McCombs Windows Security Patching FAQ
Windows computers receive patches via the Microsoft System Center Configuration Manager (SCCM) client. SCCM manages the installation of Microsoft patches available through the normal Windows Update process as well as patches for third party (non-Microsoft) applications via the Patch My PC plugin for SCCM. Under normal circumstances, patches automatically install on your computer according to the process described below. You also have the option to manually review and install pending patches at a time of your choosing.
How do I manually check if my computer needs a patch and install it on my own?
At any time you can review what patches might be pending for your computer by opening the SCCM Software Center application. To do this click the magnifying glass in the lower left corner of your Windows desktop type "software center" in the search field.
This will display pending updates from Microsoft and also updates that are made available by Patch My PC. You also have the option to install these pending updates.
If a patch requires a reboot you will see that noted under status. When you manually install a patch you will be notified to reboot your computer once the installation completes, but your computer will not automatically reboot at that time. If you choose not to reboot at that time, your computer will automatically reboot during its next maintenance window (typically between 10 pm and 6 am).
How often are patches released?
Microsoft typically releases patches for all of is products once per month on the second Tuesday of the month. Occasionally, urgent patches may be released outside of this schedule.
Patches for third party products are made available by their various vendors on a daily basis. For better management, ITS bundles these into a single third party patch release on Tuesday of each week. Each Tuesday's bundle is a self-contained package that includes any previous patches that are still applicable as well as any new patches made available since the previous release.
What is the schedule for automatic patch installation?
SCCM will check for patches once every hour and will download any it finds, but it will not automatically install the patch until the next maintenance window. Our standard maintenance window is from 10 pm to 6 pm each day. On Saturday the maintenance window begins earlier at 6 pm and on Sunday at 2 pm. During these maintenance windows, your computer will automatically install any pending Microsoft patches or third party patches if it is able to do so.
When will I be notified that my computer needs to reboot because of patch?
When you manually install a patch outside of a maintenance window, if it requires a reboot your computer will notify you about this once the installation completes. Since a maintenance window not active, this will be just an informational notification and your computer WILL NOT try to automatically reboot.
If you are logged onto your computer during a maintenance window and a patch is installed that requires a reboot, your computer will notify you about this once the installation completes. Since a maintenance windows is active in this case, the notification will display a 15 minute countdown timer before it automatically reboots. You can defer the reboot, but if you do not do this within the 15 minute timer, then your computer WILL automatically reboot. If you defer, then this prompt to reboot will keep reappearing every 4 hours until either the computer reboots or maintenance window end, which ever happens first. If the maintenance window ends without a reboot happening, the notification cycle will resume at the next maintenance window.
Patches for the Windows operating system always require a reboot. Other Microsoft applications occasionally require a reboot. Third party application updates rarely require a computer reboot, but they generally do require an application to be closed in order to be patched.
When will my computer automatically reboot because of a patch?
If a patch requires a reboot, your computer will automatically reboot only during a maintenance window and only under the following circumstances.
- You ARE NOT logged onto your computer during the maintenance window and the the patch was just installed or the patch was previously installed but the reboot was deferred at patch install time, or. . .
- You ARE NOT logged onto your computer during the maintenance window and the the patch was just installed or the patch was previously installed but the reboot was deferred at patch install time, or. . .
- You ARE logged onto your computer during the maintenance window but you did not chose to defer within the 5 minute countdown notification asking you either to reboot or to defer the reboot.
- You ARE logged onto your computer during the maintenance window but you did not chose to defer within the 5 minute countdown notification asking you either to reboot or to defer the reboot.
Patches for the Windows operating system always require a reboot. Other Microsoft applications occasionally require a reboot. Third party application updates rarely require a computer reboot, but they generally do require an application to be closed in order to be patched.
What is the additional Patch My PC schedule for patching third party applications?
In addition to the maintenance window outside of normal business hours, Patch My PC will also try to automatically install third party patches during normal business hours under certain circumstances. It will try to do this starting on Thursday each week, two days after the previous third party patch release. If a pending third party patch has not installed during the previous two overnight maintenance windows, Patch My PC will try to automatically install it during the day. If the application to be patched is not open, then this will just happen in the background without disturbing you.
If you happen to be using the application at the time, you will receive a notification asking if you want to close the application so the patch can be installed ["Close and Install] ] or if you want defer to the next day ["Snooze Install"]. Please see the next FAQ entry for more information about handling patches for currently open applications.
How does Patch My PC handle applications at are in use?
The first time Patch My PC attempts to patch an application that you currently have open it will ask if you want to close the application so the patch can install or else defer the patch installation. If you defer, then Patch My PC will not try again until the next day unless the patch installs during the overnight maintenance window before then. If you do not make a choice, then after 5 minuets it will default defer and will not install the patch. The next time Patch My PC tries to update the application, it will repeat the attempt to do so silently in the background unless it again needs to prompt you to close the application or defer. You can defer up to four times
If the overnight maintenance windows and four daytime Patch My PC attempts all fail to install the patch, then on the fifth day Patch My PC will not allow you to defer the patch any longer. On attempt number five, if you also have the application open, then Patch My PC will give you a 5 minute countdown to close the application before it closes the application for you and patches it.
Each Tuesday the timers will end as the weekly cycle resets. Each previously pending patch you might have still needed will be re-released in the new weekly bundle unless it is replaced with yet a newer version of that patch. Patch My PC will not resume daytime installations (if needed) until the following Thursday.
Welcome to the University Wiki Service! Please use your IID (yourEID@eid.utexas.edu) when prompted for your email address during login or click here to enter your EID. If you are experiencing any issues loading content on pages, please try these steps to clear your browser cache.