Software Managed Patching

Software Managed Patching

On October 12, 2023, ITS will begin automatically pushing software patches to nearly all Smith-issued computers* on a weekly basis. This process is known as managed patching. 


Software patches are small updates that improve functionality, fix bugs, or address security issues. The managed patching will include minor updates for operating systems (not major version upgrades); browsers that are supported for campus use; and a few other software tools that are widely used across the college. Note that academic software is rarely updated while classes are in session, except in cases where there is an urgent security issue to be addressed. 


As part of the managed patching program, you will need to leave your computer powered on and plugged in (not necessarily logged into your Smith account) every Wednesday evening so the updates can be completed between 1:00 am and 5:00 am on Thursdays. The patches may require a computer to automatically restart, so all work should be saved on Wednesdays at the end of your work day. Please be aware that for some computers, the first few automated software patches may require multiple restarts, so please plan accordingly. 


[*The only exceptions are research computers supported by the CATS group in the Science Center, and specifically those computers identified in advance by CATS as being used for research. These computers will roll into the automated patching program at a later time this academic year, via timing and processes to be determined and mutually agreed upon in coordination with Science Center partners.]

Software Managed Patching FAQs


Q. What happens if I forget to leave my computer on and plugged in on a Wednesday?

Computers that are off during the update window (Thursdays between 1 and 5 am) will receive the patches the next time they are turned on. The patches will automatically download at that time; if they require a reboot for installation, as some patches do, you will be prompted to reboot. If you choose to not reboot at that time, the patches will be installed the next time the computer is restarted.

Q. What if my computer is off campus on Wednesday nights/Thursday mornings? 

The patching process will occur whether the computer is on campus or off campus as long as the computer is powered on and plugged into to power. Computers that are off campus do not need to be connected to the VPN (Ivanti). 

Q. What operating systems, browsers, and enterprise applications are part of the automated patching program?

Operating systems 


Browsers


Enterprise applications


All academic software will be updated between semesters, except in cases where there is an urgent security matter to address. These dates will be communicated via eDigest.


Q. Will this process automatically upgrade my computer to new versions of software?

No, this process only applies updates within a given version of software. So for instance, if your computer is running on Windows 10, this process would apply any updates to Windows 10 but would not move you to Windows 11. If your operating system is older (has a smaller number) than Mac OS 11 or Windows 10, it will need to be updated to the most recent version before automated patching can begin. ITS will reach out directly to people whose devices cannot support an updated operating system.

Q. What computers are included in the program?

The first phase of the program includes all Smith-issued computers, such as desktops or laptops that are used for day-to-day operations. Exceptions include computers designated as research or special use computers, such as all Science Research Labs. These computers will be reviewed to determine if they require a custom update schedule due to the unique requirements of the programs they run. They will be added to the patching program in later phases.

If you manage a computer that you believe requires a custom update schedule, please submit a ticket to ithelp@smith.edu with a request for consultation.

Q. Is there anything I need to do to prepare for this process?

No, there is nothing you need to do, other than remember to leave your computer on and plugged in. If you have not recently updated your operating system, you may notice a number of changes after the initial patches have automatically been deployed. If you have a laptop, it is okay for the laptop lid to be closed, as long as the laptop is plugged and and is connected to a network at the time you close it. 

Q. Does this mean ITS is reviewing the contents of my computer?

This is an automated process and ITS staff do not look at the contents of local machines as part of the patching process.

Q. Are there any changes being made to my computer in support of the new managed patching environment?

ITS will be uninstalling the existing KACE client on all Windows computers and replacing it with Microsoft EndPoint Configuration Manager client. There will be no change to Mac computers.

Q. I have set my computer to go into sleep mode every night. Do I need to change that?


No, you do not need to do anything. As computers now need to be available for automated patching every week, sleep mode has been disabled. You can manually power down your computer on other nights. 


Q. Why is ITS making this change?


While the standard configuration for Smith-issued computers has been to allow automatic updates, moving to a managed patching environment provided several benefits. First, it allows us to ensure that all Smith-issued computers are receiving and processing appropriate security patches and are thereby better protected against threats. It also allows ITS to run a standard set of tests against the updates before deploying them to our computers, helping to ensure smooth patching. Finally it allows us to respond more quickly when large scale threats are identified.