What is Patching?
Periodically, computers managed by OIT need to be patched to update, fix, or improve operating systems, computer programs or address security vulnerabilities. Patches usually improve the usability or performance of a system.
How are system updates delivered?
- OIT uses Microsoft’s System Center Configuration Manager to deliver updates for Windows, the Office suite, and select applications to all DDS-managed Windows PCs. This process replaces Windows Update, and gives DDS greater flexibility in the testing, monitoring, and deployment of critical system updates, reducing the impact to our customers.
- For Macs, OIT uses JAMF Pro to deliver updates for macOS, the Microsoft Office suite, and select applications to all DDS-managed Mac systems.
What is DDS’ testing process?
Before releasing to our customers, new updates are first deployed to a smaller group made up of DDS technicians, OIT employees, and other volunteers as a pilot to ensure that the updates are in working order and don’t cause any unexpected conflicts with other software in use by our supported departments. Each set of weekly updates is reviewed by the DDS team, and any updates that cause issues or otherwise don’t pass testing are withheld and investigated. Should all of the software updates install successfully and no issues are identified during testing, the patches are approved for wide release.
What is the end-user experience?
Windows
Once approved, updates are delivered to your Windows systems and set to quietly and automatically install after 4pm Friday afternoon. A restart may be needed to completely apply some (or all) of the updates, and we encourage you to do so at your earliest possible convenience. Because these updates are so critical to the digital security of CU, any Windows devices that still require a restart for system updates by 3PM Wednesday will enter a “maintenance window,” and a restart will be automatically scheduled 22 hours later. You will see a notification in the System Tray that, when clicked to open, informs you that a restart is pending and displays a countdown to when it will occur. If opened, this countdown screen can be dismissed until 4 hours remain, at which time the countdown warning appears and stays on-screen until the PC is restarted by the user or the countdown reaches 00:00:00.
Please note: This only takes place after the release of Microsoft updates, and only if those updates actually require a restart. DDS-supported systems will not be automatically restarted if they do not require it.
Windows Update Process with Screenshots
After updates have been installed Friday afternoon, a notification will appear above the System Tray in the bottom-right corner of the screen. The green icon in the system tray has a white circle, indicating that a restart is not yet scheduled.
Clicking the notification (or the System Tray icon) will present a window, allowing the user to restart immediately or set a reminder sometime later.
If a restart is still necessary by 3PM the following Wednesday, the Windows device enters its Maintenance Window and a restart is automatically scheduled 22 hours later. The green icon in the System Tray now has a yellow circle, indicating that the countdown to an automatic restart has begun.
Clicking either the notification or the System Tray icon will open the Restart Countdown window, showing how much time remains. At this point, the window can still be dismissed and work resumed.
When only 4 hours remain, a final notification will pop up and the Restart Countdown can no longer be dismissed. The System Tray’s icon indicator changes, and as the deadline approaches the countdown bar will turn yellow, and finally red. This is a user’s final opportunity to restart manually.
Macintosh
Once approved, application updates that do not require a reboot are delivered to your Mac and set to quietly and automatically install after 4pm Friday afternoons. On the other hand, system updates to macOS usually require a reboot.
Mac Update Process with Screenshots
When system updates are approved and delivered to your Mac, a dialog will appear, instead, giving you the option to defer the update to a later time.
If your system is off or asleep or unable to connect to JAMF Pro at the deferred time, the updates will not install. Because macOS system updates are so critical to the digital security of CU, by 9AM on the following Friday, any pending system updates will automatically be installed.
After these pending updates are installed, this dialog will appear. This dialog can be moved around the screen but cannot be closed. Your system will reboot 5 minutes after the OK button is clicked and being installing the required updates.
