Install patches & updates during reboot

We face an issue with patching a large, Windows based client computer environment.

I am not talking about Microsoft OS patches but patches of applications. The problem is that end users have administrative privileges to their machines (no way to change this as it's a contractual requirement) and install their own software beside the software managed by us. Regrettably the installation of self-installed applications is not controlled in anyway and often their applications make use of our applications and therefore block files/processes.

Example:
 - We manage the email application and should patch it
 - We are aware of some additional tools, accessing the email application, hence before patching starts we check if the email applications as well as the tools known to us are closed
 - Regrettably there are other, "end user managed" tools out there (e.g. a calendar sync tool for whatever mobile device) which are keeping files/processes of the email application open and make a straight forward patching of affected PCs impossible

I assume other companies have similar issues. How do you overcome those?

E.g. is there a reliable solution to install patches during reboot?
CPABAsked:
Who is Participating?
 
AlexiosConnect With a Mentor Commented:
No, I was referring just to your question

Group policy is a good solution... for applying patches
0
 
AlexiosCommented:
Hello
Indeed the administrator privilege is an issue for the situation as you decribed it

Group policy is a good solution
0
 
CPABAuthor Commented:
@Kostasp: thank, but what do you exactly mean with "group policy is a solution"? Preventing the customer to install apps? We are regrettably not allowed to do so...
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
CPABAuthor Commented:
Ok, yes, that's an option.

Is somebody aware on how to realize something like this using Microsoft SCCM. We are currently patching using SCCM and have all processes and reports designed around this tool. Hence it would be nice if we could integrate such a "patch on reboot" solution into SCCM based patching...
0
 
AlexiosConnect With a Mentor Commented:
Yes...
I think that you cannot configure that specific action with SCCM unfortunately
0
 
AlexiosCommented:
Glad to help
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.