We face an issue with patching a large, Windows based client computer environment.
I am not talking about Microsoft OS patches but patches of applications. The problem is that end users have administrative privileges to their machines (no way to change this as it's a contractual requirement) and install their own software beside the software managed by us. Regrettably the installation of self-installed applications is not controlled in anyway and often their applications make use of our applications and therefore block files/processes.
- We manage the email application and should patch it
- We are aware of some additional tools, accessing the email application, hence before patching starts we check if the email applications as well as the tools known to us are closed
- Regrettably there are other, "end user managed" tools out there (e.g. a calendar sync tool for whatever mobile device) which are keeping files/processes of the email application open and make a straight forward patching of affected PCs impossible
I assume other companies have similar issues. How do you overcome those?
E.g. is there a reliable solution to install patches during reboot?