4 Replies Latest reply on Oct 24, 2013 11:47 AM by cwinning

    Ability to patch a system without using the Shavlik console?

    Rookie

      Forgive me if this has been asked before, but I wasn't able to find any prior discussions on the topic.  My question is this: 

      Is there a way to patch a laptop in my organization this is not usually connected to our local network?  I was wondering if Shavlik has the ability to patch a system by using the Agent that is installed on each system, or extracting the data from the xml patch file, or...yeah, I'm not sure, as I am still very new when it comes to patching the systems in my organization.  The user is on the go quite a bit, and didn't want his system to be vulnerable for weeks/months of Java, Adobe, and other security patches updates that are constantly being released.

       

      Thanks in advance.

        • 1. Re: Ability to patch a system without using the Shavlik console?
          cwinning CommunityTeam

          Hello,

           

          We have a complete solution for networks that have laptops that roam to different locations or that park and dock outside the office.  For devices you can use the agent-based features provided by Shavlik Protect, which are implemented using Shavlik Protect Agent. With Shavlik Protect Agent you can be sure that these machines are scanned regularly, even if they are disconnected from your network.

           

          Agent Quick Start Guide:

          http://www.shavlik.com/uploadedFiles/Support/Online_Documentation/Shavlik_Protect_90/agent-quick-start-guide.pdf

           

          Please let us know if you have any questions on the agent-based solution.

           

          Thank you,

          Charles

          1 of 1 people found this helpful
          • 2. Re: Ability to patch a system without using the Shavlik console?
            SatisnetSupport Rookie

            The Shavlik Agent is exactly what you want.

             

            There are "other" products that would enable a user to scan and patch their own machine, but they won't let you audit the state of these remote machines, and the end user would need to be a local administrator on that machine to install the patches.

             

            With the Shavlik Agent "cloud" enabled, the remote machine can not only be scanned, patched and the results returned to your Shavlik Console, it will also pick-up changes to your Agent Policy(s) whenever it has internet access, so can always be sure it is compliant.

             

            The Agent is free with all versions of Shavlik (Standard and Advanced).

            • 3. Re: Ability to patch a system without using the Shavlik console?
              Rookie

              By reading over the Agent Quick Start Guide, it looks like I could create a "distribution server" and set up a scheduled sync that would copy over any up to date definitions/patches from the console to the distribution server. 

               

              Next question: 

              Say I have a user who is going to be on travel for 3 weeks and he/she utilizes many Java intensive apps on a regular basis.  A new Java update is released while that person is on travel, and Java need to be updated to the latest verison.  Can this employee, as a standard user without any admin privledges, open up the Shavlik Protect Agent, scan the laptop (via HTTP it looks like) and see what patches need to be installed?  If there was 7 total patches that the user was missing, would it be possible to ONLY choose the Java update, or would they have to install all 7?

              • 4. Re: Ability to patch a system without using the Shavlik console?
                cwinning CommunityTeam

                Correct, you do have the option to use a Distribution Server as a share for the agents or you can opt to have the agent download files directly from the internet.  Both are viable options for the agent.

                 

                For the 'next question', the agent should be able to perform what you are describing with some configuration on the agent side.  The non-admin user would be able to open the Agent GUI and initiate a scan with deployment.  The scan would control what is scanned for and deployed so you could setup a scan only to look for java patches if you like.  You can have multiple scans per agents in case you also need a scan for the remaining patches.

                 

                Please let us know if you have anymore questions.

                 

                We also have some very helpful videos on agents:

                http://www.shavlik.com/support/training-videos/