Ecora Patch Manager 5.0 User Manual
Contents
1. ih T A emm i e m J Pus Falibacs irat Fink Corm geen at he bin m j Ge aud i HI D J gesi ee EZ ip gem AI ae Ti be E Qus Pac LN LE em eee ie mum Sani met ri fart F d z a rx TILES ES Hasrg Pace ns alain CODE AC PC aE ee icai Pinte L CE i am DX 24 aua Tia uw LIL TH Y LI ar IP IL bal map JC K Sie E a ere L an biip mn ACER p Kei uj aurum d md EA ERR AX Lame CDI ee ee ep ebek Mag Tere Puck pa eh LU D ee SLIP e Piece ee P ch LI D E y mu eee li Mu Web jh UF ae a e P wh LJ T al ar g HGH ire a E DE mar Lem v am E Once you have finished selecting patches to install click on the Push button If any of the patches you selected are not already downloaded you will be prompted to Download them or Skip If prompted manage your patch repository collection of archived patches and click Download Now or schedule download Proceed with creating and defining settings for a push or rollback job Remediation setting defaults can be set by systems and groups vs individual installation jobs Choose Tools Systems Grouping select a system or group click the Properties button and click on the Remediation tab Windows or Unix Notes Patch Manager allows configuration of an optional user delay or cancel for installation Some patches require user input additional steps or post status messages Some MS SQL patches require additional steps2. IT LL KE HL m e n u e LCD AG PvE E GR Lene Xu Larson Peck taro Fach Bg Conectar TH LA Lem SD SEIT Leen Pik fave Fh ODA AGS WP TAA E Mu 6 SPI arca Fach Tace Fach 2 S S elect the patch for p LCORACA OR OPEN D T weg g e ic ated CIE b E rai uf geg Ken MS ECORAGA GA DOLI r i i which you wish to u CORA AT PLE 7 AUT a Se kisii Fn pm TEST be WEI Min modify or add notes Ag oomai Pur p Men Plagas mn OE m aan wi cay Larosa le H 6 Wain Ta me im 280013 erung or properties tomar vy L en Made P Az eg nm LCDRADA ow RE Drie ia Pace Visus WEDAM m Mri TT eE seg O BHT Bg cone at v Msi pm o LEN ion zm HET pus STEHT Mm ar 3 Click the Properties button By Lorca e Leiwt By Cconacacemcs emo o Halte 824146 Patch Found By LCOPAGA Doone Depleted bira Dep miri mme ri Then fei TE CB al hir T eene Sege LU m erg eegen Vaca OG and cm num TT ETE ui Ve OE T DERE RS en E LUPICE rei Vera LU 21 ge mu m Ma ch NS D eg iw MNT apum E upesa di bas Ce poets Vans T1 21S DAT DE ei oh maps Ld EI a The iipung gpl risina me tag e SOF Tu ben nom I en om aT rmn mace d nane all d m WH kih ea a morri Ca Hra E ome Moin Acte ke MULIER DP Tee E Denge PP rana Cice kb Cote D non DIOT d Dee Perad UO Tuna a Dee feed OCH om DE LI ae RE mapas ies Pear cenam inicial p cee Leanai Leg KM Pezege Proce Cal RPC na pace ui unma by Be e ricos opum tg Ten BFT pee as r m qr ege Sep caer Pea sen 8 Mens rem ra trm sey ee rar
3. Once an analysis is displayed after scanning the network the main interface Is split into three window panes The left window pane contains three tabs that allow you to choose how you wish to organize your results The Hosts tab displays the machines analyzed The Products tab displays the available platforms products for which patches have been analyzed The Patches tab displays the patches located or available for all selected systems ns Trams es ee Apinn eS eS Paler e LIESS SEHE A Iu i gsfeen ee ja Pe m a Fr mrs td E Hergan A tL a CRL EH d eg zm 2 LUE F Lor iD ix E mm m TE ZTE Liam E gr d paire AM 347 M a nm aim Rachen a EL s E Jo Eet a RI ete Pay mam 3170 Gui amar Exo WILLE CDRA NTE D Y m irea ha zm Cum num Be EVENT s DE LI pp med Sg RM T SIL AL Pal mi V NR SH W a g erae aci T In TOR Saree Et Leem Fark Zeg Pac V CTHNALR A Heres E a emu mmm let LGS Jn TA tame Db beega Fh ege Fun i KR CDRAGA FCHILTLAMD a as etn Zeta Pici War IE MO TES Sapte Pacha T Pinch LCOPRAGa JH Cd D Yu g ux m laco m ZER A L FIRE ad oe SZ rw aL oe Bg Meia BAL a ja aic Faure a ENS mm set RE kee rara ay Bg M ttes RATTLE v y amm Aa REI Vara Mayen MU EP ET am be DEI WT OD L EDERA DAA Ki Yee lm ts Ton um mmn geg EET SL du Bg Con muer Mu Yee bus Pun miera YE m mua iire EEk 11 RR ki T H bia the Is ce LPR enm rer sri Kee Ber AE fares four WW DS e Beien HESS Mile
4. 8 Click OK to return to OB C NER the Archiving dialog Database PatchManagerhrchiveDSN Data Directory JE Program Files E cora Patch Manager 4 Use existing database Database EcoraAuditorD B36 Troubleshooting Please refer to the online help system for troubleshooting information on the following Connecting amp Scannin Analysis Under the Hood Patch Repositories Push Patch Installation Service Packs Microsoft Patches SQL Patches Log Files Reporting Center Optional Agent Migrating from Patch Manager 3 x Port Usage Command Line Operation Limiting DB Memory Usage The online help system includes appendices containing specialized information such as command line operation and port usage for Patch manager communication v Tip The Support area of Ecora s website http www ecora com ecora support includes links to the system requirements start up guides evaluation guides helpful tools and utilities and the FAQs Frequently Asked Questions page includes information about common questions and answers you might find helpful Copyright Ecora Software Corporation e www ecora com 77 Ecora Copyright Notice Copyright 1999 2006 Ecora Software Corporation All rights reserved Ecora Patch Manager PatchLite PatchMeister PatchMeister Pro Enterprise Auditor Configuration Reporter Configuration Auditor ecora com Ecora Application Server My ecora an
5. Ecora Patch Manager 5 0 User Manual Table of Contents It ect Renn TEE 3 User Interface Overview c cece cece cee eeee ee ee ee ence E E E EEE E EEEE 4 SON ScPPOIGFSHCOS urpertvbppotP tere titiude b VARI PERPE CPI PUDE Ur Paria EPI PEE naan 8 Pay Tee TRE NCE WCC MET TETTE 15 Discovering Systems cc cece cece ee teee een e eee e eee nnne enne naar anna sanas nnns 17 Discovering WIDOOWS S VSUOITIS EE 17 Specifying UNIX E EE 20 Managing Systems amp Groupe 23 System amp Group E telen dE 24 ndor t in Ma Lee en EE 28 leie 31 Installing Patches e Leer 32 Using RollDaCK sra KREE hah kh ERRERERXyEYRRRERRERSENFREERR NNN KKK NEEN ENN KEE KEEN KK KKK NNN ER PUSR elle te TODS EE 33 FOO SOLOING e TT UT IE 33 EE 35 Patch Repository Management 36 Patch Repository Maintenance 37 ies e gell ET T Tm 39 Giro ie T 42 Interface OVELPVICW i sirsisiisrerirsisissrsea nainii ee ee eee EE AAA aaa nnns 42 befinibg a GUStom Applicat Le EE 43 Defining s Custom PalbCILsoseceskwsas a kddasdag e wikis v pP adiu ori ETE Karin adde aca X aide a AU MORE RW n dnd 46 Exporting Custom Package 48 Importing ef geing EE 49 Schedbllhidg Patch Pel SIS EE 50 WIndowWs Task d EE EE 51 SI IS Le piu pe cree arbe pra eee ate amen ten panes Rectum m aes rates Bauer GU ACE QURE eae 52 Scheduling Updates 52 MIG rating te DALDA eis ias ap CRM da ERE E ERE CR RERUM HORE TCU EO eee 53 Agent Install
6. i B windows Server 2003 Standard Edition Bg windows Server 2003 Web Edition Windows xP Professional LJ Applications El Products with new patches tJ Exchange 2000 Enterprise Server i C Exchange 2000 Server tJ Exchange Server 5 5 i C Outlook 2000 i C Qutlook 2002 i Outlook 2003 i C Windows 2000 Advanced Server i C Windows 2000 Professional i C Windows 2000 Server v msjavx85 exe 300845 MS02 013 v 309521 86 exe 303521 MS01 054 V Q311967_WXP_SP1_x86 exe 0313450_WXP_SP1_x96 exe 311967 313450 MS02 017 MS02 012 Q314147 WXP SP1 s ee 314147 MS02 006 Q315000_W lt P_SP1_x86 exe 315000 MS01 059 msxml4qfe exe SINE 502 008 0318138 WXP SP1 x85 exe 318138 MS02 023 318202 MSXML20 x86 exe 318202 MS02 008 2318203 MSXML30 x85 exe 318203 MS02 008 0323172_WXP_SP1_x86 exe 323255 WXP SP2 s ee 323172 323255 MS02 048 MS02 055 324096 WXP SP1 s ee 324380 web SP1 s ee 324096 324380 MS02 053 MS02 051 326830 WXP SP1 s ee 0328310 web SP2 s ee 326830 328310 MS02 045 MS02 071 328310 web SP2 s ee 0328940_WXP_SP1_x96 exe 328310 328940 MS02 071 MS02 060 23283048 Wb SP2 x8B exe 0323048 WAP SP2 x85 exe 323048 323048 MS02 054 MS02 054 3328115 wXP SP2 tb eye 328115 MS02 050 In the right pane locate and
7. je WHALEBACK No VWRITER DEB No ECORADA 4 Click Next gt i BUNNTEAHS Mo See Mo 5 Enter valid credentials for accessing the target host ior Copyright Ecora Software Corporation e www ecora com es 70 E Configuration Wizard 2 Erte Credentials 6 Enter an email address from which reports will be sent Logon information Far ECURAG AAT ON User Name domain user lecora administrator Password ben OE Confirm password 7 Enter a valid SMTP server for mail exchange BARRE Click Next gt Mail settings l Email address for the Reporting Center 9 Click Finish fre ecora com after confirm ing Specify the SMTP server for Reporting Center successful mail ecora carr Bn installation VTi p The Reporting Center is located at URL shared system name EcoraReportingCenter where shared system name is the server where you installed it during setup a server with IIS and Microsoft Net Using the Reporting Center l Access the online reporting center V Tip The Reporting Center is located at URL shared system name EcoraReportingCenter where shared system name is the server where you installed it during setup a server with IIS and Microsoft Net 2 f prompted select or enter your login enter oi your password and click OK E 3 Select the report you want from the drop 3 mmm down list Use the down arrow to expand a gro
8. on the ta rget systems target systems being updated To enable the software Enable Solaris Repository to collect all Syst Terminal configuration information root File Transfer password is required Protocol Click on the File tab SSES Password Select a Protocol from the drop down list S read more about using SSH Enter a Username with which to transfer files Enter and confirm the Password for the user name ONLY if you wish to change optional settings such as using alternate ports click the Advanced button E Advanced Unix Repository Settings Ed E4 A Enter or select a Connection delay milliseconds If supplied the software waits this length of time after logging in before attempting to transmit anything to the target system Terminal Connection Settings User Settings Login Prompt Jusermame Connection Delay B Enter the User login prompt for the repository If supplied the software waits for this text to appear on the connection before attempting to log into the system If nothing is specified it immediately attempts to login once the connection is established Root Settings Login Prompt Connection Delay C Enter or select a Root connection delay in milliseconds If supplied the software waits this length of time after logging in before attempting to transmit anything to the target system D Enter the Root login prompt If supplied the software waits for this
9. 9 Click Close Eh Avent Configuration Bandwidth Percent Polling Interval Maximum number of lage Maximum log size in KB Copyright Ecora Software Corporation e www ecora com e 58 Scheduling Analysis for Agents To schedule ongoing agent analysis P Tip The following instructions set up recurring scans but you can also schedule scans as non agent systems are scheduled see Scheduling Analysis 1 Choose Tools Agents or click on the Agent button Locate and select the agent you wish to schedule Click the Schedule Analysis button and set the frequency for Schedule Scan automatic analysis on a recurring DECR basis 4 Click in the checkbox to Enable Daily scheduled analysis O weekly 5 Choose Daily Weekly or C Monthly Monthly for the frequency of automatic analysis 6 Set the start date day and or time for recurring scans 7 Click OK Copyright Ecora Software Corporation e www ecora com e 59 Using Alerts amp Triggers Triggers and alert allow you to define conditions that result in actions For example you may choose to establish a trigger condition for a new patch or an analysis failure then add an alert in the form of email notification if that condition trigger is met To configure the software for triggers amp alerts 1 2 10 11 Run the Ecora software Choose File Settings from the menu Click on the Alerting tab In the M
10. ECORAGA Windows 2000 ECORAGA Windows XP the Select button using the ECORA Windows XP H i Gear Windows tab for Windows systems and the Unix tab for Unix systems License GroupObject N A ll Systems 6 If you wish to manage groups click on the Systems Management button 7 Verify that the systems you Secte want analyzed all appear in the Selected Systems lower pane Copyright Ecora Software Corporation e www ecora com 15 10 11 12 13 14 15 16 17 Click on the Select Products and Patches tab Click in the checkbox to enable Use Selective Scan to limit analysis to specific products or patches Note If no patches applications or operating systems match your selections the results will be empty Use the tree in the left pane to locate and select the operating system s and or applications to analyze Q System Selection 2 x Select Systems Select Products and Patches Use selective scan Products St All Operating Systems POR Windows 2000 Advanced Server DERBI Windows 2000 Professional DOR Windows 2000 Server DOR Windows NT Server 4 0 DOR Windows NT Server 4 0 Enterprise Edition P RB Windows NT Server 4 0 Terminal Server Edition DOR Windows NT Workstation 4 0 P0 RB Windows Server 2003 for Small Business Server DOR Windows Server 2003 Datacenter Edition DERBI Windows Server 2003 Enterprise Edition
11. Homing Report H x Task Schedule Settings Scheduled T ask Completed v Stop the task if it runs ior 72 ES hours 0 minute s Idle Time Only start the task if the computer has been idle for at least 10 On the Settings tab set any time limits for T Ete the task Idle Time required or Power Management preferences Show multiple schedules If the computer has not been idle that long retry For up to minute s 11 Click Apply Stop the task if the computer ceases to be idle 12 Click OK Power Management Don t start the task if the computer is running on batteries For information on upgrading scheduled tasks see Troubleshooting Stop the task if battery mode begins eed Ame Copyright Ecora Software Corporation e www ecora com 51 Getting Updates The Ecora staff is committed to continually improving the products and will make the enhancements available to customers through our website The upgrade utility enables you to apply new software packages and new patch database content provided by Ecora TO upgrade 1 Run the Ecora software y Update 3 Select the component to update Patch Manager software Solaris Knowledge Database Windows Knowledge Database Reporting Center 2 Click on the Update button or choose File 4 Click in the checkbox for sz E l 2 x I ns
12. Internet Explorer OU Patches 50 1 out of 2 patches installed f Passing SQL Server 2000 Patches 50 amp 3 out of 6 patches installed E 6 Click Go Browse the resulting report Y Tips af Patches O4 21 out of 21 patches im Options left blank or ECORAQANOAYTON P Lee d System reen XP Professional Messing Internet Explerer Patches Fi 12 out of 12 patches installed Messing Microsoft SCH Server 2000 Desktop Engine MSDE 2000 Patches IQ out oF 2pachesistaled ng Wen Meda Mayes Ter doe ALME DS Bet 6 patches ietaled not selected return ALL vs none by default An asterisk functions as a wildcard in a search returning ANY character as a match The About link provides version information The two Export Report links save the report to DOC or CSV format The online Reporting Center performance varies based on how recently the Microsoft NET pages have been compiled and or restarted The Microsoft includes information about optimizing the machine config file Copyright Ecora Software Corporation 72 Administering the Reporting Center Reporting Center Settings 1 The first time you access the Reporting Center or by choosing Administration Settings in the left pane you may be prompted for Settings to configure the Reporting Center Specify the S
13. Loads an application definition from another Patch Manager installation user jd e see Exporting a Custom Application Copyright Ecora Software Corporation e www ecora com s 42 Defining a Custom Application L eae N Click the Add button to define the new application properties E Application Properties ajx Define the custom application to be managed Name Enterprise Auditor lor Language English m Application version m Description Change amp Configuration Management Files check Files check Fath sFillename Registry keys check Hemove Enter the Name of the application which will appear as a new tab in analysis Click on the I con button to locate and select the image to associate with application Accept or change the language via the drop down menu at the right Enter the Version of the application Enter a Description for the application Under the Extended Parameters area in the lower left pane select Files Check and click Add Copyright Ecora Software Corporation e www ecora com s 43 8 Enter the path or use the Custom Files Definition Browse button to locate the path to a file that indicates this application is installed Path ProgramPles Ecora udtor40 bin auditor exe Select a filter from the drop Mac ProgramPiles lia down and use the Add Macro button if the application follows one of the three provided Version 0 6038 18002 installat
14. Password XXXXXXXX Upload Path ECORADIR Enter and confirm the Password for the user name Copyright Ecora Software Corporation e www ecora com e 20 18 Accept the Upload Path not editable in this version 19 If you wish to change ports prompts or delays click the Advanced button 20 21 22 A Enter or select a Connection delay milliseconds f RRR x supplied the software waits this length of time after logging in before attempting to transmit anything to the target system B Enter the User login prompt for the repository If supplied the software waits for this text to appear on the connection before attempting to log into the system If nothing is specified it immediately attempts to login once the connection is established C Enter or select a Root connection delay in milliseconds If supplied the software waits this length of time after logging in before attempting to transmit anything to the target system D Enter the Root login prompt If supplied the Terminal Connection Settings User Settings Login Prampt usemame Connection Delay 15 Foot Settings Login Prompt froot Connection Delay software waits for this text to appear on the connection before attempting to log into the system If nothing is specified it immediately attempts to login once the connection is established E Specify the Connection Protocol Port number for terminal connections
15. Windows 7 D i 1 TON ECORAGLLA ecoraga administrabi Windows 000 Ge EE 2 If all the systems you wish to involve are listed proceed to the next step If not click Discover and locate additional systems on which to deploy agents 3 Select the systems or groups of systems on which you wish to install the agent software Copyright Ecora Software Corporation e www ecora com e 55 Optional Agent Deployment 4 Click the Deploy Agent button Click Next gt Confirm Add or Remove systems from the list selected for agent deployment and click Next gt 7 Once installation is confirmed click Finish Optional Agent Deployment For instructions on manual agent installation see Troubleshooting Optional Agent Copyright Ecora Software Corporation e www ecora com e 56 Agent Management Version 4 0 introduces the additional capability in Ecora Patch Manager to deploys a software agent package to systems which communicates with a server for patch installation and system analysis This architecture is called the Optional Agent Manager and uses the Patch Manager console as the master server and installs agent software on client systems that need patch management services The optional agent solution provides the flexibility to effectively handle hardened devices and systems connected to the network inconsistently The following are concepts and definitions apply e Agent Manager the
16. to restart the machine Click on the Unix 21 xl Systems ta b Select those global settings from Systems Management you wish to override for this jab Click the Override Ignore Windows Systems Ung Systems Single User Mode option if you wish this job to deviate from your global settings v Override Ignore single user made v Override always use single user mode C True f True f False False If yOU enabled Override v wveride Patch Repository Ignore Single User Mode select True or False Click the Override Always Use Single User Prompt for job settings every time Mode option if you wish Hel EENEN ement this job to deviate from 1 your global settings Execute patch from repository C Copy patch from repository If you enabled Override Always Use Single User Mode select True or False Click the Override Patch Repository option if you wish this job to deviate from your global settings Copyright Ecora Software Corporation e www ecora com e 33 17 1f you enabled Override Patch Repository select Execute patch from repository or Copy patch from repository 18 Enable the checkbox to Prompt for job settings every time if you wish to have a chance to change these settings each time 19 Click on the Systems Management button if you wish to change any global settings 20 Click OK User Delay To accommodate users working at systems you are attempting to patch and or reboot Pat
17. 0 uses the default for the selected protocol F Specify the Connection Protocol Port number for file transfers 0 uses the default for the selected protocol P Tips Entering a ZERO 0 value for any advanced settings will use the defaults A non zero value in any of the connection delays will cause the software to delay that amount of time after a login or after issuing the su command in the case of root delay before the software will execute any commands The software follows the normal login procedure send username send password then waits n milliseconds before returning connection complete A non zero value in either of the prompt settings causes the software to after the normal login procedure search for the string entered as the users prompt Click on the Remediation Settings tab Click in the checkbox for Copy patches directly to the target system OR Click in the checkbox for Use NFS mounted repository and verify or change the Repository Mount Path Enter a pre installation warning message broadcast to all connected users E EcoraPatchManager 2 x System Settings Connection Settings Remediation Repository Copy patches directly to the target system Remediation Settings C Use NFS mounted repository Repository Mount Path Pre installation Settings Pre install Warning Message Pre install Script Path V Validate Patches Validation Method MD5
18. 36 0 Every day at 18 00 2005 07 17 13 23 21 Every day at 18 0C 2005021712353 Every daya 153 00 2005 0217 13 35 Every day at 18 00 120050217 133628 Every day at 13 00 20050217 1336 2 Every day at 18 00 2005402 17 13 356 VE E vesy dog an 13 00 1200541917 13 35 34 Every day at 19 00 Pt 7 T2004 25 02 17 12 04 41 2005 02 17 12 04 48 2005 02 37 12 04 48 2005 09 17 12 04 41 2OOS CO 17 12 04 40 12005 0217 1204 a 20050217 1204 4 2005 0217 12 04 Al 12005 0217 12 04 4 2005 00 17 1204 4 name matching on offline status last contact BILANI 1 001 112 i Up To Dae 20050217 13353 Evesy day at 1300 MAMA EE Up To Date 20050217 13 36 2 Every day a 13 00 2 UpToDate 200502 300 2 4 Review the data about deployed agents including sortable columns for each agent s Domain System Status Version Version Status Last Communicated timestamp Scheduled patch analysis scheduled time Last Analyzed timestamp Last IP address Polling Interval in minutes and Bandwidth Percentage 5 Click Un install Agent to start the wizard to remove the agent from the selected system E Criteria Container 6 Click Schedule Analysis to set the frequency start date and time for automatic analysis on a recurring basis 7 Click Refresh to update the displayed information Offline 8 Click Properties to review or edit the selected agent s settings bandwidth polling logs
19. BIGMOUN TAIN Domain Controller es BSP BILL Server Ho BSP BRACE Server Mn BSP BPELTIER wiek Server No BSP BUNN A Server Mn BSP BUZZ Workstation No t SP d CHEYEN NE N i i i i j i l Em m uu n Y aun BSP CITRIER2 Server Mn BSP COMP10 Workstation Mn BSP DATA Server Mn BSP DATABASE Server No BSP DAYTON Workstation No BSF DEW30 Workstation No BSP DEVMMINC A Workstation Mn BSP D vLP 04 Workstation Mn BSP BALATI Server Mn BSP GERMAN SOL M Server Mn BSP GERMANY MH Server Ho Copyright Ecora Software Corporation e www ecora com e 18 1 Since you selected Specify Hosts you must select a method Click on any or all of the following tabs Net Browsing allows you to enter the domain and computer name s you wish to use IP allows you to enter the IP addresses of the systems you with to use or to import a list of IP addresses IP Ranges allows you to enter pair of IP addresses and discover all systems with IP addresses between them 2 On the Net Browsing tab enter a domain and computer name and click Add A Note You can also choose to save to file or load from file see file format 3 On the IP tab enter the IP address of a system 4 Enter the username and password and confirm the password and click Add S Note You can also choose to save to file or load from file see file format 5 Enter the time limit in minutes during which the software will i discover systems fans
20. Data Sources to define one E Archiving A x Enable Archiving Task Type Move Archive DON Settings Manage Data Source ee 3st recent camna 3 Select the Task Type from the drop down list Move Delete x E Archiving Enable Archiving Task Type Move lia Archive OSM Settings Patch rchiveD 5N lia Manage Data Source Options By Scar Hetaiti most recent compeletd system scans By Timeframe Retain Months Never retain failed system scans Apply only to selected systems View Archive Choose an existing data source from the drop down list click the Discover Servers button to detect servers to populate the drop down In the Options area click in the radio button for keeping a number of most recent scans or to specify a timeframe and specify that time frame If By Scan specify the number of scans to preserve If By Timeframe specify a the number of days weeks months or years from the drop down to preserve Click the Never retain failed system scans checkbox if you wish to delete all failed system scans from Patch Manager database before archiving task starts If not checked archiving preserves failed and successful scan results 8 Click the Apply only to selected systems checkbox if you wish to specify certain systems for data archiving vs defaulting to applying these archive settings to ALL systems If you select this opti
21. Hass F ee Es oon RR dad bm Pariri Pala apa cue cuu es e ce ak re ene ven ROT nails PS uli pigs rfetk Pucca maii The left window pane contains three tabs that allow you to choose how you wish to organize your analysis The Hosts tab displays the data and network structure allowing you to drill down expanding on the plus signs through reports OS and domains to systems The Products tab displays supported items for patch analysis such as OS IIS SQL The Patches tab displays all relevant patches and service packs in numerical order The Policy tab displays all policies relevant to the selected scan available only with the Policy view is active Copyright Ecora Software Corporation e www ecora com 4 Right clicking is the method for drilling down to additional detail in the report Right click on any item to see if a Jump to view is available for related information ey EN 2003407 10T10 35 28 E EN Microsoft Patches P NTM L p 92355 p 32493 L P RI L P 328310 P 326970 d P 329048 P 323115 L ge 325170 Tithe Unchecked Bulle in Windows Shed Could Enable System The upper right window pane displays the patches relevant to the selection in the left pane and applicable to the active tab above It provides sortable columns of patch data check boxes for selecting patches for Push installation and Rollback un installation Click in a checkbox to select that patch for installation push or
22. It does NOT include usability or functional bug fix information Due to the importance of security in today s IT environments Patch Manager will err in favor of providing more information in hopes of making a greater contribution to environments analyzed Analysis Icons The follow icons are used in the patch analysis display S B d al E W Installed Partial Analysis Key Installed Missing Warning Note Error Service Pack Patch Superseded Withdrawn Patch Prerequisite Patch Undetermined Patch Not Required Patch Patch was detected as installed The Registry key indicates that the patch has been installed but it may have been overwritten Further research is suggested Patch was not detected as installed A DLL file that is part of this patch was detected at a higher version than expected This is generally not problematic but should prompt additional research and or verification Patch status was not conclusively determined includes a note with more information System could not be analyzed no access machine down etc Service pack which is a collection of patches and hotfixes Patch a piece of code that fixes improves or secures an existing application or operating system Patch that has been superseded by a subsequent patch Patch has been withdrawn Install the recommended patch or rollback to the approved prior revision Patch is required prior to installin
23. Language Dutch English Patch Mame Finnish C Filter by Patch Name French German Contains International Use the Shift and Ctrl keys for selecting multiple operating systems ar applications Italian Click in the checkbox to enable filtering limiting the view according to criteria If you wish to limit the view to selected software click in the checkbox for filtering by OS and Application Select the operating systems and applications for which to display patches in the Repository Manager If you wish to limit the view to selected languages click in the checkbox for filtering by Language Select the language s for which to display patches in the Repository Manager If you wish to limit the view to specific hotfixes click in the checkbox for filtering by Hotfix Select an operator from the drop down list Equals Does Not Equal Contains Does Not Contain Enter the string to be matched If you wish to limit the view to specific bulletin click in the checkbox for filtering by Bulletin Select an operator from the drop down list Equals Does Not Equal Contains Does Not Contain 12 Enter the string to be matched 13 If you wish to limit the view to specific patch click in the checkbox for filtering by Patch Name 14 Select an operator from the drop down list Equals Does Not Equal Contains Does Not Contain 15 Enter the string to be matched 16 Click the OK button to acce
24. and file transfer connections to the system to validate the information Click Close to implement and close Copyright Ecora Software Corporation e www ecora com s 22 Managing Systems amp Groups 1 Run the software 2 Choose Tools System Grouping from the menu E Systems Management 1 A x Manage Sustems Groups Eesen Less All Systems Systems Windows 7 m BOSTON Jean fecormqadninish Wreovs 2000 Ee DAY TOM ECORAGA ecoraqa adrministrati Windows 2000 Sel ASMUA ECORAGA ecoaqudmeh windowsxp e PORTLAND ECORAGA windows 2000 e 3 Remove mS TIER In the Groups area click on the New button Enter a name and description for the new group and click OK Select the group in the Groups pane to which you wish to add system s pr P E In the Systems pane select those systems you wish to add to the group V Tip Click Discover if you wish to locate additional systems 7 Click Add to include the selected systems into the selected group 8 Use the Search button to locate systems by name role OS etc m E 9 Enter your search criteria The search uses SQL 3 Jpadies style queries so 96 is a wildcard entering A96 in 4 jUsNme lr the name field will return all systems with a name 5 os Windows starting with the letter A amp Role Workstatio Copyright Ecora Software Corporation e www ecora com s 23 10 Select a group or system and click on the
25. cuisine ee Be bL Cigar Lafen Tuten ET APC emeng hd r Ee Ae d pra iis rte fr meters Tree en free dimi abadian wi p cd ACEI Leeog Bag s m n emersit a Cel Cap ce te a ek CAR gen tara oe op o rd ore at cond ors ri dne Lon Te Bea s t iem Fee kaafe o oaa serene Tree Iu ET rc mM Tam ui bo gum gn up ILI LETRCIINMLOT IE pes fen Se sai ua aer Lead Eu en ge P Feet tte Jo eer rd ee ee Ee r IP EI Se ee E RO e e ee ee Colo at M Di berena ma lal Tha ache Qe Dan bap able i LG Fy cfr om ee eked Petaling besi cae Pare dr flee data ni ptg ju ab IRC r hal ge ge i beep Be e i A2 a A momo eee mp pm M e md be R Ra e a R Rei m sm M mm iR D Aa E mm Mans m ee DR a m GR S RA UA m E Custom Patch Attibutes Management E PatchName S e EENS Im a mm Tas errei 0 No e oo sm wweuee o be e e Tat ReporingCertermsi0 e em ooo Ta2 Rbupdeteere o e e im o o EIERE ms 3750 exe 1 No All No we msmte o e No e P Nejesmee o No mw o mrjows eot o ww ww im wejosmee o No e e D mmjossesee o eoo e E 4 On the Manage Notes tab select an existing note tab or click the New button 5 Name the Note or accept the numbered default and click OK 6 Place the cursor in the text field and enter or edit text for the note zl lx 4 EcoraPatchManager Manage Notes Approve Rollback Ignore Patch This DID have a conflict with our custom billing app in the test lab 7 D
26. fielstional database list or press the Manage Select a data source from the drop down list or click on Manage Data Sources to set Data Sources button to define one for details see Data Source PatchManageDSN ia Database Setup SOL or MSDE authentication method and active database Copyright Ecora Software Corporation e www ecora com 9 17 18 19 20 21 22 23 Click on the Alerting tab ax In the Alerting area click Mening in the Enable checkbox to Gate enable monitoring ES Use the drop down list to Interval 10 minutes select an interval in i e SNMP Alerts minutes minimum 10 E Enable minutes to set how often the software checks for the SNMP Manage HUB SSS conditions you define Port 162 In the Service Log On Email SMTF Alerts area either select Local v Enable System Account or to SMTP Server company 000000000000 specify the Account and Part 25 enter valid credentials Max attachment size 10230 H KB In the SNMP Alerts area click in the Enable checkbox to enable alerts via SNMP traps Enter the SNMP Manager name and Port number The SNMP Manager can be the name of any server running an application capable of receiving SNMP traps In the Email SMTP Alerts area click in the Enable checkbox to enable alerts via email Enter the SMTP Server name Port number and the Maximum Attachment Size reports can get
27. in distributed environments Note Note that only the main repository is automatically updated through Patch Manager To keep additional repositories updated use database replication 30 Click on the UNC Repository tab 31 Enter the UNC path to the repository or use the Browse button to locate one 32 Enter a Username and Password with which to access the repository 33 Click Add to finish entering the repository causing it to appear in the defined list 34 To edit a defined repository select it from the list click Properties button change the path or credentials then click the same button now Save Changes to complete 35 Click on the URL Repository tab 4 Notes Agent Manager must be installed to use alternate URL repositories If it is not you are prompted pec Me to install You must establish the web enabled repository remm outside Patch Manager software If you install a new website through IIS specify the port through which patches are downloaded and indicate that port here Enable Alternate Repositories UNC Repositoy URL Repository 36 Enter the URL for a web repository The format is http hostname port share is optional 37 Click Add to finish entering the repository causing it to appear in the defined list 38 To edit a defined repository select it from the list click Properties button change the URL then click the same button now labelled Save Changes to compl
28. including installation time grouping and reboot options see Installing Patches Update Updates the software or database with the latest from Ecora s website see Getting Updates M B Agents Accesses the dialog box in which to manage agents which systems have agents how often agent systems will be scanned and other settings see Optional Agent What s This Accesses a brief explanation of the next item clicked in the user interface RS All Displays all service packs hotfixes notes and warnings for both installed and not installed patches applicable the selected system EHE I nstalled Displays all available and compatible patches detected as installed Missing Displays all compatible patches for the selected system detected as not installed Policy Displays patches and systems according to compliance with user defined policies see Using Policies ES E Menu Bar File New Scan begins the process of analyzing the network for patch versions Open Scan Results accesses a dialog box in which to locate and open a saved scan report Settings accesses a dialog box in which to set the user preferences Update accesses the Ecora website page to find available downloads updates for the software or patch database I mport Scan accesses a dialog box in which to locate and open a saved scan analysis Export Scan accesses a dialog box in which to name and write the current anal
29. ou can delay this activity by selecting the delay button below ou can cancel the installation by pressing the cancel button below 6 Click OK EEE aj lomgaenw 4 Delay Continue Cancel If user control is enabled end users at target systems being patched are prompted to delay or cancel the patch installation If the user elects to delay they set the date and time to run the task again in the drop downs to the left and they are prompted again at that time If they elect to cancel if that option is enable the task and associated files are deleted and the patch are not installed If there is no user response the installation proceeds after the delay established in the properties Note This section describes the delay on Windows systems Unix users can receive a pre installation warning message if configured in the Unix system properties Copyright Ecora Software Corporation e www ecora com s 34 Patch Repository Management Patch Repository Manager zig xl Repository Vve public m Refresh Repository Filter Patch Hatin Bde Staus _ Language Piom seeden o a Insth si exe i3T s lT akW E 2m7liBG g ENL InstMsiW exe i3T s tIT ak VE 2m7liBG g ENLU o pTO01 exe S07 F410 eI Not Down English windows 2324 BS3egHylBSgquwm E Jr E U Srw E NU Rm Patch Description Office XP Activation Update October 4 2001 Schedule Help 1 Choose Tools Repository Management to acce
30. see instructions Using Rollback l After analysis locate the patches you wish to uninstall the All or Installed views will show installed candidates for rollback In Patch or Hosts view and optionally using the products tabs in the right pane enable those patches you wish to uninstall by clicking in the box in the Rollback column Once you have finished selecting patches to rollback click on the Push button Proceed with creating a push or rollback job Copyright Ecora Software Corporation e www ecora com 31 Push amp Rollback J obs 1 In the Push dialog box click on the plus sign to expand the tree and verify that the systems and patches are correct 2 Select an option to enable Execute Immediately if you would like install uninstall now Schedule Execution to set a later time and date for deployment Transfer Only to copy files to the target without installing If you enabled scheduling set the date and time using the up down arrows Enter a job description to be used in scheduling and written to the log file i Bh Click in the checkbox to 31 xl Enable rescan EE rarum Set Execution scheduling if you wish i ECoRAGA Execute Immediately to have Patch Manager BLIMMTEARS Install Immediately D G IE ees Schedule Execution scan after execution to RES f EP VMZRADVSVA SP1 Install Immediately Transfer Only verify that patches were Jn qB28750 exe installed rolled bac
31. select the patch es to analyze If you might use this selection again click the Save button in the upper right Click Finish to begin scanning systems for patches i Note Depending on the number of systems selected and the network configuration this may take a few minutes Clicking the Stop button will return results for any systems already scanned before the button is pressed If prompted enter a scan description for loading scan results at a later time After the scan has completed the main window contains a tree view of systems reported in the left pane and information about the selected object in the right pane see Understanding Scans If you wish to install patches see push instructions If you wish to schedule scanning see schedule instructions Warning Patch Manager is a SECURITY product It includes security related patch information from Microsoft and Unix systems It does NOT include usability or functional bug fix information Due to the importance of security in today s IT environments Patch Manager will often err in favor of providing more information in hopes of making a greater contribution to environments analyzed Copyright Ecora Software Corporation e www ecora com 16 Discovering Systems Run the software Click on the Scan button Select either the Windows Systems or Unix Systems tab Click on the Discover or Create button Ui PS W N e Proceed with specifying either Windows o
32. the checksum 3 Accept or change the number of number of days you consider an acceptable age for the patch database before being warned that the Task definition file IC Documents and Settings Aill Users 4pplication Data data is old You can also WEBEGTESMD choose to schedule updates 2 4 Click in the Skip the Password El checksums checkbox if you wish to disable the checksum matching that is used in patch analysis to verify the patches are correctly installed CT Require approval for installation rollback Scheduled scans Patch Manager Service Credentials Local System account This account Domain sLIser M ame 5 Click in the Store system credentials checkbox if you SE wish to save login and passwords encrypted to disk for repeated use I Note Saved credentials are used for scanning pushing repository connections updates and scheduling Disabling this option will limit the software functionality considerably 6 Click in the Don t ask for scan description checkbox if you wish to name by default vs prompting during each scan 7 Click in the Require approval for installation rollback checkbox if you wish to enable approving patches for push or rollback 8 Accept the default or specify path to or use the Browse button to locate task definition files used for any scheduled scan push or rollback 9 Enter your Ecora website username and password
33. un installation rollback The lower right window pane contains details of the selected patch including download links related articles Ecora Notes and buttons for you to Manage Notes Ignore Patch Approve Push and Approve Rollback Button Bar Scan Begins the process of analyzing the network for patch versions Results Accesses a dialog box in which to load analysis results from past scans see Saving Scans Reports Accesses the online Reporting Center a webpage for querying patch analysis results and creating reports see Reporting Center Test Center Accesses the interface for selecting systems to act as test machines on which patches and hotfixes are installed prior to deployment on production systems see Test Center s WK A L Systems Accesses the dialog box in which to group systems set system credentials and discover new systems see Grouping Systems Schedule Accesses a dialog box in which to enable and schedule automatic analysis see Scheduling Alerts Accesses a dialog box in which to create or modify checks notifications by the software when user defined conditions are met for details see Alerting f mE Copyright Ecora Software Corporation e www ecora com 5 Repository Accesses the dialog box in which to manage patch repositories archives of downloaded patches see Patch Repository Management Push Accesses the dialog box in which to manage patch installation
34. 0 SFI Ta 7 Bg Excel 2000 Bed Excel 2000 Office 2000 SA 1a E hieng uina EZ lemet Explorer rtemet Evokes ESPI Buerg Genet xe Sod Ginz headings to sort the Ween Ges Ss Ges results le vum Mo eed duke P Tip Items marked Lg icis BZ MDAC 26 MDAC 26 Gold Queso Quies install uninstall indicate eis Co EE o ANE on that the version mismatch Z Microso SOL Server 2000 Desktop Engin Missing Quis I requires a user decision on which will be standard If you wish to m atch the H L m wise Summary reference and Gees La rg et system S L bg irtal oi Maral EL 2000 Microso SQL Sever 2000 Desktop Engine MSDE 2000 Miciosolt SL Serves 2 di to th L KE raal gai Manos ite 2000 Office 2000 Office 2000 SA 1a is misting install tcn ECORAQANDENVER accor INQ o e Mina it Manual a Outlook 2000 Outlook 2000 Othice 2000 SR 1 ic missing install t on ECORADAXDENVER summary click LA raa qM Manus B PowerPoint 2000 PowerPoint 2000 Office 2000 SR 1a is missing instal t on EC RADANDENVER Push an d LAE irtal et Maral Bg vod 2000 Weed 2000 ise 2000 SFI 1 i missing instal 8 on ECORADANDENVER ge ERB instal Uninstel e Manus eg Entemet Explores E Intemet Expkeer 6 SP install ech ged the versions do not mal follow the La neta Alters ggg internet Explorer amp SP1 Intervet Explorer E SPT iz misting inated 8 on ECORAQANDENVER instructions for Dl instal peel ttomated er OE2232 EXE 822325 EXE is miming install on
35. 2a ris Sia EE EE S ee EE ee ee eee T GE AE ee EE EE EE eh a RLOLQAPEUES ee E ee Ss SE a xd if j i The upper right window pane displays the content and properties of the patches according to the organization currently selected and active in the left pane The lower right window pane displays the details about the currently selected item in the upper right pane including links to in depth articles about a selected patch On the Hosts tab the left pane displays a tree control view of your network Click on a plus to expand a level or a minus to collapse a level At the system level the right pane displays information relevant to that system On the products tab the same information is sorted by platform OS version or application Copyright Ecora Software Corporation e www ecora com s 27 The View buttons control the information presented All Displays all available patches installed not detected having a note or alert associated that are applicable to the selected system Installed Displays all patches detected as installed on the selected system Missing Displays patches that are available for but not detected on the selected system Policy Displays systems and patches from the active scan according to association and compliance with a defined policy D Warning Patch Manager is a SECURITY product It includes security related patch information from Microsoft Sun Systems and other vendors as applicable
36. C Ero C Warming radio button to indicate which event types will be written to the Windows event log Click OK To create a trigger l Choose Edit Alerts and Triggers from the main menu Click on the Triggers tab Click New or select an existing trigger and click Edit On the Basics tab enter a Name and Description for the trigger E Alerts and Triggers 3 xl Copyright Ecora Software Corporation e www ecora com s 62 10 11 12 13 14 15 16 17 18 19 20 Verify that the Enable option is checked Use the drop down list box to select the Severity level Use the drop down list box to select the ID Click on the Conditions tab Click in each relevant product module checkbox Use the drop down list box to select the Type Scan Push Patch Database Update Use the drop down list box to select the Condition Patch Missing Scan Failure Database Age Push Failure New Patches Database Update Exist Update Detection Failure Download Failure Download Success Installation Failure Installation Success Set the Filters according to the prior selections Click on the Message tab Enter the Message name Enter the message body in the text box using the drop down to select variables and Insert button to include them in the message Use Start Repeat and Stop Repeat buttons to create lists within the message Click on the Alerts tab
37. D 7 Navigate the left 2003 09 11 08 35 40 Completed pane tree to locate and display the scan s you opened To export the current scan as XML 1 Scan systems you wish to analyze or open an existing scan 2 Choose File Export Scans 3 Select the scan to be x exported As Scans to Export 4 Provide the name and location for saving the scan 2004 03 22 16 14 57 testing boston or use Browse to choose a 2004 03 22 15 18 07 testlab location 5 Click OK To import existing scans 1 Choose File I mport Scans Locate and select the exported scan you wish to view 3 Click Open 4 Navigate the left pane tree to locate and open the scan s you imported Copyright Ecora Software Corporation e www ecora com 30 Installing Patches amp Hotfixes ID e l Si CAUTION It is strongly recommended for this trial and as a general practice that all patches be tested before deployment in the production environment particularly in environments with custom software or mission critical applications See also Rollback instructions After analysis locate the patches you wish to install In Patch or Hosts view and optionally using the products tabs in the right pane enable those patches you wish to install by clicking in the box in the Push column almi xj De M Gs oo Loses Sp GR LB E V ELS M OL Se DI SE B P eQCoOrci m Ce P EE a aa en CESC Mee fie
38. ECORADANDENVER t Ili EHAE Insta Uninstall ott Manual p Media Player Windows Mecha Player 6 4 for Windows 2000 Dwindows Meda Player 6 4 foe Winds INStaHIN M e d l uenaed Jr we320520_ 64 exe van DD Ei ene install required the versions do not match patches dil Uana a Manual a exe M0567 eu is nol installed on ECORAGANPACIFICT uninstall hom ECORAGA rest mies eis Mmes 2000 Advanced Serves Winders 2000 Serce Pack J install remsed If you wish to Inetal Lrinstall ill Automated Soen WOK SPAXBRewe q123172 WIK SPA XB5 eve install required the versions do not match write the Litauen wiil somated Ze Q326830 WIK SPA A eu 1306830 WK SP4 NBE exe install required the versions do not match HR iss ugeng seed tomate a Wk SPA XBbewe Q375BEE WZK SPA NEG e install required the versions do not match summary out to H BatUa Gil Awiomated ier QEA WAK SPA t eg 0329834 WX SPA M ese install required the versione do nol maich an HTML file I min id tomated d omoes wa SP4 N t eg QETUERI3 wk SPA VBE ep install required the versions do not match Ml retata pea iomated fy 0016093 WIK_SPA A og 916093 WK SPA M ere instal required the versions do not match click Save As PPS LS labra DU gomaied rr Wwebrag 2 HRLK BEN ZE DE ep Window 00D ABST PODER DE ene vil required the weiciond de mol maich m M na M n nna al Click Cancel to x s m close the Summar
39. Properties button 11 Select group s or system s on which you wish to install the optional agent and click on the Deploy Agent s button 12 Verify or change any of the system or group attributes 13 Click OK 14 Make any additional grouping changes and click OK System amp Group Properties Run the software Click the Systems button Click on the Windows Systems tab Select a system Ui BR W N Hn Click the Properties button Note Fields labeled with RED text are required Windows System KE Properties 7 Windows Systems System Settings MSI Path Settings 6 Click on the System gees Settings tab System Settings 5 Hal E Enter the System Name System Mame BOSTON vstem Hale Server MT Doma EcoRAgA US windows 2000 8 Enter the NT Domain xs a m ersion containing the system IP Address ra Tip Username field should be entered as O Enter the IP Address of LI serae ecoraqa administrator Domain U sername domain account or Username local account In the second system Passward case Patch Manager converts the Username ta System4 U sername format 10 Confirm the System Wen as Role has Drive Remote Share SEI 11 Confirm the OS of the system 12 Confirm the OS Version 13 Enter a Username with which to connect to the target system 14 Enter and confirm the Password for the user name 15 Enter the remote Drive Share Copyright Ecora S
40. RAGQA results pane STORAGE ECORAQA f i TELLURIDE ECORAQA 12 Click the Apply button i TEMPE ECORAQA i VMES5 SP3 ECORADA i VMEXCH55 SP4 ECORADA WIN2K E CORA QA I WINZKOCBU CORAQA i ZOOLANDER ECORAQA Copyright Ecora Software Corporation e www ecora com e 40 13 Click on the Approve Rollback tab P Tip To enable approvals choose File Settings and click in the Require approval for installation rollback checkbox 14 Click in the radio button for Approved for un install option or Not approved for un install option for this patch 15 Double click on a node in the lower left pane use the expandable tree to locate and select groups or system to which this note applies Verify the selected systems in the lower right results pane 16 Click the Apply button 17 Click on the I gnore Patch tab 18 Click in the radio button for Not included in analysis or I ncluded in analysis for this patch YTip To see which patches are being ignored click on the All button in the View toolbar 19 In the lower left pane use the expandable tree to locate and select groups or system to which this note applies Verify the selected systems in the lower right results pane 20 Click the Apply button 21 Click the OK button to close Si EcoraPatchManager Approve Fiolback ApproveRollback amp Approved for unringtall option C No approved for uninstall option S
41. TON ECORAGA i MEWYORK ECORAGA i SALIERIZECORAGA i STORAGE ECORAGSA L TEMPE ECORAGA Copyright Ecora Software Corporation e www ecora com 41 Custom Patches The ability to define custom patches allows you to add support for any Windows application considered important in your environment Whether it is a home grown system built in house or a third party piece of software installed on every server this feature allows you to analyze or patch it based on the information you define You have complete control of the files and settings that indicate installed version and update paths Interface Overview The interface for defining custom applications is accessible through the Tools Custom Patches menu choices E Custom Patch Management P x um Tel D se Le Ae g Add Edit Remove Import Description Protected applications E Custom applications Elly Text Pad LGN Text Pad 4 7 3 English EH Enterprise Auditor i Enterprise A amp uditor 4 0 English Add Begins the process of defining the custom application see Defining a Custom Application bei Edit Accesses a dialog box in which to modify a custom application definition m Remove Deletes the definition of the selected custom application a Import Saves the selected application definition to a file that can be transferred to H other Patch Manager installations users see Importing a Custom Application aul Export
42. Use the expandable tree to locate the alert s you would like to use Click in the checkbox for the alert s you wish to associate with this trigger Click OK to save the defined trigger Evaluating PM3 Description v Enable Severity Informational kal Condition Type Loes d Condition PatchMising S Filters Domain Threshold 20 patches CONDITION TYPE Condition CONDITION Domain DOMAIN Threshold lt THRESHOLD gt TRIGGER DESCRIPTION Variables DOMAIN Start Repeat End Repeat Copyright Ecora Software Corporation e www ecora com s 63 Policy Management Policies allow you to create generalized rules about how you want systems in your environment configured presumably secured to the latest critical patches You may choose to prioritize certain groups for stricter policies for applications you consider higher risk Policies allow you to define these rules apply them to groups you create then schedule scans to ensure that you re always aware of systems that do not comply with your policies m m m Eh p li M 3 Creating Policies oO Managemen Si i Ges e g Ecora evaluation test policy Management from the menu Ee Impart 2 Click the New button to access a dialog for creating a policy Export E dit Create Policy Selection Cnkena Delete Select the operating system s you Send to wash bo include f
43. a ee 7 T H aia Paca l FFA geg mai eco isis T vex Merten Pasar sun DEET mr EET ar Oe By ore Au ZEIT ire F sas Ia DS llano FACT H Lef geg G7 SLL E sis co Mucang ch o Mw CA 290 Eft emn SA a wi ran Eiee By omga Gi HotFe 824146 Patch Found LDL L Be LLL i E url Run Dede Locks ubi n Tias We CIE T Dk T Ra Tone hl La LU esie coni pepe mue BD IR HI sd fechag ETT IU LEA He XU T a a G ati LR Z n dd B JD 1 Rh Miul UgS 5 H z n WISS amp Town ii CEIT Or eee cee c a cet pope vare 8 et chaca 2 EC E 5 re blamed riesen ber Tei een rage UE Tu RE be mimm mn 517 a me mie d rasa d ET HT die i oe m En Fuga lost n FOR e biii Baies Aiia ii 13 UCFR Hije T Dep ni Jaraw E okl diis Coe DE dt Dain Pe OR DO DO OC bast Flames DM TOTO TOC l he Se code hp be pac Ep be se peia pi Haeren art qs polen Mie Pieter coe Lal P n a procol ue be Par creber puma pus ran DET jia k SS ji n ee aa ee Pat ie fone fey et ebe ed ee MIX ml l D Se Pe Breil ee ee He Cer tte Fae PY pede aF oe oe ee d pna Be gas ee ee aem ee eee ees a Pe pue od Te et ed s PT swage Las CS bierger demi Pus DDR aloes gp ode eo aed ee kl ed wi eee 4 ee Das ee end eed herder rd eee megan Tree a i ee Wies ee Ce reget Czech ss qum eee et Ee GS eee ee eee aes C A o ee ee al II each rr geih dry gen sde nuce rh le side Poen cs num abes cond ab k num prnje nae nca Pim eee cm am a we ei reien mcn com em ie P fee wi tad Dea be rok
44. art 2 Select the policy ies you wish to Export export aiti 3 Click the Export button to access a Edit dialog in which to set the location 4 Locate the directory in which to save the exported policy 5 Click Save a Cancel Importing Policies Choose Tools Policy Management from the menu Click the I mport button Locate the directory in which an exported policy is saved Select the XML file containing a policy you wish to import Click Open Select the policy you wish to import 2 E E NE Gen Click Import Emailing a Policy Choose Tools Policy Management from the menu Select the policy ies you wish to email Click the Send to button to open the default email application Enter or select the recipients as you would in your email application Verify that the XML is attached Click Send ae OD E Copyright O Ecora Software Corporation www ecora com 67 Patch Test Center Patches should always be tested in a lab or on a test machine prior to being deployed on production machines where problems and conflicts might impact your business operations The Test Center feature allows you to choose a system in your environment to act as a model or reference that you can compare other systems against and use to test patches BEFORE releasing them to production There are two general uses for the Test Center Case 1 You can use the Test Center to remediate one
45. atch downloads there and periodically cut CDs to update the secure machine hosting the real installation and repository Tip If you need to change or correct the credentials provided for the Ecora Patch Service used for repository maintenance In Patch Manager go to File Settings and update them on the Preferences tab OR In Windows go to the Control Panel locate Service Control Manager under Admin Tools in some versions locate the Ecora Patch Service click RIGHT choose Properties and update the on the Log On tab After either verify that the service is RUNNING Patch Attributes Patch Manager provides the ability to add notes and conditions to each patch This allows you to record your test findings or comments approve patches for push installation or rollback and set certain patches to be ignored in analysis Once a scan is completed and the right pane populated select a patch to see the details For any given patch you may click one of the buttons to alter the patch properties or access Tools Patch Attributes ple e Took Ve Management from E gm E E m Hi EI We E A B nBIBIB the main menu ecora l Choose Tools r hien Patch Attributes D B rer MISTER e ns f 5 z F A Ha ER eg d ee ZEIL wm car Ma nagement D I comua i D reg Pack G ETA geg ees UE d E L d Jac ira fium BER FR d ll gen eum MM r1 n LE H geg Ce whi from the main p B 2002003 CA Da
46. ation amp SetuP EE 54 Installing the Agent Manager 54 Moelia Eae EE 55 EIER EIERE ee 57 Agent Manager Console EEN 58 Scheduling Analysis TOF VAGQGOLDLUS duxi aka acercan de ca a a EGER NR dC a ci n dct eel eic 59 Using Alerts amp Trigger 60 POY Mah aCe GING EEN 64 creating e e S ETT T T UU EARSTE 64 Applying Policies to Systems and Groupe 66 Viewing DY Policy COMPINANGCS TEE 67 Remediation Dy E olla erc 67 Sien Ke En T Umm 68 aizeodieme ig c en eee enn nee ee eet a ee ee ere 70 Installing the Reporting Center 70 Using tie Reporting COMET s iud X Roe udo Qe OP t CREE ORAE SCR V D 8 n POP a Rte dede 71 Administering the Reporting Center 73 THROU SS WOON e ines c 75 Ecora eis Cd Le le gl eg Le EE 76 Copyright Ecora Software Corporation e www ecora com 2 Install the Software i Please refer to the Patch Manager 5 0 Start up Guide located on Ecora s Support webpage http www ecora com ecora eg patchmanager 5 0 eval_quide patchmanager5 0 pdf for instructions on how to download install and configure Ecora Patch Manager Version 5 0 You should be here cnra Patch Flsnager i HL GE Ax H Too er e armed ela mM mE 3 a 2 E m Click the SCAN button to automatically start analyzing your network for missing and installed partches for your mission critica applications amd operating systems Automatically document analyze and fortify yo
47. ch Manager includes an optional user delay This feature is a dialog box in which the user can cancel or delay the patch installation you have sent to their system To allow user control delay E 1 Choose Tools Systems uice EE G rou pi n g Windows Systems 2 9 elect a system or group a nd Sense ieee click on the Properties Use Repository Skip Missed Tasks b utto n C Esecute patch directly from repository C Delete missed tasks CI i k th R d ti t b Copy patch from repository for local execution Ce Retry missed tasks on next boot ICK ON e Remediation tad 4 Enable one of the user contro Required Free Disk Space After Copy MB 250 7 Use OCHAIN EXE O pti Ons Patch Install Timeout minutes B M Allow Reboot User may not delay or AT ce ET s NENNEN Fore Applications Closed on Reboot cancel installation proceeds without allowing any user intervention C User may delay but not cancel User emt but not P E cancel installation proceeds Delay for user intervention en sect once the delay time elapses User may delay and cancel installation proceeds only if the user accepts or after a delay User control of scheduled tasks C User may not delay or cancel xl 5 If you allow users to delay set the Exo KE ti me In seconds in wh ch the user m admin has initiated a patch installation on this system H The system has been configured to restart must res pond to the prom pt DE
48. d Patch 4 E Js risk Edit Application am d om Remove Application e arop down list to the right Define the custom patch s to be managed Name PCDB Risk MEDIUM Language Engish Application Enterprise Auditor Patch type UU C Patch Service pack Description Policy Compliance Dashboard Add orl 5 Indicate whether this is a Patch or Service Pack 6 Enable the checkbox Extended parameters for Reboot after Installer files Switches Re installation if this patch requires it Note This setting overrides the reboot option set in systems remediation settings If reboot is disabled globally but a custom patch is set to reboot the system will reboot 7 Under the Extended Parameters area in the lower left pane select one of the parameters which vary based on Patch or Service Pack type to define and click Add Note If you plan to distribute this package reduce network traffic by providing the URL for installer file enabling the checkbox for Use URL during export and exporting the package FE Copyright Ecora Software Corporation e www ecora com 46 10 11 d 13 14 15 P Tip Service Packs do not have detection criteria file checks or registry checks If the current version of the application is detected all applicable Service Packs are shown as missing So if you define Service Pack 1 for Application XYZ Gold you should define another applicati
49. d the names of any Ecora products referenced herein are either trademarks and or service marks or registered trademarks of Ecora Corporation Microsoft Windows Windows NT Windows XP Windows Workstation IIS SQL Server Visio and BackOffice are either trademarks or registered trademarks of Microsoft Corporation Solaris is a registered trademark of Sun Microsystems Inc Other product operating system and company names mentioned herein may be trademarks and or service marks of their respective owners SUN Sun OS Solaris and NFS are registered trademarks of Sun Microsystems Inc SPARC is a registered trademark of SPARC International Inc Products bearing the SPARC trademarks are based on an architecture developed by Sun Microsystems Inc HP UX is a trademark of Hewlett Packard Company AIX is a trademark of International Business Machines Corporation UNIX is registered trademark of AT amp T with versions licensed exclusively through X Open Company Limited and or The Open Group Linux is a registered trademark of Linus Torvalds Motif and UNIX are registered Copyright 2000 by Red Hat Inc Ecora software uses PuTTY code for SSH connections Please see the PuTTY license for details Copyright Ecora Software Corporation e www ecora com es 78
50. e Reference ECORAGALBANY ECORAGA ALBANY Toi pad Tommas ECORAGAS ECORAGASDENVER EE EE epee ECORAGA annette E ECORAGASPORTLAND Ere mna ECORABA ECORAGANSEATTLE eee ECORAGASSEATTLE ECORABANALBANY ECORAGANOMAHA ECORABANALBANY 4 Select the row s of the desired target system s and click Compare Y Tips The Target system is the test system you will match to your reference Copyright Ecora Software Corporation e www ecora com e 68 E Patch Test Center system and use to test Select a scan fram which to choose reference production and target test systems on which to test TUE patches and hotfixes Sean Descintion EcoraMembeSewers Lo For an overview that baselines the reference against multiple target systems use the CTRL arget System or SHIFT keys to select ECOF JER ECORAGA PACIFIC M multiple rows before F ECORAQASPACIFICI comparing Ss SE eg compare the reference to the Jeconaasiomaia__EcoRagA PACIFCY ms target s by product ls IS Select systems to compare Reference ECORAGASPACIFICI m When you are ready for a detailed comparison of two Patch Test Center Select a scan bom which to choose reference production and target best systems on which bo lest patches systems click Show Summary in one of the rows above 7 Use the plus signs to expand and the column Rel Acces 2000 Office 200
51. e Options Schedule 4 On the Schedule tab enter an administrative Task Execution Properties username in the Run As textbox and enter Run as and confirm the valid password for that Password account 5 Set the time of day and frequency of checks every n days 6 Click Ok Confirm Password Start time 5 40 50 AM d Every 1 v days Migrating the Database There are times when new features require a database schema change which requires migrating existing databases to the new structure For example Version 4 0 adds support for agents which requires a schema change When a schema change is required you are prompted to migrate your existing database to the new structure To migrate 1 Upgrade the Ecora software with the latest from Ecora s website 2 The Database Upgrade Wizard displays the estimated disk space required for the migration Verify that adequate space is available and click Next 3 Wait while the database is migrated 4 Click Finish Database Upgrade Wizard _ x Requirements Schema Migration PatchM anager needs to migrate vour database to the 3 2 5 schema The migration will require a certain amount of disk space to succeed Please verity that the following estimated amount of space is available on the SQL Server before proceeding Estimate of disk space requirement EE Mp Knowledge Base Update PatchM anager will upgrade the Knowledge Base vers
52. e Policy Management Policy Selection accesses the dialog box in which to apply policies to systems or groups of systems Repository Management accesses the dialog box in which to define repository locations and maintenance schedules for details see Repository Management Patch Attributes Management accesses the dialog box in which hide patches approve patches and add your and comments to patches for details see Patch Attributes Management Push Patches accesses the dialog box in which to manage patch installation including installation time grouping and reboot options Schedule Updates accesses the dialog box in which to enable and schedule automatic checking for and or downloading a new patch database Schedule Scans accesses a dialog box in which to enable and schedule automatic analysis Test Center accesses a dialog box in which to locate or create a system to be used for the purposes of testing patches prior to deploying in production Scan Results accesses the dialog in which to locate an open analysis from former scans Reporting Center accesses the online reporting center where the patch knowledge base can be queried Archiving and Purging Settings accesses the dialog in which to establish database backups and deletions for details see Database Archiving amp Purging Custom Patches initates the process of manually adding a Windows application or patch not currently supported by Patch Ma
53. e you choose Scan systems after work so data is ready at the start of the day or at the end of each quarter to prepare for regular audits Within an international 24 x 7 enterprise schedules can be set to run at different times for multiple locations so that data is available for local multi site use at appropriate times Incorporate scheduling to automate maintenance and disaster readiness procedures Scheduling Scans Windows Task Scheduler Scheduling Updates Scheduling Scans 1 Click on the a Tasks Management 0 UU Schedule button Available T asks or ch oose Tools T Description Schedule Next Run Time Schedule Sales AM Scan all sales dept machines for moming report At 4 00 4M every day starting 10 8 2003 4 00 00 AM 10 9 2003 Test lab weekly All machines in test lab Multiple schedule times 9 00 00 4M 10 9 2003 Scans 2 Click on the New button or select an existing task to Edit or Delete 3 Enter a name and description for the new task 4 Enable Override Scan Settings if you do NOT wish to use your usual choices Description All production systems weekly 5 If you chose to Override Scan Settings choose Sure Scan or Rapid Scan Sure Scan analysis includes file Integrity MD5 checksum verification for greatest accuracy and security Rapid Scan analysis skips file integrity check for greater speed and faster results display Click OK In the Systems Selectio
54. ed as high risk according to CI AC Computer Incident Advisory Committee 4 Med High Risk Patch addresses an issue rated as medium to high risk according to CI AC Computer Incident Advisory Committee Medium Risk Patch addresses an issue rated as medium risk according to CIAC Computer Incident Advisory Committee Low Risk Patch addresses an issue rated as low risk according to CIAC Computer Incident Advisory Committee A Notes e Patch Manager tests the registry and dll file versions and checksums Other criteria associated with a hotfix can be stored in configuration metadata that cannot be readily inspected e f Patch Manager cannot irrevocably determine that a patch is installed it does not mean that the patch is not installed just that it can t be proven and Ecora would rather report conservatively than provide false assurance Reinstalling a hotfix will probably not change the condition as there are elements of the hotfix Patch Manager cannot evaluate e The Warning condition appears when a DLL associated with a hotfix is discovered to be a more recent version than was delivered in the original hotfix This can occur when a subsequent update has replaced the original This does not necessarily mean that the hotfix was not installed it is just that this system did not meet all criteria Reinstalling the hotfix will probably not change the condition as it is Microsoft s practice not to replace newer DLLs e Patch Manager disti
55. erver Name for SQL server name or server backlash instance name for MSDE instance name V Tip The SQL instance name is by default the server name then for additional instances the server name appended with backslash and the named instance name Please consult the SQL Books Online installed optionally with the SQL server install for more details about naming conventions named instances and multiple instances Specify the Database Name by default EcoraPatchDB to which to connect and that you want to query configured in setup and available in File Settings on the Database tab in case you ve forgotten the exact name Select the authentication method either Trusted connection or SQL Authentication If you select SQL authentication enter your login and your password Enter the mail server the Reporting Center should utilize Enter an email address from which reports will be sent Click Submit to save these settings or Close to cancel E Reporting Center Microsoft Internet Explore File Edt View Favorites Tools Help F 3 e Qo gt x E Tp J Search D http idayton ecoraReportingCenter GASS Reporting Automai analyze infrastruc Missing Patches Report For All Products Er NEN Ecora Patch Mar systems m vu half the E e Are yt configu e Do yout enable ra e How about IT auditors If not click here Ecora s automate
56. ete 39 If you wish enter the path to the local temporary download directory where patches are downloaded and stored before being transferred to the repositories via FTP for Unix and copied for Windows 40 Enable the Cleanup checkbox to have Patch Manager delete obsolete patches 41 Enter the path to the local temporary download directory where patches are downloaded and stored before being transferred to the repositories Copyright Ecora Software Corporation e www ecora com 11 33 If you are supporting Unix systems click on the Solaris Repository tab 34 Activate the checkbox 35 36 37 38 39 40 41 42 to Enable Solaris Repository for patch storage Click on the System tab Enter the hostname DNS Domain name and or IP Address of system housing the Unix patch repository Tip All three are not required only the information necessary to resolve the system in your environment perhaps only IP address perhaps hostname and domain name Enter the Path to the Solaris patch repository note Patch Manager validates the repository by creating a file in the directory that is later checked Therefore the directory NSF mount path must be mounted during system configuration for that file to be created Click on the Terminal tab Select a Protocol from the drop down list Read more about using SSH E Settings Reporting Center Repository Windows Re
57. for software upgrades and licensing Copyright Ecora Software Corporation e www ecora com 8 10 If a proxy server or non standard port is used to access the Internet click on the Proxy Settings button A Click in the checkbox for the 3 xl Use a proxy Prony server for HTTP Use a proxy server for HTTP connections connections Address Fort option l Pros Login Password B Enter the IP LJ Use NTLM Authentication Protocol Address C Enter the Port to be used D Enter a valid Proxy Login and Password to authenticate E Click in the checkbox for the Use NTLM Authentication Protocol option if your network is using this protocol F Click OK 11 In the Patch Manager Service Credentials area enable either Local System Account or This Account for scheduling tasks repository maintenance and patch deployment 12 1f you chose to specify an Pem zi xi account enter a valid login Preferences Maintenance Database Alerting Repository Reporting Center and password for the Ecora Patch Service to use Logging Level Display Warnings 13 Click on the Maintenance m Standard Logging auti n Les y Display W amings tab nm 14 Accept or change the Debugging Mode logging level higher for troubleshooting 15 Click on the Database tab E Settings m Preferences Maintenance Repository 16 Choose an existing data BILE Eire source from the drop down
58. g a subsequent patch Patch status is undetermined evidence of the patch installation exists but research is suggested Check the Ecora Notes for details Patch is not required this fix requires that file be changed that are not present Not applicable Copyright Ecora Software Corporation e www ecora com e 28 o Exception This patch cannot be pushed due to unusual circumstances such as the fix requiring an administrative task or a patch that requires a manual install Oy Unpushable This patch cannot be pushed unless remediation settings are Patch changed for example a patch that requires Single User Mode cannot be pushed if the Allow Single User Mode option has not been enabled in the System properties Conflict Patch This patch cannot be pushed due to a conflict with an installed patch This missing patch is mutually exclusive with a patch that s installed If there are prerequisite requirements Patch Manager attempts to determine them and provide the information in a pop up Noted Patch Patch with an associated user note Ecora Note Patch Patch with an associated Ecora note Ignored Patch Patch is not included in system analysis Approved Patch Patch has been approved for installation or rollback by the user VM SX Unapproved Patch has not been approved for installation or rollback by the user Patch Ww Under This feature has not been implemented at this time Construction m High Risk Patch addresses an issue rat
59. gent aintenance letting Repository Reporting Center Optional Agent RR Status The gent Manager is currently Not Installed Agent Manager Version Version Status IG 5 0 or higher MDAC 2 7 or higher NET 1 1 or higher Agent Manager Settings Port number Agent Settings Bandwidth Percent m m Polling Interval minutes Copyright Ecora Software Corporation e www ecora com 14 Analyzing the Network Click on the Scan button S Scan Wizard 2 xJ 2 Choose the Scan Type Sure Scan or Rapid Scan and click Next voies Sure Scan analysis includes file integrity MD5 checksum verification for greatest boi n MM accuracy and security Please chooss which scan type to use as jour default scan ype Rapid Scan analysis skips file integrity e iem for greater speed and faster results isplay ues 3 The first time you run the software or any time you choose click Discover Systems to scan Tip This first time you run the software you may be prompted to migrate any systems discovered in prior versions Rapid Scan analyzes patches without using the file integrity verification WB uec RS ML Groups pane by highlighting Seu eal them and using the Select button Systems in group All Systems Eee 5 Select systems to scan from Gum Te Cs the Systems pane by ECORAGA Windows XP highlighting them and using
60. h Policy button to apply the selected policy to the selected group Click OK Viewing by Policy Compliance 1 Follow the instructions for creating and applying policies above 2 Follow the instructions for scanning systems 3 In the main interface window Views bar select the Policy button 4 Navigate the interface as usual using the tabs to narrow your view Ecmra Patch Manager File E Wew Took irene A amp E EL E EL WS RM B 3 ipere 18 23 24 20603 GE npn e sus pee CCcOrci ET A ee Ee Product Hame jns Sd Ca LO Hurt not bemnstaled E Tormo Maren AUSTIN lt Spcpkgeve M553 44 Dike 2000 20 Ft nim j H D Copyright Ecora Software Corporation www ecora com 66 Remediation by Policy Follow the instructions for creating and applying policies above Follow the instructions for scanning systems In the main interface window Views bar select the Policy button In the left pane select the Policy tab Ui AA U N HG Navigate to the Policy level of the tree and select the policy for which you want automatic remediation m In the right pane click in the checkbox for Remediation Click the Push button and follow the instructions for creating a push task E gt Policy Management EE Policy Name PEF Test Policy Ecora evaluation test policy Exporting Policies 1 Choose Tools Policy Management from the menu L IM Imp
61. hat runs as standard procedure in your environment YTip Ecora suggests you create a script to run immediately after installation to re enable and re start all services stopped for patch installation Enter a path to the Installation Log Settings on target systems Select the Log level from the drop down list Enable Allow Single User Mode to use single user mode based on the vendor recommendations for each patch SNote If this value is set to false it is not possible to schedule any patches that require single user mode they will appear as exceptions in the analysis results Enable Always Use Single User Mode to handle all patches in single user mode Enable I gnore Single User Mode to disregard single user mode recommendation for patches Enable Allow Reboot to have Patch Manager restart systems based on the vendor recommendations for each patch Enable Allow Reconfiguration to change the target system settings based on the vendor recommendations for each patch Select the Run level Change Grace Period in seconds from the drop down list the time between sending notification of a run level change and executing the change Enter a Reboot Broadcast Message broadcast to all connected users Enter a Single user Mode Broadcast Message broadcast to all connected users Use the Clear button to empty all fields to specify a new system Click Add to save the system specifications The software attempts to make both terminal
62. ht Ecora Software Corporation e www ecora com e 48 Importing Custom Packages 1 Click on the Import button 2 Click Browse to locate an exported package Click Next gt Navigate the tree structure to select what to import Click Next gt Verify the package contents and click Finish E Custom Patch Package I 2 xl Welcome Welcome to the Patch File Import wizard Please select the name and location of the Patch File from which you wish to import patches and or application Path C temp customexportl vm E Custom Patch Package E 2 xl Select patches Select the applications and patches for this package al Custom applications SR Mill Enterprise Auditor Po v Enterprise Auditor 4 Ee fly Text Pad i SM Text Pad 4 7 3 Enc 7 Verify the package now appears in the tree under the Protected node if the package had protection enabled or under Custom Applications EN Application Language Version Enterprise Audita English 5 Custom Patch Package 2 xl Summary Seene The following amp pplication s and Patch es will be exported from the Patch Manager database Package will be saved to file C temp customexsport ml Enterprise Auditor 4 0 English Copyright Ecora Software Corporation e www ecora com e 49 Scheduling Patch Analysis The scheduling function allows you to set Patch Manager to run automatically any tim
63. ick OK Patch o lanae Risk Description SES applications FECE MEDIUM Policy Compl fyi Test Pad dei Text Pad 4 7 3 English B Custom applications EH Enterprise Auditor EL Enterprise amp uditor 4 0 English Copyright Ecora Software Corporation e www ecora com s 47 Exporting Custom Packages 1 Click on the Export button 2x Welcome 2 Click Browse to locate the path to which you will export and name the ex ported fi le Please select the name and location of the Patch File to which you wish to export patches and or application Click Next Navigate the tree structure to select what to export Click Next Verify the package contents and choose whether or not to enable protection Protection prevents changes and viewing of the patches by the user who imports the package E Custom Patch Package I x Select patches Welcome to the Patch File Export wizard Path Ic temp customexport xml Select the applications and patches for this package Application Lanquage Version 1 v Enterprise Audite English v Enterprise Audio EO B Test Pad 7 Click Finish LP Custom applications EN Wil Enterprise Auditor i 7 SM Text Pad 4 7 3 Enc Summary The following amp pplication s and Patch es will be exported from the Patch Manager database Package will be saved to file C temp customexportl vm Enterprise amp uditor 4 0 English Copyrig
64. ion Help Back Cancel Database Upgrade Wizard _ xl Upgrade Status Please wait while the database is upgraded ITT Status Migrating database schema Database migration completed successfully Updating knowledge base Back Einteh Cancel Copyright Ecora Software Corporation e www ecora com 53 Agent Installation amp Setup Installing the Agent Manager To install the Agent Manager Fa Agent Manager Wizard a 1 Run Patch Manager 2 Choose File Settings from the main menu 3 Click on the Optional Agent tab which requires using the right arrow to bring the tab into view Welcome to the Agent Manager installation wizard This wizard will help you install the Ecora Agent Manager on your system The Agent m Manager will allow you to deploy agents to systems on your network 4 Verify that the prerequisite System requirements and perform all Patch Manager operations through these agents are met or cancel out and go install the Click Next to start the Agent Manager installation necessary software before returning tnote Using agents causes additional system requirements 5 Click the Install button The Agent Manager Installation wizard opens ELA 6 Click the Next button Ab xl Agent Manager Options Enter the Port Number to be used for communication between the Agent Manager and Patch Manager Options 8 Enter the Polling Interval
65. ion standards Edit the resulting path if necessary to Checksum 11262461 include the macro rather than Help explicit path ProgramFiles vs C ProgramFiles in case some of the targets have variable drives and paths 10 Define the tiles for this custom application ta be managed Enter Version and Checksum or have the software discover them by clicking the Calculate button The Version field supports ranges using a hyphen and sequences separated by commas Entering N A for checksum will cause it to be ignored 11 Click OK The files you defined should appear in the lower right pane E Application Properties Define the custom application to be managed Name Enterprise Auditor lor 9 Language English m Application version m Description Change amp Configuration Management Files check Files check a Fath sFillename Registry keys check C Program FilessEcora 4uditord0 bin auditorexe 4 0 6010 11521 11129292 Copyright Ecora Software Corporation e www ecora com s 44 12 13 14 15 16 E gt Registry Properties If there are registry keys changed or REM ee added to indicate that this application elne the application patch registry Keys iS installed select Registry Keys under Registry key JHKEY_LOCAL_MACHINE SOFTWARESE cora Auditor the Extended Parameters in the lower Value type STRING la rose left pane and click Add i Value name Version No
66. irements you set here when patch installation is attempted the software will abort the attempt Click on the Connection Settings tab In the Terminal Connections Settings area enter a Username with which to connect to the target system Enter and confirm the Password for the user name Enter the valid Root password for the system To collect data beyond the areas the login user can access the root password for the target system is required Retype the root password to confirm that it s correct Select the Connection Protocol from the drop down list ssh telnet In the File Transfer Settings area select the Connection Protocol Port from the drop down list ftp scp sftp Enter a Username with which to transfer files E EcoraPatchManager Connection Settings Remediation Settings System Settings SUND OT DNS Domain Name SYSENG IP Address 192 156 0 12 var ecora ECORADIR ecwrk Al xl System Settings System Name Ecora Directory Working Directory Host ID unknown OS Version Kernel Architecture Junknown File System Space Requirements Free Disk Space KB System Settings Remediation Settings Terminal Connection Settings 21x Connection Settings User Settings Root Settings Usemame Root Password Password Ir VerifyPassword XXXXXXX File Tranfer Settings Connection Protocol ftp lia Username XXXXXXXX
67. k as El WMXPPOT Install Immediately Date Time 10 23 2003 11 53 34 4 intended ee QE ZOU exe Job Description 6 If you enabled rescan Evaluating Ecora s Patch Manager set the time in minutes after job execution to have Patch Manager scan and enter a username and password Schedule rescan of system s Enable rescan scheduling Hescan systems 5 B minutes after installation Usemame administrator v Tip Re scan results Pama must be opened by E choosing File Open Scan after the elapsed time Click Job Settings to set job settings Click Push to begin installation per the above settings of the selected patches After successful deployment you can Scan or choose View View Patch Log to verify that the patch deployment succeeded Note Some patches require user input additional steps or post status messages Some MS SQL patches require additional steps see instructions Job Settings You have the ability to customize your settings including overriding for this job only the global settings you have established in system properties To change the settings 1 Click the Job Settings button 2 Click on the Windows Systems tab Copyright Ecora Software Corporation e www ecora com s 32 10 11 12 13 14 15 16 Click the Override QChain option if you wish this job to deviate from your global settings QChain strings pa
68. large The SMTP Server is generally your mail server such as mail companyname com ror additional information see Using Alerts and Triggers For additional information about SNMP see Using SNMP for Network Management Microsoft TechNet Chapter 11 Copyright Ecora Software Corporation e www ecora com e 10 24 Click on the Repository tab 4x 25 Click on the Windows Repository tab 2 6 Activate the checkbox to Ena ble Windows m is a share location where patches are downloaded stored and from which they Repository for patch storage hela aan RN Enable Windows Repository 27 Enter the UNC path to the Windows patch Repository Setings repository or use the Browse button to ucran E0500 pubie locate one or a drive on which to create one NEIER Password P Tip This must be share with a Uniform Naming Convention path such as M ServerName Share Path If you use nom Browse locate a local drive with a network NN nennepostay Share location not the local machine root machinename share vs c share Enable Alternate Repositories Desinit Wiking NewR epository 28 Enter a Username and Password with which to access the repository 29 f you wish activate the checkbox to Enable Alternate Repositories for patch storage a Alternate repositories can be used as a back viti dd M REO M Med i A Cleanup remove unused repository information from database ups for the main repository and provide local repositories
69. lir Sever 4 relationship is OR for E e M mision applications the Lf Addinees exe c C e relationship is AND and a C C for patches the pee relationship is AND Bergen S E Policies work like I F THEN Lao osapteis e C C statements IF the Hp Verbes ese C e C selection criteria is true poa ngem C e C THEN the rule is checked RE for true false to judge compliance 12 Click on plus signs to expand the tree by application to see patches 13 For relevant patches click in a radio button Must be Installed Must Not be Installed Ignore This controls which systems will be considered compliant with the policy 14 Click OK to close the policy editor 15 Click OK to close the policy manager 16 Click Yes to apply the policy to systems or groups at this time Copyright Ecora Software Corporation e www ecora com 65 Applying Policies to Systems and Groups l Choose Tools E Policies Selection 1 l A x Policies Selectia from the menu 2 Select a policy in the upper pane to be applied to a group in the lower pane Tips Policies for the curent system group Sales If you have no policies defined click on Policies Management and follow the policy creation instructions above If you have no groups defined click on System Management and follow the grouping instructions Select a group in the lower pane to which to apply the selected policy Click on the Attac
70. m Post installation Settings V Verify Patch Install Post install Notification Message Post install Script Path Installation Log Settings Level Waring Ka v Allow reboot Location ECORADIR log install log Allow Single User Mode Always Use Single User Made Ignore Single User Mode Rur level Change Grace Period len secs Reboot Broadcast Message Im is being rebooted for patch maintenance Single user Mode Broadcast Message jng single user mode for patch maintenance Allow reconfiguration Copyright Ecora Software Corporation e www ecora com s 21 23 24 25 26 21 28 29 30 31 32 23 34 35 36 D 38 39 40 Enter the path to a pre installation script if you have one that runs as standard procedure in your environment P Tip Ecora suggests you create a script to run immediately before installation to stop and disable all services prior to patch installation Enable Validate Patches to enable checksum verification of patches at install time before installation and select a method MD5 or V Sum from the drop down Click in the checkbox to enable Verify Patch Install P Tip Patch installation is verified via the showrev p command if this is enabled Enter a post installation notification message broadcast to all connected users Enter the path to a post installation script if you have one t
71. mail Alerts Click New ed BE E K y Click in the radio button for the type of alert you wish to set An Email Alert allows you to specify an email message to be sent when the trigger condition is met An SNMP Alert can send a message to the manager console A Windows Log Event Alert writes information errors or warnings to oi xi the Windows event log 5 Click OK 6 Enter a name and description for the alert dorus Windows Event Log Alert 7 Proceed according to the type of alert you selected Matify me if a device fails to scan Descriptions Copyright Ecora Software Corporation e www ecora com 61 10 Click on the Email tab Enter the email addresses for those you wish to receive the report and the subject line of the email Click OK Click on the SNMP tab Enter the community server acting as your SNMP server SNMP global settings are located under File Settings Alerts tab Click OK Click on the Windows Log Event tab Enter the computer name of the machine whose log will record events if left blank the software writes to the machine where the Ecora software is installed Click in the I nformation Warning Error or Success 2 xl Email SMTP Settings Ta itcompany com Ce Bec Subject Device failure Basics SAMP Settings Community oma Ea Alert Basics Windows Event Lag Settings KE x Type Information
72. n dialog select the systems you wish to scan in this task Override scan settings Scan Settings 8 Proceed in Windows Task Scheduler W Tip To schedule recurring agent scans see Scheduling Agent Analysis Copyright Ecora Software Corporation e www ecora com e 50 Windows Task Scheduler 1 In Windows Task Scheduler on the Task Morning Report WE tab verify the program to be run Task Schedule Settings 2 Verify the program directory and comments A CANT Tak enr else e 3 Choose the user for the Run as field and use the Set Password button to enter a Bun nagersbinsE caraP atchM anager exe h Mommg Report password if one is required for Browse administrative access Fart in 4 Verify that the Enabled checkbox is active for the task with run as scheduled Comments scheduled bu Ecora Software Click on the Schedule tab Click New to create a schedule or select an Run as BSP Ihouse Set password existing one from the drop down list Morning Report H x Task Schedule Settings hg Enabled scheduled task runs at specified time a AIL DUU AM ever day starting 1 3 03 Cancel Apply 7 Set the day time and frequency for Schedule Task Start time the task EE luan Advanced 8 Click in the Show Multiple Schedules Schedule Task Daily checkbox if you wish to view more than one task Every day s 9 Click on the Settings tab
73. nager Once defined these custom patches are included in analysis and can be pushed by Patch Manager for details see Custom Patches License View License accesses a dialog box that displays the license data associated with this software including number of systems licensed Update License accesses a dialog box in which to provide a unique license key to enable the software Purchase License accesses a dialog box in which the software product ID can be mailed to Ecora to purchase a license Help Help Topics accesses the online user manual pages About accesses a dialog box that presents the versions of each component of the software What s This enables the on screen pop up help for the next item clicked Copyright Ecora Software Corporation e www ecora com 7 Settings amp Preferences You have the ability to customize your global settings and preferences including the data source alerting setup number of threads used and the output formats for reports To change the settings 1 Choose File Settings 2 x from the menu Preferences Maintenance Database Alsina Repostay Reporing Center lt 2 On the Preferences tab General Settings accept or change the Bebe number of threads simultaneous connections being used to analyze the network Store system credentials Don t ask for scan description Notify me if have not checked for updates in E days Skip
74. nguishes unbundled and bundled part of an OS release Unix patches by column in the upper right pane e Although it does not alter the display OS languages other than English are detected tracked and correct language OS specific patches are downloaded and applied Copyright Ecora Software Corporation e www ecora com e 29 Saving Scans Once systems are scanned the analysis results are displayed in the user interface All results are saved to the patch knowledge database for later recall in the main interface and use by the Reporting Center In addition results can be exported as XML files TO open an existing scan 1 Choose File Open Scan or click on the Results button Select the saved scan you wish to load 2 3 Click Load zix 4 Scan Results Select any addition M Rame 7 Desin seeded San ae scans you wish to 20030929 11 10 23 3 29 scan Completed load 2003 09 25 15 41 44 updated credentials Completed No lt Enel d en E 23 24 cet bald Completed 5 Click Load you can 2003 09 19 12 09 53 rediscovered lab Completed also Delete or 2003 09 18 12 08 08 4 discovered Completed 2003 09 18 12 07 19 just a couple to test Completed Unload or Refresh 2003 09 18 120224 demain credentials Completed scans 2003 09 18 11 42 52 diff credentials Completed 2003 09 18 11 25 21 new credentials Completed 6 Click Close 2003 09 18 11 21 45 new release Completed 2003 09 15 74 09 26 ga lab today Completed
75. nter below NOTE There MUST be a Windows Repository established to install the Reporting Center Reporting Center on 12 105 80 23 Location Install to New Location E Change Reporting Center Target HE Virtual Directory EcoraReportingCenter Target Host I con checkbox if you wish to delete the Agents button from the main toolbar Verify the system requirements for Agent Manager are met IIS 5 0 MDAC Net Click I nstall to start the Agent Manager installation wizard and configure the port and bandwidth OR Click Uninstall to start the Agent Manager uninstallation wizard to remove the Agent Manager Click on Update to start the Agent Manager upgrade wizard for software updates Verify the Port Number Bandwidth Percent and Polling Interval in minutes Click OK 50 Verify or access the current Reporting Center location Click on Install to New Location to open the Reporting Center installation wizard and confiqure a Reporting Center Note There MUST be a Windows Repository established to install the Reporting Center 51 52 Click on Change to use a different Reporting Center installation that already exists You ll be prompted for the new Target Host and Virtual Directory where the Reporting Center is installed 53 54 Click on the Optional Agent tab Verify the status of the Agent Manager the version the install state 55 Enable the Remove Optional A
76. oftware Corporation e www ecora com s 24 16 17 18 19 20 21 22 23 24 Click on the Non Agent Remediation Settings tab Choose to either Execute patch Windows Systems directly from Mon Agent Remediation Settings MSI Path Settings repository or Copy patch from Remediation Settings repository for local execution Required Free Disk Space After Copy MB 250 Use QEHAIN ERE Allow Reboot Choose to either m Delete missed Patch Install Timeout minutes EO Force Applications Closed on Reboot tasks or Retry Use Repository Skip Missed Tasks missed tasks on Execute patch directly from repository Ce Delete missed tasks next boot f Copy patch from repository for local execution O Hetm missed tasks on next boot Enter or select Required Free Use Alternate Repository is ace IN valable Alternate Repositories ser control of scheduled tasks Disk Sp i Available Al Repositori U of scheduled task mega bytes under Repositoy Wiking NewFiepositoy User may not delay or cancel WW hich the SWikinig M ewHh epository installation will not User may both delay and cancel proceed Defined Delay for user intervention er SECS Enter or select Patch Install Timeout in minutes after which the software will abort the installation attempt If desired enter an alternate path to the patch repository Enable any of the following options Use QChain exe which strings patch in
77. on click the System Selection button to choose the systems to which archiving applies 9 If you wish to see the scans in the archive click the View Archive button 10 If you choose to execute the archiving immediately click the Run Now button 11 lf you choose to run archiving on a schedule click the Schedule button and set the frequency in Windows Task Manager 12 Click OK Defining an Archive Database 1 Choose an existing data source from the drop down list click the Discover Servers button to detect servers to populate the drop down Click in the radio button to use either Windows or SQL authentication methods 3 If you chose SQL authentication enter a valid user account the password and confirm the password Click Verify to test access to server make corrections if necessary Click in the radio button to create a new archive database or use an existing database If you chose to create E Archiving Purging DSN Settings x a new database enter a database name and path to the data directory in which to create and store Server instance WRITER SECORA bd database files or use he Archiving Purging Settings Database Authentication the Browse button Ce Windows Authentication SOL Server Authentication to locate a data User directo ry Password fo 7 f you chose to use an Confirm password existing database select a database from the drop down list Database
78. on version like Application XYZ SP1 with file registry keys reasonable after SP installation For example For Windows XP the product version Windows XP Gold is defined by patch Windows XP Service Pack 1 Once the product Windows XP Gold is detected by its file registry checks service packs are not installed because Gold product has found All SPs are shown that affect this product such as Windows XP Service Pack 1 After the SP is pushed Patch Manager will not detect Windows XP Gold detection rules MUST make distinction here and another version Windows XP SP1 Should be detected Enter the parameters for the custom patch and click OK Select Registry Keys check and click Add Enter the path or use the Browse button to locate the path to the registry key s associated with this application E Patch Installer File Use the drop down list to indicate the 2 x type of key Define the custom patch registry keys Enter the information for the remaining Reaisty kew HKEY_LOCAL_MACHINE SOFTWARIE Ecora PCDE fields which vary based on the key type selected Value type STRING ical Click OK The files you defined should Yale name veson appear in the lower right pane Wauedata 10035552 3 Note At least one Registry Key Help m Check or File Check must be defined Repeat for any B additional l t parameters you Gei X3 m DR wish to define Edit Fiemove Import Export Cl
79. onitoring area click in the Enable checkbox to enable monitoring Use the drop down list to select an interval in minutes minimum 10 minutes to set how often the software checks for the conditions you define In the SNMP Alerts area click in the Enable checkbox to enable alerts via SNMP traps Enter the SNMP Manager name and Port number The SNMP Manager can be the name of any server running an application capable of receiving SNMP traps In the Email SMTP Alerts area click in the Enable checkbox to enable alerts via email E Settings l x d MEN Alerting Iw Enable Interval 10 minutes SHMP Alerts v Enable SNMP Manager Hug Port 162 S Email SMTP Alerts Iw Enable company SMTP Server Fort 25 Mas attachment size 10240 KB NEN L Enter the SMTP Server name Port number and the Maximum Attachment Size reports can get large and a list of email recipients email addresses E Tip The SMTP Server is generally your mail server in fully qualified domain name FQDN format server name domain name nnn or by full IP address Click in the checkbox to Enable Triggers created from templates if you wish to use provided triggers as editable examples Click OK Copyright Ecora Software Corporation e www ecora com e 60 To create an alert 1 Run the software 3 xl 2 Choose Edit SSES Alerte and Triggers from Available Alerts the main menu E
80. op User name Legd 6 On the IP Ranges tab enter a lower limit IP address and an upper limit IP address 7 Enter the username and password and confirm the password and click Add B Note You can also choose to save to file or load from file see file format 8 Enter the time limit in minutes during which the software will discover systems EITTEA 12811500 1281150 240 admin 12011200 9 Click on the Next button Upper Ip lent f128 112 0 240 10 Return to step 3 above E Password Confam password Sc Discovery time imt Individual IP addresses count Time limit for discovery fin minutes 1 cr Te ere eer Copyright Ecora Software Corporation e www ecora com 19 Specifying Unix Systems 1 10 didis 12 13 14 15 16 17 On the Systems Settings tab provide details for the system Note Fields labeled with RED text are required Enter the System Name Enter the DNS Domain Name containing the system Enter the I P Address of system Verify or change the Ecora Directory the directory of the target machine where the Ecora software copies files Verify or change the Working Directory Verify the discovered Host ID OS Version and Kernel Architecture Use the File System Space Requirements table to define the system disk space and free Inodes you wish to use as minimum requirements for patch installations If a system does not meet the requ
81. or more target systems to match a reference gold standard system You can use this to replicate a configuration or bulk patch a system to a proven standard Case 2 You can choose a model production system as the reference perhaps one of a group of systems configured consistently such as one of 50 sales machines then choose a system within your test lab as the target and remediate it to match exactly both patching and rolling back as necessary Maintain the test system and use it to install test and verify proper function of all patches and service packs before deploying to peacnenon systems Fal 1 Click on the Test Center button or choose Tools Test Center from the menu or press F9 From the Scan Description drop down list select a saved analysis and click Load 3 From the drop down list DST 2 x select a system to serve Select a scan from which to choose reference production and target rest systems on which to test patches as the reference system scan Description Ecorala Memberservers Kai V Tip The Reference EcoraQ4 MemberS ervers f Select systems ty system iS the production Os Notheasthegion Haeference ripae Ma that es stHiegia mm EE or mimic for testing purposes Patch Test Center x Select a scan from which ta choose reference production and target best systems on which to test patches Scan Description EcoraQl MemberServers cal Select systems to compar
82. or this policy v windows 2000 Advanced Servei Windows 2000 Professional zj Only susteme vath the OS vou sl Windows 2000 Server select wil be alfected by this policy Cl Windows NT Server 4 0 Windows NT Server 4 0 Enterprise Edition Use the plus and minus icons to O windows NT Server 4 0 Teminal Server Edition mpana OP amare Ne tie Windows NT Workstation 4 0 3 Enter a name and description for the new policy and click OK 4 n the Create Policy dialog box the Selection Criteria tab click on the Platforms tab E Create Policy Bx Selechon Ciena Rules Help Bled cine Fatome zeen 5 For every OS version to Select the software e i ccess 2000 m application s you wish to which this policy will apply Bee include for ths policy click in the checkbox or C Excel 2000 Only systems with the L Excel 2002 aeelication s you select wil choose Display All FrontPage 2000 be affected by this policy L1 FrontPage 2002 Usa the oks E Lou 7 Ti Mak lecti that O Internet Information Services 5 0 viste ide ips Make selections tha E Office 2000 tree share patches for best Office XP 2002 E Outlook 2000 results PowerPoint 2000 i L PowerPoint 2002 6 Click on the Applications E ELE tab DI Publisher 2002 O SOL Sener 2000 SOL Server 7 0 7 For Every software O SOL Server Desktop Engine MSDE 1 0 application to which this Fl em Sansa Deckt Ennina MENE NAN
83. ouble click on a node in the lower left pane use the expandable tree to Systems and Groupe locate and select groups or Available system to which this note Tusce L DAYTON ECORAQA applies Verify the selected gla Baa r ALBANY ECORAGA i BUST N ECORAQA i BUNNYEARS ECORAGA i DATT N ECORADA r NEwYT RK ECORADA i NOVELL ECDORAGA b DMAHA ECORADA Ee r FEN d warm aram kd systems in the lower right results pane Click the Apply button Click on the Approve Push tab 9 Tip To enable approvals choose File Settings and click in the Require approval for installation rollback checkbox 10 Click in the radio button for Approved for installation or Not approved for ER E EcoraPatchManager epes Ralback ApprovePush amp Approved for installation C No approved for installation Systems and Groups installation for Available f itd i DAYT N ECORAUA this patch bug 6116 NOVELL ECORAQA e H i SEATTLE ECDRAQA 11 Double click on a node in T C ALBANY ECORAGA Losse eg the lower left pane use L BOSTON ECORAGA l wINZK ECORA QA BUNNYEARS ECORAGIA WINZKDCBU ECORAQA the expandable tree to PDAYTON ECORADA DENVER ECORAGA locate and select groups or Lisa system to which this note b NOVELL ECORAGA i DMAHA ECDRAGA applies Verify the selected i PORTLAND ECORAQA systems in the lower right SALIERI ECORAGA i SEAT TLE ECO
84. policy will apply click in the checkbox Copyright Ecora Software Corporation www ecora com 64 8 Click on the Patches tab 9 Click on plus signs to Fa Create Policy NS GE expand the tree by Selecion Dies s application to see Paten Applications Patches patches Patches Hote Bulletin Installed Notinstalled Ignore 10 For relevant patches click elena in a radio button df Addincec exe 263365 MSO C C e j aP cllupdtexe 256167 Mamme C e C Installed Not La fowec 282132 MS012001 C C Installed Ignore This af JetcoPkg eve 239471 M 9900 e C controls which systems Da D sem 269880 Menge 6 C C will be displayed in Policy So wem ema O E Uactkec exe 262767 M500 34 C e C view only systems with dP dipZpka exe 241901 MS99044 C E C patches that meet the 5 P usp3pkg exe 269263 Mee amp C C criteria will show in the Outlook 2000 report For example outlelix exe 303833 MS01488 C C e ge h i EN 000 262767 MS00034 C e C eaving a patch set to Duek 2002 m I gnore will display ee eee eee mn systems with the patch E Paper installed OR not installed 11 Click on the Rules tab E Create Policy Em ixl Y Tips You do not have to define criteria on all three tabs If you DO the Pace Cts Bulletin Must be installed Must not be installed ignore filtering queries combine e uam as follows Excel 2002 For platforms the cn ifame
85. pository A patch repository iz a share location where patches are downloaded stored and fram which they are distributed ta target systems being updated Solaris Repository Enable Solare Repository Terminal File sun sys 5 DAS Domain name testlab IP Address 192 168 255 0 Jtestlab sun_sys_5 System Hast name Path E Settings Windows Repository A patch repository iz a share location where patches are downloaded stored and fram which they are distributed to target systems being updated Solaris Repository Enable Solans Repository Terminal Terminal Connection Protocol ssh admini User name Password Enter a Username with which to connect to the repository Enter and confirm the Password for the user name login user can access the root password for the target system is required 43 Retype the root password to confirm that it s correct V Tip The software can collect information to which the specified user account has 2 x Enter the valid Root password for the system To collect data beyond the areas the Copyright Ecora Software Corporation e www ecora com 12 44 45 46 47 48 access Additional E Settings system information can Repos be gathered if the login ara ee user account is a x member of group sys A patch repository is a share location where patches are downloaded stored and trom which they are distributed ta
86. pt changes and close the dialog box Patch Repository Maintenance Establishing automatic repository maintenance allows you to select patches by past scans or by product that you want to ensure are always current and downloaded in the repository You select which patches will be maintained and on what schedule and Patch Manager s background service does all the detection downloading and administration such as Changing the status in the repository without any intervention or prompting 1 In the Patch Repository Scheduler dialog box enable Automated repository management if you want to maintain current patches by product You must select the products and platforms you wish to maintain 2 Enable Enable automatic detection of platforms 21 x products and languages Patch Repository Updates for patch updates if VOU fu poeeme Want Patch Manager to DEE maintain current copies of v Enable automatic detection of platforms products and languages for patch updates MISSING patches from existi ng I Archive superceded patches scans P Tip If you enable the first two options but enable nothing under patch S selection Patch Manager will download current copies of any patch detected as missing in any of your existing scans This is basically a shortcut to selecting which products to maintain this option downloads all relevant patches based on scans 3 Enable Archive superseded patches if you wish to maintain archi
87. r Unix systems Discovering Windows Systems 1 Select one of the following network discovery options to find systems in the environment Active Directory utilizes Active Directory lt 21x Iscover Uptions tree to discover systems proceed with G Active Directoy ONS C NetBIOS Specify NetBIOS name step 2 Domain C Specify hosts NetBIOS utilizes NetBIOS protocol to discover systems proceed with step 2 compu ter name Specify Hosts allows you to manually enter import or specify systems in the environment proceed to the Specifying Hosts instructions then SE mcm return to step 2 2 Click the Next button Copyright Ecora Software Corporation e www ecora com 17 Select the domains 21x in which to discover Domain selection EE click or use the OCCHIO Select button Click on the Next gt button Select the discovered systems ECORAUDITOR No you wish to scan ECSP No double click or use MAI ne NT4ECORAGA No the Select button DAK No PATCH Al Mo Click on the Save USAABS No to File if you wish USBOST No WINZKS Ma to write a text file WINZKCHILD2K No containing these WINDEV No systems for re use Rd TIa Click on the Finish button En Hosts discover Computer s lection Computer Mame Ip Address Computer Role Selected Pe BS BSP ANGEL Workstation bj BSP AUSTIN Server Tes BSP Bay BREEZE Workstation Tes BSP
88. reducing risks to ti and your company E Settings Microsoft Internet Explorer The Reporting Center will be restarted after the new settings are applied Server Mame ecoralecora Database Mame Ecorapatch Trusted Connection SQL Server Authentication J User Marne E E mail Address patchi ecora com e Done Ix re Local intranet 2 Password Copyright Ecora Software Corporation e www ecora com 73 Administering Users 1 Choose Administration Users in the left pane E User Management Microsoft Internet Explorer File Edit wiew Favorites Tools Help u SEE Built in account Far guest access to the computer domain DAYTON Administrator m Built in account For administering Ehe computer domain Select the domain from which to select users Select any users you wish to add by checking the box to their left Click Add Copyright Ecora Software Corporation e www ecora com 74 Database Archiving amp Purging Ecora Patch Manager provides an utility for moving and or deleting scans as they age This allows you to manage the disk space used by accumulating data and can coincide with a comprehensive audit and backup schedule L 2 Choose Tools Archiving and Purging Settings Click in the checkbox to Enable Archiving data in the database Kb Note If the Enable checkbox is NOT available an archive database needs to be established so click Manage
89. sep Su win Wy Cone aan 7 So Menem E Vu min LN men wi am Be Capa EB Late ware Hotte 24146 Patch Found Bg cone CODLAMCER E TEE Bram age D cmm r a aiis ios TL DR CN ra rpm lS cet j eee 4902 i amd cc ILE se ide RID quA orum Lamp i fua oe eee ieu SI CTS ee rk nam di 8 Tiam H SCIT HE pa T onm amr ee pr re S H Am ur lard riam mum 20 EI g E ie Lii irem bay h aas a SU l ela ec Er eee ad BL s Lk 5e ri nmi Ee Hin lodos sg ADS iii mm iy donricu Vi zar roe Loewe Bele Ate LD IER Dain ka lmn h PP Set Ca i LI D ie i Date Pastel 2000 D TO DOE Cade Memm OI ime TED DU e oF ILI ge imm pr Re pui oye Re eege kafe pikig sr di Le s ss OSL Dee Ton lee ER o dj queen id pi le He zrek apum abra r m EE pem cun A Kamp gier Sir Pe EA ben graff ro ging om Reggie B i E r tir Er m eg Pp prod re dye eum ge Ewen tas f congianon CL Grp Ce Shan r e bert IP corm RECH med Se dei Tree aes eee eed ES Eon n Fue pam a BILL Lecce Rum dea am PL ee is Ta lr C RS mine ges Senn Se RB gen mim Ce zg ee reg ag nh zf ee HEB LBMLI DET bren re pe P P orina jd moni mum mme T eim parma coram afuit ales Pus Itzeg Ze ap FUL pibus ay aca ur Hua PT eng Ras ld mom Fors s OM diet ue Ros ur ia gud pu uem mam ma mabre gehen box ae ha iac ial dpe Pees ee a cod Se alde i eae cala ea Lora ana ee ce e ace pa cm ad Decem dam BELLI ea ug e Ire ee ee ee du il ig at Ee t oath L joni T p epini Sea pg ben E zs ae
90. server component of the agent communication that directs and synchronizes agent activities e Agent the software installed on target or client systems that will communicate with the server e OAService the software module responsible for job generation and workflow management e Data Processor the software module responsible for executing jobs related to the database saving analysis to database or extracting knowledge from the database 9 Seea diagram of Patch Manager connections and access requirements Copyright Ecora Software Corporation e www ecora com 57 Agent Manager Console To access the Agent Manager Console L 2 Choose Tools Agents or click on the Agent button In the Select a view group upper left side of dialog select to display All Agent Systems or a Filtered view Click Criteria to set the values and operators for the filter such as Agoni Manageme Console Sebo a vue C AM Agent Systema CC Filtered Cena CHICAGO MEMPHIS MILWAUKEE CHIDDCT ALEXA JAQDEVSERVER Ori IBENLEYXP BOSTON DAYTON MALACHION3 LOW 1 031 112 101 112 EE 101 112 mm 101 112 1 01 112 01112 1 01 1172 DONE Up Tit ate UpToDate Up To Date UpToDate Up To Date UpToDate We TeeD ote UpToDate Up To Date lUp To Daie UpToDate 2006 02 17 13 36 14 Every day at 19 00 120050217 13 35 28 Every day ot 19 00 2005 02 17 1336 OE Every day a 1800 2008 02 17 13
91. ss the Repository Manager Select a repository to review from the drop down list the display 4 Review the patches in the active repository using the column headings to sort on various information 5 Click on the Filter button to limit the view of patches according to criteria matching see Filter Repository 6 Click on the Schedule button to set up automated checks for new patches and repository maintenance 7 Click on the Download Now button to download a more current version of the selected patch Click on the Delete button to remove the selected patch from the active repository Click the Close button to accept changes and close the dialog box Pp Tip The Windows and Unix repositories are established via File Settings Repository tab Click the Refresh Repository button to load the most current information available into Repository Filtering 1 Click on the Filter button to limit the view of patches according to criteria matching 10 11 En Repository Manager Filter 2 xl Enable Filter Hatfix Filter by Hatfix UG and Application Filter by OS and Application m Windows 2000 Professional Windows MT Server 4 0 Windows NT Server 4 0 Enterprise Edition Windows MT Server 4 0 Terminal Server Edition Windows NT Workstation 4 0 dE or oe S Contains Equals Does not Equal Does not Contain Bulletin CJ Filter by Bulletin Contains Language 24 Filter by
92. stallations together before reboot Microsoft recommended Allow Reboot which permits the patch installer to reboot target systems if the patch vendor requires reboot Force Applications Closed on Reboot which closes all running applications without saving to restart the machine Enable one of the following end user options User may not delay or cancel User may delay but not cancel User may delay and cancel If you allowed user intervention set the time in seconds to wait for user response Copyright Ecora Software Corporation e www ecora com s 25 21 22 23 24 29 26 2 Click on the MSI Path E Settings tab a Properties EEA Windows Systems Review the last used paths to the installation posce CD for each MSOffice Last Used Office MSI Path product MSI Path To add an alternate d path for any product click in the Specify Path checkbox Use the Browse button to locate an alternate path Click on the Agent Settings tab Specify Alternate Office MSI Path Review the agent i L MEI Path version and status roduct Name a Microsoft Office 2000 SR 1 Professional English SBosten officez2 pra Click OK 55 Properties Windows Systems System Settings Remediation Settings MSI Path Settings Agent Settings Agent Agent Status Available Agent Version 1 00 0019 Copyright Ecora Software Corporation e www ecora com s 26 Understanding Scans
93. tall software u pdate after Component Status Release Notes download to Ecora Patch Manager Up to date autom atical ly i nsta th e Reporting Center Update available Solaris Knowledge Database Update available update so there s no Windows Knowledge Database Update available additional manual steps Click OK Follow the instructions to download and install B If there has been a database structure 7 Install updates after download recommended change you may be Help prompted to migrate the lc database if you need to operate without Internet connectivity refer to the instructions to update manually Scheduling Updates The patch information is only as current as your latest download Ecora updates the data frequently so scheduling regular checks is recommended To schedule upgrades 21x 1 Run the Ecora software Update Options Schedule 2 Choose Tools Schedule Updates Patch Database Updates from th e menu v Enable automatic detection of database updates Enable automatic downloads of database updates 3 On the Update Options tab enable the v Enable automatic installation of database updates options Enable automatic detection of database updates Enable automatic downloads of database updates and or Enable automatic installation of database updates Copyright Ecora Software Corporation e www ecora com es 52 Patch Database Updates 321 x Updat
94. tch installations together before reboot Microsoft recommended If you enabled Override QChain select Use QChain or Do not use QChain Click the Override Patch e E E Repository option if you zixl Wis h th iS j ob to deviate Select those global settings from Systems Management you wish to overnide for this job from your global settings If you enabled Override M Override OChain Override Reboot Patch Repository select Execute patch from repository or Copy patch from repository Use JChain Reboot after install C Do not use Chain Do not reboot after install v Override Patch Repository v Override Application state Cl ick th e Override Execute patch from repository C Force applications closed Reboot opti on if you WIS h C Copp patch from repository Do not force applications closed this job to deviate from your global settings Reboot permits the patch as installer to reboot the System Management d Cancel machine if Microsoft requires reboot Prompt for job settings every time If you enabled Override Reboot select Reboot after install or Do not reboot after install Click the Override Application State option if you wish this job to deviate from your global settings If you enabled Override Application State select Force applications closed or Do not force applications closed Force Applications Closed on Reboot exits all running applications without saving
95. te At least one Registry Key Check or File Check must be defined Wale data Jumm Enter the path or use the Browse s button to locate the path to the registry key s associated with this application Use the drop down list to indicate the type of key Enter the information for the remaining fields which vary based on the key type Click OK The files you defined should appear in the lower right pane E Application Properties ajx Define the custom application to be managed Name Enterprise Auditor lor Language English m Application version m Description Change amp Configuration Management Regist keys check ke Lite Value Daa Registry keys check HKEY_LOCAL_MAC STRING SS Extended parameters Remove 17 Use the Edit or Remove buttons if you wish to modify or delete existing file or key definitions 18 When the application is defined click OK to close the dialog 19 Perform a test scan to verify that the tab appears in analysis and the contents match your expectations Copyright Ecora Software Corporation e www ecora com s 45 Defining a Custom Patch 1 Select an application in the left pane 2 Right click 21 xl to access r ay i FI the pop up p H menu and Export select Add Description Patch Protected applications 2 EH N Text Pad 3 Enter a i SN Text Padi4 7 3 English name for EL Custom applications the patch E Enterprise Auditor Ad
96. text to appear on the connection before attempting to log into the system If nothing is specified it immediately attempts to login once the connection is established E Specify the Connection Protocol Port number for terminal connections 0 uses the default for the selected protocol F Specify the Connection Protocol Port number for file transfers 0 uses the default for the selected protocol v Tips Entering a ZERO 0 value for any advanced settings will use the defaults A non zero value in any of the connection delays will cause the software to delay that amount of time after a login or after issuing the su Copyright Ecora Software Corporation e www ecora com 13 49 Preterences Maintenance Database ring Reporioy 56 57 58 59 60 command in the case of root delay before the software will execute any commands The software follows the normal login procedure send username send password then waits n milliseconds before returning connection complete A non zero value in either of the prompt settings causes the software to after the normal login procedure search for the string entered as the users prompt S Read more about terminal connections Click on the Reporting Center tab 3 xl Reporting Center Reporting Center Settings The Reporting Center is a web page where reports can be created from the patch knowledge database Verify change or install the Reporting Ce
97. up Connecting to zoalander ecora com 4 Click in the checkbox for the group of systems E ae f ecoratadministrator BR you wish to report Password eonneees 5 Select other applicable options displayed based on report selected Remember my password cw Copyright Ecora Software Corporation e www ecora com 71 E Reporting Center Microsoft Internet Explorer Microsoft Internet Explorer ial xl DE Ee f Q ext x gt fp JO seach 5j f Favorites QU Media Ole eA L E Ws Address bitte ecorajecoraReporting center Printable Yersion E Mail Report Export Report te CSN format Expert Report te DOC Format Select Report Automatically document analyze and fortify your IT infrastructure Ecora Patch Manager helps secure vour systems from vulnerabilities but that s on half the battle ES Are sd S Fan t EIS ing Administration Print se Versa i Had Papert H Depari Papert ig CAV armai Caper Eetsrt te HH Term of Messing Internet Explorer E OU Patches 70 3 out of 10 patches installed Erang Internet Information Services D Patches 100 0 out of 2 patches instaled J Missing Windows 2000 Server Patches Sire 17 out of H patches roseg rese Wireiows Media Player 6 4 for Windows 2000 Patches 20 4 out cS patches etaled DEE Missing
98. ur IT infrastructurel Ecora Patch Manager helps secure your systems from vulnerabdities but that s only half the bake s Are pou regularly tracking system configursbon changes a Do rou have current dooumentaton t enable rapid system recovery e How about a detailed sudit trail to satisfy TT suditors if not click here te learn more about Ecora s automated solutions for reducing risks te the IT infrastructure and your company s bottom line Copyright Ecora Software Corporation e www ecora com 3 User I nterface Overview Main Window The toolbar is divided into two bars Tasks and Views The upper task buttons perform actions whereas the lower view button change or filter the display of the current analysis b amp E b E U ee lA P wee E A RB CO CE wea i lee 88 bl An a RL i wirken ERE LS 3555 uit num 32 ay i LA conn T NET ED dp mum E Lu wr ri dri LA x EL LAE ws RW a LL m ceni EE EL ae omm EXT ek Ki LE ls A WHH eb DOSS Ej ee EPET ede Y vers DS bile bai eg Jar MI i i aia Ua Sg b rard nm SFR kel UE OM TT rem Deag Pet D Mi SUR Zeep ZOE P Leon in Pn L en e Fm eno eee Desk EL 2901 IS erem CEP E Lx ELI CEA JS TL addi agi arg Dsg la Wa zt Ma A ea a Pos ars lah i Bg onaga qu D Y ee m GH DS ad dimer ERT DO PC DIC geg EE Le as he COORG DA D 7 ig OR oF AT Pu Ww Le en p pim Tn mmu imm DE MI fg ECORAGA SS oaa y we lata es amet RS oe TH wi aa oa
99. ved copies of patches replaced by newer versions These archived copies are renamed and maintained in the repository not moved or deleted 4 Click on the Patch Selection button to choose which operating systems and or applications will be handled by automated repository maintenance 10 En Product Selection x Select target platforme and products from the list below to enable automated patch retrieval and storage E Sun Solaris Products H D FuS hea ze FJSVpiclu i Rm 11 8 LT FJSvspi LT FJSvsplu LT IPLTadeon E PLT admin i E 51 H CJ IPLTcons H IPLTdscon H C IPLTdsu m LL IPLTiss H LT IPLTris kal TT International Japanese L Spanish TT Swedish Click on the plus signs to expand the tree Click in any checkbox to select that application OS and its patches Tip To select only some child objects expand the tree but do not select the top level object Instead select the child subordinate objects In the lower pane select the language s you wish to support and maintain Click on the Schedule button to set up the dates times schedule and automated recurrence of repository maintenance Click OK Click the Close button to accept changes and close the dialog box Tip If you need to operate without Internet connectivity update manually or create an installation with repository on a machine with Internet connectivity maintain updates and current p
100. which is the number of minutes between each contact with agents Pott s E 9 Enter the Bandwidth Percent which is the ca id t maximum percentage of network bandwidth agent communication may consume 10 Click Next gt 11 Select the website from the drop down list Bandwidth Percent 80 He Ee Back EZ gt RS 12 Choose to Use SSL or Specify host name and i 3 port number for agent communication 21x Web Site Selection 13 If you chose to specify host name and port number enter them in the text box separated by Select Web Site to install the Agent Manager a colon Web Site Default Web Site LM wW3SVC lia 14 Click Next gt Use SSL for the agents connections 1 5 A C i C k F i n is h I Specify the host name and the port number of the Agent CH Manager host computer for the agent connections explicitly HOST NAME PORT Note Host name must be the system name or DNS alias not a host alias For information on agent manager installation see Troubleshooting Optional Agent Host Name Copyright Ecora Software Corporation e www ecora com e 54 Installing Agents Agent software is installed on target systems through a deployment process in the Systems Management interface To deploy the agent to systems 1 Choose Tools Systems Grouping or click on the Systems button Systems Management x Manage Systems Groups All Sushems Systems
101. y and OK to close the Test Center dialog Copyright Ecora Software Corporation e www ecora com e 69 Reporting Center The reporting center is a website interface created by Ecora to provide an intuitive way to query the Patch Manager database The URL can be accessible to anyone in an environment who can access the share on which you choose to install the reporting center ClOs or auditors can see a report of Hardware Inventory of the environment whereas an IT staff member might be more interested in the Patch History report for one machine Installing the Reporting Center 1 The Configuration Wizard can be accessed via setup or File Settings Reporting Center tab Configuration Wizard Als 2 Specify the target NCC host shared with IIS and Microsoft Specify a target host for the Specify system domain system MUT EINE instal led Enter the domain and system name damam system in the 3 Enter the domain nn EE pes ES Lee no l Select a d hich to x and system inthe Size pa ws DESI textbox OR select GA og a domain from the DEVENG No list to discover a systems then ECORA No select a system Ger is from the resulting ECSP No list EDOMINO Mo EXCHANGE2000 No KENNEBEC Mo m E Configuration Wizard E A xl Select Target Computer Select a shared I5 server on which to install the online reporting center E ECORA LECDRATS No REMCHANGEZK Mo Next gt
102. ysis to disk Exit closes the application Edit Alerts and Triggers accesses a dialog box in which to create or modify notifications by the software when user defined conditions are met for details see Alerting View All Patches displays the service packs hotfixes notes and warnings for both installed and not installed patches applicable to the selected system The report is a list of both current packages and ones that have been superseded I nstalled Patches displays all available patches applicable to the selected system that were detected as installed Copyright Ecora Software Corporation e www ecora com sf Missing Patches displays all available patches applicable to the selected system that were not detected as installed Policy displays all patches and systems according to compliance with user defined policies View Log displays the record of patch deployment date session ID severity system upgraded etc in an HTML file The log may contain a link to the log file of the target system s where details of the patch installation are recorded Tools Systems Grouping accesses the dialog box in which to group systems set system credentials and discover new systems Agents accesses the dialog box in which to schedule agent scans change agents settings etc for details see Agent Management Policy Management accesses the dialog box in which to define and edit policies for details se
103. ystems and Groups i BMQS201 ECORA z amp z MBSDOB ECORA ALBANT ECORAGA i AMYAM ECDRAEDA ie ANGEL BSP ATLANTA WINZKCHILDZK i AUSTIN BSP Z BCH FTS 4CO1 BIRCH i BIGHMOUN TAIN ESP i B STON ECORAQA i BUNNYEARS ECORAQA ie CHEYENNE BSP L CHILDDCT CHILD j COLTRANE ECORA be DALLAS AvINZEDHILD 2K DAYTON ECDRADA h DENVER ECDRADA be GERSHWIN BSP KATAHDIN BSP h MLM AWIN2K CHILD 2K i NEWYORK ECORAGA l SR el 21 4E CORA i BMOS 201 ECORA S NGOOB ECORA ALBANY E CORAGA AMY Vie IECORADA ANGEL BSP ATLANTA wINZKCHILD2K AUSTIN BSP BEH PTS XCUT BIRCH BlaMOLIN TAIN ABEE i B STONJ ECORAQA i BLIMNTEARS ECORALA i CHEYENNE BSP i CHILDDCTACHILD COLTRANE ECORA DALLAS AvIM2KECHILD 2E DAYTON ECORAGA DENVER ECDRADA GERSHWIN BSP KATAHDINJBSP e MIAMIAWINZECHILD2K i NEWYORE ECORAGA Sa EcoraPatchManager eebe Ignore f Mot included in analysis C Included in analysis Systems and Groups Available Ey All Systems l bug 6116 Gla i b ALBAN Y ECORADA I BOSTON ECORAGA i BUNNTEARS ECORAGA i DAYTON ECORAGA l DENVER ECORAGA i NEVT RE ECORALGDA i NOVELL ECDORADA i OMAHS ECORADA i PORTLAND ECORAQA i SALIERI ECORAGA i SEATTLE ECORAQA i STORAGE ECORAGQA i TELLURIDE ECORAQA i TEMPE ECORAGA i VMES5 SPS ECORADA r VMERCHS5 SPA ECDRAQA i WIN2K ECORAQA PO n WIMZEDCBU ZECORAGA ij e ZOOLANDER ECORAGA Ignore Patch i DAY
Download Pdf Manuals
Related Search