Deploy service packs

If you want the agent to be able to automatically deploy service packs that are identified as missing by the patch scan, enable this check box.

When the agents perform a service pack deployment they will deploy only those service packs that are:

1. Scanned for by the patch scan template, and
2. Reported as missing, and
3. Approved for deployment.

• More info: A link to the Help topic that explains how service pack groups are used by the program:http://help.shavlik.com/Protect/onlinehelp/92/ENU/EN/About_Service_Pack_Groups.htm
• All SPs detected as missing: Specifies thatany service pack identified as missing will be eligible for deployment.
• Service Pack Group: Only those service packs contained in the specified service pack group will be deployed by the agent. If a scan detects missing service packs not included in this group, those service packs will not be deployed.
• Limit deployments (per day): Specifies the maximum number of service packs that can be deployed to a machine in one day. Service packs can take a long time to deploy and almost always require a reboot of the machine, so you typically want to keep this number rather small. If you do not limit the number of service pack deployments in a day you run the risk of overwhelming a machine if it is missing a large number of service packs.If a machine is missing more service packs than the specified limit, the additional service packs will be deployed the next time the patch task is run.

• New: Enables you to make a new service pack group. For more information see http://help.shavlik.com/Protect/onlinehelp/92/ENU/EN/Creating_and_Editing_a_Service_Pack_Group.htm.
• Edit: Enables you to make modifications to the selected service pack group. Be careful here, because any modifications you make will affect any patch task that references the service pack group. Also, if you edit and save a service pack group that is currently being used by an agent policy, the agents using that policy will be updated the next time they check in with the console.

Service Pack Deployment Process

If an agent machine is missing multiple service packs, only one service pack will be installed at a time. The patch task will begin by initiating the download of all missing service packs. Operating system service packs are downloaded at a higher priority, but whichever service pack gets downloaded first is the one that is first installed. After the service pack is successfully installed, the machine is restarted, rescanned, and the process is repeated until all service packs are deployed or until the daily limit is reached [see theLimit deployments (per day) option].

In addition, each patch task is allotted a 60 minute window to complete the download > install > restart > rescan process. (This is part of a two hour total maintenance window that is allocated for downloading missing service packs and patches.) Only those service packs that are successfully downloaded during this 60 minute window will be installed by the active patch task. If the patch task cannot finish downloading all missing service packs during the 60 minute window, the remaining service packs will be identified, downloaded, and installed the next time the patch task is run.

The downloads occur in the background using idle bandwidth not being used by other applications. Foreground tasks such as Web browsing are not affected by the service pack download process.

If an agent machine becomes disconnected from the network during a file download, the process will be suspended and will automatically resume where it left off when the network is available again. This technique is called checkpoint/restart and is extremely useful for machines that are frequently disconnected.