Patch Management uses Microsoft's Baseline Security Analyzer (MBSA) with the Altiris Inventory and Software Delivery Solutions modules to scan for security vulnerabilities, report the findings, and distribute Microsoft's security patches (downloaded from its site).
The main task is the correct setting up of the Altiris Notification Server that contains inventory and software delivery services. When loading, the wizard checks to see if Internet Information Services and specific versions of Microsoft SQL Server are available. If there is no database, Microsoft SQL Server Desktop Edition is provided.
Next, the agents must be distributed to the clients using the built-in software distribution service and the inventories must be discovered. Clients can be grouped (the process is not as easy as it could be) and it does allow for test configurations.
The server uses MBSA to determine which systems need patching. The clients must have an internet connection to access the Mssecure.cab file or it needs to be downloaded and kept updated. Patching can be done using a browser from any web-enabled device on the network. When deciding which patches are important, the browser can display the latest information from Altiris or Microsoft for help.
The system targets the experienced administrator and requires careful management. A greater degree of polling and automation would be helpful, but it is likely that it will only be part of a larger management framework. This implies the console will be used frequently to check on other parameters that are controlled and monitored by the other modules. This solution is as an integral element of the Client and Server Management Suites. It has an advantage over most point solutions because it integrates with Altiris Recovery Solution, allowing each machine to be backed up before patches are implemented.
