How do I setup Patch Management for Adobe?
Begin with the Adobe PMImport.
- Console > Manage > Manage Jobs and Tasks > System Jobs and Tasks > Software > Patch Management > Adobe Patch Management Import.
- Running this will populate the Patch Remediation Center and allow for interaction with Adobe Updates and Update Policy creation.
- Advisory: Import for Microsoft must be ran at least once to populate the tables in the database with needed data. Then run the Adobe Import.
Ensure the Adobe Vendor Policy > Policy and Package Settings tab - 'Assign packages to' is configured properly.
- Console > Settings > All Settings > Software > Patch Management > Adobe Settings > Adobe
- Ideal settings are either 'All Package Servers' or 'Package Servers Individually' and enable the select Package Servers for deploying Adobe Updates.
Deploy Adobe Updates through the Patch Remediation Center
- Console > Actions > Software > Patch Remediation Center.
- Use the 'Vendor:' dropdown to display Adobe Systems. That will populate the Adobe Updates.
- Right-click and Stage the updates to be rolled out
- This process will download the file from Adobe and bundle it with our install files to create the Update Package.
- Right-click and select the Software Update Policy Wizard.
- This process will walk through Update Policy creation. Select the Filter to target with the policy and display the updates that will be rolled out.
- This Policy will roll out the Update Package to the targeted Filter of machines.
- You may set the Software Update Cycle for those packages on this Policy under the Package Options, but there are some scheduling items to be aware of. These are outlined on kb.altiris.com in article 46622.
Ensure the Adobe Vulnerability Analysis Policy is returning Adobe Inventories on a proper interval.
- Console > Settings > All Settings > Software > Patch Management > Adobe Settings > Adobe Vulnerability Analysis Policy.
- That should be set to run 4 hours and 'Only if Changed'
Setup the Schedule to execute the Adobe Update Packages
- Console > Settings > All Settings > Software > Patch Management > Agents/Plug-ins > Software > Patch Management > Windows > Default Software Update Plug-in Policy.
- This targets, by default, all Windows Computers with the Software Update Plug-in Installed.
- To control which machines have the Software Update Plug-in installed just below that policy, in the left pane tree, select the Software Update Plug-in Install Policy.
- By default, this Plug-in Install Policy will target All Windows Computers without Software Update Plug-in Installed.
- Delete the default Filter and add a custom Filter if desired, for that will help to control what machines are updated in your environment.
Questions concerning Adobe Updates deployed through Patch Management: KB 53225.