Ivanti Patch for Windows Tips and Tricks

Version 14



    This document will provide helpful tips and tricks for Ivanti Patch for Windows Servers.




    The following information assumes that you have a basic understanding of the functionality of Ivanti Patch for Windows Servers. If you are brand new to this product we recommend you check out the following training resources:





    • Licensing is based on use of deployment seats. One deployment seat is taken for 45 days when:
      • You deploy to a machine in an agentless configuration
      • An agent checks in in an agentless configuration
    • Because deployments to hosted virtual machines differ from deployments to physical machines, deploying to the same machine as both a hosted virtual machine and a physical machine will result in two deployment seats being taken.
    • There is no way to force removal of a deployment seat. If you run out of seats you must request additional seats from your account manager or in a temporary situation request temporary seats from Support.
    • For more information about licensing in Ivanti Patch for Windows Servers, please check out How To: Managing License Seat Usage with Shavlik Protect .



    • While Patch will be installed with SQL Express by default, you should install a full version of Microsoft SQL Server if you plan on the database containing more than 10 GB of data as that is the SQL Express limit.
    • You can view the instance and database that your console is connected to at the bottom of Help > About in the Ivanti Patch for Windows Servers console.
    • If you are using a local database, you can check the actual database file by going to C:\ProgramFiles\Micrsoft SQL Server\...\Data.


    View > Event History

    • View > Event History shows the status and information for tasks executed in the background such as scheduled console tasks, database maintenance, and distribution server syncs.
    • You can see inforamtion about a certain event in View > Event History by clicking on the event and looking at the information in a pain underneath the event window.


    View > Patches


    View > Machines

    • View > Machines is a view of the database and therefore any machine that you have ever successfully scanned will show up here unless you right click the machine and select to delete it.
    • Only machines that have been successfully scanned through a particular machine group agentlessly will show up associated with that particular group in View > Machines. This is discussed in further detail here Understanding Machine Groups and the Machines View



    • You can right click and export almost any list such as a list of machines in View > Machines or a list of patches in View > Patches to a CSV.
    • We provide canned reports on demand in Tools > Create Report or scheduled reports in Tools > Schedule Report as well as emailed report options, but you can make your own custom reports by using this guide Report Views Guide


    Agentless Scan and Deployment





    • Ensure that Windows Automatic Updates is disabled on machines that you deploy to. You can disable Windows Automatic Updates via Group Policy or locally following the steps here Best Practice: Windows Automatic Updates.
    • If you have antivirus or malware prevention software on your clients and you see strange behavior in your deployments or reboots, whitelist the items under the Agentless Deployments section in this document Antivirus Exclusions For Patch Deployments
    • If your deployment remain at the status scheduled in your console, but patches are installed on your clients, follow the steps in this document to fix your deployment tracker Deployment Tracker Stuck At Scheduled During Deployment But Patches Install
    • We include the following deployment logs in C:\Windows\ProPatches\Logs:
      • STDeploy.log - This gives feedback on the deployment process itself.
      • STDeploycore.log - This gives feedback on the specific patch installation and you can find patch return codes by doing a search in the log for the word "Return".
      • STdplyevnts.log - This gives feedback on the deployment tracker.
      • Safereboot.log This gives feedback on the reboot process.
      • Keep in mind that all log times are in GMT.
    • For more information on our deployments please see Shavlik Protect 9.2 Deployment Process Workflow and Troubleshooting



    • It is recommended that you check the items mentioned in this document Agent Status Message: "Agent didn't respond" before installing agents that you intend to control from the console.
    • You can control agents on your network from the console by right clicking a particular machine with an agent installed in View > Machines, selecting Agent from the menu and then selecting a desired task.
    • When using a cloud agent, you can force a change to the agent over the cloud quickly by going to Tools > Options (Operations in Protect 9.2) > Protect Cloud Sync > Force Full Update Now.




    Additional Resources



    Affected Product(s)

    Ivanti Patch for Windows Servers (Shavlik Protect) 9.2, 9.3