WIXLIB

BigFixPatch for Windows - User's Guide

Special noticeBefore using this information and the product it supports, read the information in Notices(on page 113).

Edition noticeThis edition applies to BigFix version 10 and to all subsequent releases and modificationsuntil otherwise indicated in new editions.

ContentsSpecial notice. 2Edition notice. 3Chapter 1. Patch for Windows User's Guide. 1Chapter 2. Overview. 3System requirements. 4Other languages supported. 58Site subscription.60Fixlet fields.60Chapter 3. Patch for Windows.63Patch using Fixlets.63Supersedence in Windows. 64Windows Patch Client settings. 66Patches for Windows Overview dashboard. 66Patch Overview dashboard.70Uninstalling patches.72Using the Rollback Task wizard. 72Troubleshooting uninstallation of patches. 74Fixing Corrupt Patches. 75Using the Corrupt Patch Deployment wizard. 76Patch Microsoft Office. 78Administrative Installation. 79Network Installation.80Local Installation.81

Contents vChapter 4. Installing and updating Click-to-Run products.82Installing and updating Click-to-Run products. 84Understanding how BigFix works with Click-to-Run. 86Setting up to download updates from a network share location.88Setting up the network share. 89Configuring the Update Path. 89Maintaining updates.90Enabling automatic updates.90Disabling automatic updates.91Removing the Update Path.91Deleting a network share.92Disabling the automatic upgrade of Office 365 – Office 2013 to Office 365 – Office2016.92Enabling the automatic upgrade of Office 365 – Office 2013 to Office 365 – Office2016.93Enabling Office 365 previous version Fixlets. 93Removing the update source setting.93Checking the Office 365 configuration. 94Chapter 5. Navigating Windows Application Update Patches in the BigFix console. 95Fixlet Maker dashboard overview. 97Creating custom Fixlets from templates.99Chapter 6. Using the custom repository setting feature.102Creating a custom repository setting. 103Delete a custom repository setting. 104Appendix A. Support. 106Appendix B. Frequently asked questions. 107

Contents viNotices.113

Chapter 1. Patch for WindowsBigFix Patch for Windows provides Fixlets for Microsoft security and non-securitypatches. Dashboards, wizards, and reports aid you in managing updates for variousendpoint devices.BigFix provides highly scalable, multi-platform, automated patch management solutions.Computers around the globe rely on the BigFix Unified Management Platform to deploycritical updates to workstations, servers and other devices, regardless of location, running awide variety of operating systems and applications.BigFix deploys in days, not months, so you can realize business value by meetingcompliance requirements, reducing organizational risk and containing costs.BigFix leads the patch management market in terms of breadth of coverage, speed,automation, and cost effectiveness of its solution. The solution, which includes deployinga multi-purpose, lightweight BigFix agent to all endpoint devices, supports a wide variety ofdevice types that range from workstations and servers to mobile and point-of-sale (POS)devices.New FeaturesSupport for Windows 10 Feature UpdatesBigFix Patches for Windows expanded its coverage to include support forWindows 10 Feature Updates of the Education, Enterprise, and Professionaleditions and their N variants. In this release, BigFix offers the customrepository feature. Supported editions: Education, Enterprise, Professional, Education N,Enterprise N, Professional N Architecture: x86, x64 Languages : English and JapaneseUpdates in the Custom Repository Settings feature tasksThe Custom Repository Settings feature tasks are now available in thePatching Support site instead of the Updates for Windows Applications site.

Patch for Windows - User's Guide 1 - Patch for Windows 2The Create or Update Custom Repository (Windows) task was retired andreplaced by the Set or Update Custom Repository (Windows) task, which isaccessible in the Patching Support site.

Chapter 2. OverviewPatch for Windows creates Fixlets for the patches that Microsoft issues. The BigFixagent checks the registry, systems language, and other factors to determine if the patchesare not installed or if an installed patch is corrupt. Notes placed in the Fixlet descriptionshelp Console Operators work around potential issues.BigFix Patch for Windows keeps your Windows clients current with the latest securityand non-security updates from Microsoft . BigFix Patch is available through the EnterpriseSecurity Fixlet site from BigFix.For each new patch issued by Microsoft , BigFix releases a Fixlet that identifies andremediates all the computers in your enterprise that need it. With a few keystrokes, theBigFix Console Operator can apply the patch to all relevant computers and view its progressas it deploys throughout the network.The BigFix agent checks the registry, file versions, the systems language, and other factorsto determine if a patch is necessary. Fixlets for Windows patches are divided into twomain classes:The patch has not been installed.These Fixlets check a combination of the Windows registry and theWindows file system to determine whether or not a patch is applicable.An installed patch is corrupt.These Fixlets check the registry and each file installed by the patch. If any ofthe files are older than the version installed by the patch, the Console Operatoris notified. A Fixlet describes the nature of the vulnerability and you can thenre-apply the patch.With this dual approach, you can differentiate between unpatched computers and those thathave regressed due to installation of an earlier version of the application or service pack.BigFix tests each Fixlet before it is released. This testing process often reveals issuesthat are addressed by attaching extra notes to the Fixlet . The Console Operator can usethese notes to work around the problem, adding extra value to the patching process. BigFixincorporates also user feedback into notes.

Patch for Windows - User's Guide 2 - Overview 4Examples of notes include: Note: An Administrative Logon is required for this IE patch to complete upon reboot. Note: Affected computers might report back as 'Pending Restart' when the update hasrun successfully, but do not report back their final status until the computer has beenrestarted. Note: To deploy this Fixlet , ensure that Windows Update service is not disabled. Note: Microsoft has announced that this update might be included in a futureservice pack or update rollup.System requirementsBigFix supports security and non-security updates for Microsoft and third-party operatingsystems and applications.Types of supported updatesBigFix supports the following types of Windows updates.Security updateRefers to security-related vulnerabilities.Cumulative updateRefers to updates that contain all the previously releasedupdates up to that update release. If you have installed previousupdates, only the new fixes that are contained in this packagewill be downloaded and installed to your computer.Non-security updateRefers to all other updates that are not included in the security updates type.There are several types of non-security updates. For more information, seehttp://support.microsoft.com/.BigFix supports the following non-security updates:Critical update

Patch for Windows - User's Guide 2 - Overview 5Refers to widely released fixes to address bugs that are criticalbut not related to security.Service packRefers to cumulative set of security, critical, and generalupdates. Service packs might also contain hot fixes or additionalfixes that were found internally since the last release. In somecases, service packs also contain design or feature changes thatwere requested by customers.UpdateRefers to widely released fixes to address bugs that are notcritical or not related to security.Note: BigFix generally provides support for updatesthat are found in the Microsoft Update Catalog. Insome instances, the updates require users to directlydownload the links. For more information, see aspx. Thislink requires the use of Internet Explorer.Update rollupRefers to updates that target a specific area, for examplesecurity or a product component. Update rollup is a cumulativeset of hot fixes, security updates, critical updates, and updatesthat are packaged for easy deployment.Note: BigFix generally provides support for updates that are found in the MicrosoftUpdate Catalog. In some instances, the updates require users to directly downloadthe links. For more information, see aspx. This link requires the use of Internet Explorer.

Patch for Windows - User's Guide 2 - Overview 6To learn more about the standard terminology that Microsoft uses, see x tries to stay close to the terms that the vendors use, such as the Microsoft patchcategory terminology. In some instances, Microsoft and BigFix use different category terms.For more information, see https://bigfix-wiki.hcltechsw.com/wikis/home?lang igFix.Supported operating systems and applicationsBigFix provides security and non-security updates for operating systems and applicationsin the Patch Management for Windows site. Non-security updates include critical updates,service packs, and general updates.BigFix supports the final release versions of the listed Microsoft products. Microsoftversions other than the final commercial release version, such as alpha, beta, preview,community technology previews (CTP), technical previews, and insider programs, are notsupported by BigFix.The following table lists the supported operating systems, applications, and theircorresponding updates types.Table 1. Supported operating systems and applications with the corresponding updatetypesSupport Type of Update Supporteded OSSecurityupdateNon-security updateCriticalService PackUpdateUpdate rollup---UpdateAntigenAntigenfor Ex change/SMTPcheck-

Patch for Windows - User's Guide 2 - Overview 7Table 1. Supported operating systems and applications with the corresponding updatetypes (continued)Support Type of Update Supporteded OSBingBing Barcheck----Search En 009BizTalkServer2013Host In tegration

Patch for Windows - User's Guide 2 - Overview 8Table 1. Supported operating systems and applications with the corresponding updatetypes (continued)Support Type of Update Supporteded OSServer2000Host In r2004Host In tegrationServer2006Host In tegrationServer2009Host In tegrationServer2010DeveloperTools, Run times, andRedistrib utables

Patch for Windows - User's Guide 2 - Overview 9Table 1. Supported operating systems and applications with the corresponding updatetypes (continued)Support Type of Update Supporteded eportViewer2008ReportViewer2010Visual Stu dio 2005Visual Stu dio 2008Visual Stu dio 2010Tools forOffice Run timeVisual Stu dio 2010Visual Stu dio 2012Visual Stu dio 2013

Patch for Windows - User's Guide 2 - Overview 10Table 1. Supported operating systems and applications with the corresponding updatetypes (continued)Support Type of Update Supporteded OSVisual Stu eckcheckcheckcheckcheckcheckcheckcheckcheckdio 2015ExchangeExchange2000 Serv erExchangeServer2003ExchangeServer2007 andAbove An eServer2013

Patch for Windows - User's Guide 2 - Overview 11Table 1. Supported operating systems and applications with the corresponding updatetypes (continued)Support Type of Update Supporteded Server2019ExpressionExpressionDesign 1ExpressionDesign 2ExpressionDesign 3ExpressionDesign 4ExpressionMedia 2ExpressionMedia V1ExpressionWeb 3ExpressionWeb 4Forefront

Patch for Windows - User's Guide 2 - Overview 12Table 1. Supported operating systems and applications with the corresponding updatetypes (continued)Support Type of Update Supporteded ck----check----check----Client Se curityFore front codenamedStirling Be ta ntityManager2010 ategoryForefrontServer Se