseya system, to automate patching of select non-Microsoft vendor applications. These patching components are provided by Ninite, and are offered with some limitations:
- Patching is limited to Ninite supported programs.
- Ninite supports patching of 148 programs. They are listed here: https://ninite.com/applist/pro.html
- Programs not found on the above list are not included in the third party patching offering. The client is responsible for patching anything not on this list.
What Patching Isn't Automated?
The System has limitations around its patching capabilities, which could result in old software not being removed from PCs. It is the customer's responsibility to review their software inventories and vulnerability scanning to ensure old versions are properly removed from PCs.
Software updates may not complete if computers are not promptly rebooted after patching. Users will receive a reboot notification upon successful completion of the patch deployment. It is critical that users obey this notification promptly to complete the patch installation process.
It is the customer's responsibility to ensure computers are rebooted promptly so that the patching process can complete. Failure to do so will result in an incomplete or failed patching process.
What isn't covered by CNS patching services?
- Removal of previous versions of software.
- Vendor-provided patching may not include removal of old/unsupported versions of software, which may contain vulnerabilities.
- It is the client's responsibility to remove out-of-date or vulnerable software, or schedule billable work with CNS to remove it.
- Patching of applications not included on Kaseya's Ninite supported versions page: (https://ninite.com/applist/pro.html)
- Updating unsupported applications is the client's responsibility or can be scheduled with CNS at our normal hourly rate.
- Updates to device firmware not supported by CNS. Updates to below items are available upon request at our normal hourly rate. They include, but are not limited to, the following:
- System BIOS updates
- Dell firmware including iDRAC
- Device drivers
- Intel BIOS updates
- Printer firmware updates
- Internet of Things (IoT) devices
- Storage Area Network (SAN) controller firmware (unless service has been purchased)
- Updates to hypervisor software, such as VMware, unless covered by a CNS service subscription.
- Upgrading Microsoft Exchange mail server versions.
- Upgrading databases, such as MS SQL Server, MySQL, MariaDB, etc.
- Upgrading Windows Operating Systems.
- End-of-life Windows desktop (i.e. 10, 11) version upgrades can be scheduled with CNS at our normal hourly rate.
- Windows Server version upgrades can be scheduled on our store (store.cuanswers.com).
- Linux patching and upgrades can be scheduled with CNS at our normal hourly rate.
- Updating or removing protocols.
- Upgrading or disabling protocols such as SSLv2 or SSLv3 is the responsibility of the CU. Billable time can be scheduled with CNS for this work.
10. Updating or upgrading any end-of-life software as published by the vendor, whether or not it is otherwise included in our standard patching offering.
11. Patching of software for which a valid vendor license is not present on the target computer.
12. Patching or updates to employee VPN endpoint software. Billable time can be scheduled with CNS for this work.
If you have questions or would like further information, please reach out to helpdesk@cuanswers.com.
Use Alerts to be notified when new information is added or changed in an individual answer or topic of information you care about. All Alert notifications sent in a single email once each day.
or you can subscribe to our RSS feed for this topic by clicking the link below
Subscribe
https://kb.cuanswers.com/cuanswers/ext/kbdetail.aspx?kbid=5404
Please enter your email address.
Please enter a valid email address.
Password not entered
Please choose a password composed of 6 to 20 varied letters, numbers and special characters, without whitespace characters or any of the following special characters: ' " / \ < >
The retype password must be the same as new password to confirm your password change. Please re-enter the retype password.
Creating a profile allows you to ask a question in a secure way and view a history of your past questions. If you have asked questions before, your profile was automatically created using the email address you provided.
Your inquiry is being encrypted to protect your privacy.
|