GFI LanGuard

The particular patch deployment (remediation) course of action is often carried out in the next way:
GFI LanGuard logs in the target machine and accesses the distant registry with the concentrate on machine

All information expected for deployment (patchagent.exe, deploypatches.bat and patch installer executables - see Take note) are copied to the goal device because of the GFI LanGuard server. (By default this is completed by means of the traditional admin shares to having said that the location may be transformed to your tailor made share in the deployment settings)

Note: When the goal Personal computer provides a GFI LanGuard Agent mounted Which agent is configured to use a Relay Agent, patch installer executables will probably be requested through the Patch Agent Support through the assigned Relay Agent
To troubleshoot connectivity from your GFI LanGuard console on the focus on equipment for distant registry as well as admin shares, use procedures noted in: How to test network connectivity and security permissions for GFI security products.

The batch file (deploypatches.bat) includes the commands with parameters to put in all chosen patches silently

A provider named GFI LanGuard Patch Agent provider is then put in and commenced about the device. This provider that can execute the batch file and watch the position of your patch deployment. It will send position updates (setting up deployment, concluded deployment) into the GFI LanGuard Server's communications port (1070 by default) by using HTTP. The qualifications for this assistance are laid out in the deployment options (Regional Technique by default), and must have community administrator permissions to the focus on equipment together with the "Login for a company" ideal.
For every patch a different momentary batch file is made on-the-fly that contains the particular installation commands for that 1 patch

The GFI LanGuard Patch Agent Service returns the final results of the deployment (achievements or failure) into the GFI LanGuard Server by using the communications port (1070 by default).
Following the patch deployment, the provider is un-set up and any extra actions brought on (described while in the batch file), for instance rebooting the equipment

Notes:

What alterations are necessary on a Windows XP SP2 / 2003 equipment to permit GFI LanGuard to scan and deploy updates to it?
Whenever the GFI LanGuard Server receives a communication from the Patch Agent assistance it resets the timeout counter. If your timeout configured while in the patch deployment settings (600 seconds by default) expires before the remaining result's acquired, a message will be revealed from the UI stating the deployment might have unsuccessful due to the fact no opinions was acquired. This could be as a consequence of considered one of the next circumstances:

The Patch Agent service fails to hook up with the GFI LanGuard Server's communications port.
A patch is getting more time to deploy compared to the timeout setting (Company Packs, Net Explorer Edition upgrades, .Internet framework patches, and so on.)

If the timeout is arrived at, the concept is displayed as well as remaining patches is going to be outlined as "unsuccessful" along with the LanGuard server will start a deployment to another device within the record. Even so, the Patch Agent services will go on to set up the remaining patches and may properly set up them all. Thus, a scan has to be done to confirm When the patches were being the truth is installed.

When employing a batch script inside a Tailor made Application Install which triggers an installer over a network share, make sure the PatchAgent support has ample permissions to entry the network share. By default the PatchAgent provider runs from the context of "nearby procedure". If this isn't acceptable, one can specify a selected consumer in the deployment possibilities