Previously, we explored eight common reasons why it is unrealistic to expect patch health to consistently report 100% for all servers, PCs, and laptops. However, there are some measures that clients can take that can positively impact patch delivery, improving scores over time. These include:
Make sure Wake-on-LAN (WoL) is enabled on all systems
As we on-board clients and initially setup our patching service, we often have to enable Wake-on-LAN on all devices to be patched. However, as new systems are sourced, some manufacturers have WoL disabled out of the box (We’re looking at you, Dell). There might be other idiosyncrasies with network configurations on vary particular device models that will cause systems even with WoL enabled to not wake up, such as “Energy Efficient Ethernet”.
Use Ethernet instead of Wifi for updates to laptops
For those users running portable computers, there have been times we’ve been told “I don’t understand – my notebook was connected to the network overnight, but it didn’t get updates” only to find out, the user was only connected via Wi-Fi, not a wired Ethernet connection. WoL is not effective over Wifi; a wired connection is needed to wake a sleeping computer. Also, Ethernet transfer rates are much faster. Therefore, please be sure to use a wired Ethernet connection to accept updates.
The most common misconception with our patch delivery system is that as soon as a device is connected to the network, if it’s missing patches, the patching fairies will start doing their work and pushing updates. If there’s one thing to remember, it’s that all patch delivery is conducted on a scheduled basis, not reactively according to time spent online. Additionally, systems that have been offline for a protracted period of time might require several patch delivery windows in order to be brought up to compliance. The more often a system is available for an update window, the more rapidly it can be brought up-to-speed. Update delivery schedules will typically run outside of normal business hours to avoid impacting users. This is especially true for third-party applications like Adobe Reader or Oracle Java, which require web browsers and plugins to be closed before updates may be applied.
As you can tell, there are many, many factors that can impact patch scores. With all factors considered and by following the guidelines above, we find that a typical client environment should target a 90% to 97% average as a fair and attainable goal on a rolling basis.