This document will explain how to setup Shavlik Protect Agents to automatically deploy service packs
1) Open your Agent Policy you would like to add the service pack task to or create a new agent policy by going to New > Agent Policy.
2) Click on the Patch Tab and then click on Add a Patch Task....
3) Name the new Patch Task. (Example: Service Pack Deployment)
4) Select a schedule that you would like the service pack to be scanned for and deployed. For the purpose of this article, we are choosing to use a schedule to automate the installation of service packs. You can leave the Use Schedule box unchecked and perform the service pack deployment manually through the agent in Machine View. More on that here: http://help.shavlik.com/Protect/onlinehelp/92/ENU/EN/Managing_Your_Agents.htm
Service Packs tend to be very large and thus can take time to download. It is recommended to select a time when the users will not be on the target machine and when the network is not at peak hours.
5) Click on the Scan and Deploy Options tab (In Protect 9.1, this is in the drop down menu).
6) Choose a Patch Scan Template.
7) Select a Deployment Template.
Since service packs always require a reboot, we recommend to use the Agent Standard template, but if the machine is unable to be rebooted after Service Pack deployment, please be sure to use or create one that has a no reboot after post deployment.
8) You can choose whether to deploy patches at this time as well. For the purposes of this article, I have chosen not to include patches in my deployment and to only deploy service packs if they are missing.
Follow the notes below for more options and what the available options mean:
Deploy service packs
If you want the agent to be able to automatically deploy service packs that are identified as missing by the patch scan, enable this check box.
When the agents perform a service pack deployment they will deploy only those service packs that are:
Service Pack Deployment Process
If an agent machine is missing multiple service packs, only one service pack will be installed at a time. The patch task will begin by initiating the download of all missing service packs. Operating system service packs are downloaded at a higher priority, but whichever service pack gets downloaded first is the one that is first installed. After the service pack is successfully installed, the machine is restarted, rescanned, and the process is repeated until all service packs are deployed or until the daily limit is reached [see theLimit deployments (per day) option].
In addition, each patch task is allotted a 60 minute window to complete the download > install > restart > rescan process. (This is part of a two hour total maintenance window that is allocated for downloading missing service packs and patches.) Only those service packs that are successfully downloaded during this 60 minute window will be installed by the active patch task. If the patch task cannot finish downloading all missing service packs during the 60 minute window, the remaining service packs will be identified, downloaded, and installed the next time the patch task is run.
The downloads occur in the background using idle bandwidth not being used by other applications. Foreground tasks such as Web browsing are not affected by the service pack download process.
If an agent machine becomes disconnected from the network during a file download, the process will be suspended and will automatically resume where it left off when the network is available again. This technique is called checkpoint/restart and is extremely useful for machines that are frequently disconnected.
9) Click Save and Update Agents button. If this is an agent policy already installed on target machines, then the target machines will check-in at this time if able to receive the new policy change. If this is a new Agent Policy, you will need to assign the policy manually. For more information on that process, consult the following: http://help.shavlik.com/Protect/onlinehelp/92/ENU/EN/Managing_Your_Agents.htm
10) At the next scheduled time for scan and deployment that you selected in Step 4, is when the service packs will be scanned for and deployed.
Scheduling and deploying service packs automatically is currently only available with a Shavlik Protect Agent. Agentless service pack deployment must be done manually.
For instructions on how to deploy a service pack agentlessly, follow this article: How To: Deploy a Service Pack to Multiple Machines
For guidelines on service pack deployment, consult the following article: Shavlik Protect Agentless Service Pack Deployment Guidelines