by Scott Jack
Content Contributor, E-N Computers
7+ years experience in healthcare IT and tech support.
As an IT manager or business analyst, you know that failing to keep your systems patched and up to date can lead to huge financial and legal problems or can even destroy your business.
But updating and patching is time consuming and rarely goes smoothly. Can you trust an outsourced IT provider to do this work for you?
At ENC, we perform both automatic and manual updates to systems and software and follow up on failed updates.
We automate most Windows desktop and server patching, drivers, firmware, and a long list of popular applications. Automatic updates follow a regular schedule and end with a prompt to reboot.
We manually update failed automatic updates, mobile devices, Unix and Linux systems, line of business software, and network equipment. Manual updates can be handled during your normal onsite time or remotely during regular business hours (which can cause some downtime). If you want to have manual updates done outside of regular business hours, after-hours fees will be charged.
And there are a few things we don’t touch.
We’ll cover a detailed explanation of everything we automatically patch, manually patch, or don’t patch.
QUICK ANSWER:
How do you handle patch management for your IT managed service clients?
At E-N Computers, we use a combination of automatic and manual patching processes. We regularly monitor servers to make sure they are up-to-date. If a failed workstation patch causes problems, a technician will troubleshoot. Regularly restarting your computer is a simple way to make sure you get the latest updates.
Your role in successful patching
Automatic updates require that your computers are powered on and connected to the internet. Manual updates require an agreed-upon maintenance window where your staff and our technician will be available at the same time.
You can help by planning for this downtime and making sure your staff will be available to test the software. Often, this can be planned as part of your onsite support day.
We try to accommodate the client with our patching schedule, when necessary, but the process goes better when clients follow our time-tested procedures.
Automatic patches
We use ConnectWise Automate and Dell Command software to manage automatic updates for Windows and other select software. We monitor for critical out-of-cycle patches from Microsoft.
Windows (workstations)
Workstations running Windows 10 or 11 are automatically patched with Windows feature and quality updates. (Quality updates include security, critical, and driver updates provided by Microsoft.) This includes Windows 10 or 11 virtual desktops running on top of Hyper-V and Azure. We install feature updates two versions behind the latest version; you will always receive the most recent quality updates. This helps make sure your workstations remain stable and that the new version does not conflict with your other applications.
We schedule workstations to install updates daily between 12:00 PM and 3:00 PM to maximize the likelihood that computers will be online to complete the update.
Once updates are installed, the user will be prompted to reboot the computer. The prompt is labeled “E-N Computers System Message” and says:
Your workstation has had system or security updates installed and must be rebooted. Please save your work and restart your computer.
Users can close the prompt to dismiss it or click the “Reboot now” button. We don’t force workstations to reboot; the user can do so at their convenience. We strongly recommend rebooting at least once a week; regular reboots help keep your computer updated and running well.
Windows (servers)
Servers running Windows Server 2012 or newer are automatically patched with feature and quality updates once they have been approved by our engineers. This includes virtual servers running Windows Server on Hyper-V and Azure. They also apply to Remote Desktop terminal servers. Server updates are installed on Tuesday evenings from 9 to 11 PM. Clients with a name starting with A to N are scheduled for the 1st and 3rd week of each month. Clients with a name starting with O to Z are scheduled for the 2nd and 4th week of each month. Servers reboot after installing updates.
Third-party applications
The following third-party applications are automatically updated using a combination of ConnectWise Automate and Ninite.
- 7-Zip
- Adobe Acrobat Standard/Pro
- Adobe Reader
- Audacity
- Google Chrome
- Citrix Receiver
- CutePDF
- Dropbox
- Evernote
- Everything
- FileZilla
- Firefox
- Foxit PDF Reader
- GIMP
- Google Drive
- Google Earth
- GoToMeeting
- HandBrake
- ImgBurn
- InkScape
- iTunes
- Microsoft .NET 3.5 and up
- Microsoft Edge
- Microsoft OneDrive
- Notepad++
- OneDrive
- OpenOffice
- Opera
- Paint.NET
- PuTTY
- Skype
- TeamViewer
- TeraCopy
- Thunderbird
- VLC
- Webex
- WinDirStat
- WinRAR
- Zoom
Drivers and firmware
We automatically update drivers, firmware, and BIOS on Dell-branded workstations and physical servers (but not virtual hosts). The “E-N Computers System Message” will read:
Your computer has received BIOS, driver, and/or firmware updates and requires a reboot. Please reboot at your convenience.
For non-Dell computers, Windows Update may provide some automatic driver and firmware updates.
When automatic updates fail
Automatic updates occasionally fail. This can be because the device:
- needs a reboot.
- is off.
- is not connected to the internet.
- does not have enough available storage.
- is not configured correctly or there is a software conflict.
- is not running our management software.
Monitoring
We regularly monitor servers to make sure that they are fully updated. Our server engineers are able to resolve most failed updates remotely.
Workstations are not regularly monitored to make sure they are updated. Instead, our automated systems will retry updates and prompt users to reboot.
Meraki network equipment
We configure your Meraki network equipment to auto-update. Meraki notifies us of upcoming patches one to three weeks in advance. We will notify you about when the update is scheduled and ask that you inform us of any network issues that happen post-update.
Manual patches
Some software must be manually patched due to operating system limitations, a requirement for a physical non-network connection (like a USB or serial cable), or failed automatic updates.
Manual updates may count as change management time because they require more planning, coordination, and technician time. We will work with your liaison to determine which updates can realistically be accomplished during your on-site support day, and which will require additional time.
Windows (server)
We manually update your self-hosted SQL, Exchange, and SharePoint to make sure that they successfully complete.
macOS, iOS, and Android
Devices running macOS, iOS, and Android can be administered using web-based mobile device management (MDM) software like Meraki Systems Manager or Microsoft InTune. The MDM will tell your managed devices to automatically download updates but, due to limitations imposed by these operating systems, can only ask users to install the update. We offer this as an add-on to our managed service plans; otherwise, these devices will need to be manually updated by users or by a technician during an on-site day.
With or without an MDM solution, it’s likely that a technician will periodically have to track down these devices to make sure they are updated. (One benefit an MDM provides is a report of which OS version an device is running, potentially reducing the need to look at every device.) They will coordinate with your liaison to make sure the devices will be available during the on-site day. Because planning and updating can take a significant amount of time, we may recommend that other items be prioritized for the on-site day and that mobile device updates be done during billed change management time.
With your buy-in and support, the amount of time required to keep these devices updated can be reduced. You can work with employees to make sure they are setting aside time to update their mobile devices when prompted.
Unix/Linux
Unix and Linux systems are manually updated by engineers with more advanced skills. This is billed as change management time.
BIOS on Virtual Hosts
Virtual hosts are physical servers that host one or more virtual servers. BIOS is a low-level firmware that allows physical hardware and operating systems to work together. We manually update BIOS on virtual hosts to reduce the risk of “bricking”, or disabling, the server during an update.
Line of business applications
Line of business (LOB) applications are those that are critical to the function of your business. They include software for accounting, customer relationship management (CRM), electronic resource planning (ERP), and electronic health records (EHR).
Some software vendors include patching as part of your maintenance contract with them. If they do not, we can update the application manually. Because of the critical and complex nature of these updates, we charge them as change management time.
To make sure that a LOB update is successful, users must test the application after it is updated. Therefore, these updates must be scheduled so that their regular users are available to test and are prepared for downtime.
Network equipment and VoIP phone system
Network equipment — including switches, wireless access points (APs), network attached storage (NAS), network printers, and internet of things (IOT) devices — must be manually updated. A technician must be physically present because often these devices require a physical connection to a laptop, or their updates disrupt the network connection.
Your VoIP phone system must be manually updated for the same reason. This also allows us to make sure that your phones are functional immediately after the update.
Virtualization Software
Systems like VMware vSphere and Microsoft Hyper-V, which allow the creation and management of virtual machines (abstracted computers within a computer), must be updated manually. As mentioned above, the Windows VMs on top of them are auto-updated.
Systems and software we do not update
Websites. The security of your website is critical and requires keeping your content management systems updated. Please work with your marketing agency or web host to update any website-related systems.
Web-based software. Web applications are provided by software vendors on a subscription basis. As long as you pay the subscription, you will be able to access the latest version of the software. The vendor has full control over changes to the software; neither you nor we have any control over these updates. However, you may have to use a specific web browser or browser plug-in for the web app to work correctly. Examples of web-based software include Microsoft 365, Meraki Dashboard, Google Workspace, Salesforce, and HubSpot.
Bring Your Own Device. Your employees are responsible for updating equipment that they own. We do not manage updates for employee-owned devices such as smartphones, tablets, or personal computers, even if they are used for work. Also, we do not manage updates on company-owned devices that do not have our management tools installed.
Next Steps
Your patience is always appreciated when we work on your computer systems. Our goal is to make sure your systems are backed up, up to date, and secure. We want to make sure the job is done right the first time; a rush job may save a few minutes now but cost your workers more time and productivity down the line.
If you are a client with questions about the patching process, your account manager will be happy to assist. If you’re not a client but have an interest in outsourcing your patching, please schedule a meeting with one of our engineers.
Take the IT Maturity Assessment
Is your business ready to weather changes, including employee turnover? Find out by taking our IT maturity assessment.
You’ll get personalized action items that you can use to make improvements right away. Plus, you’ll have the opportunity to book a FREE IT strategy session to get even more insights into your IT needs.
Industries
Locations
Waynesboro, VA
Corporate HQ
215 Fifth St.
Waynesboro, VA 22980
Sales: 540-217-6261
Service: 540-885-3129
Accounting: 540-217-6260
Fax: 703-935-2665
Washington D.C.
1126 11th ST. NW
Suite 603
Washington, DC 20001-4366
Sales: 202-888-2770
Service: 866-692-9082
VA DCJS # 11-6604
Locations
Harrisonburg, VA
45 Newman Ave.
Harrisonburg, VA 22801
Sales: 540-569-3465
Service: 866-692-9082
Richmond, VA
3026A W. Cary St.
Richmond, VA 23221
Sales: 804-729-8835
Service: 866-692-9082