This site requires JavaScript to be enabled

Software Updates and Patching in the OIT Managed Desktop Environment

9220 views

10.0 - Updated on 2025-06-02 by Therman Cherry

9.0 - Updated on 2024-10-15 by Darrick Bremner

8.0 - Updated on 2024-05-07 by Darrick Bremner

7.0 - Updated on 2024-04-11 by Therman Cherry

6.0 - Updated on 2023-06-05 by Darrick Bremner

5.0 - Updated on 2022-07-19 by Darrick Bremner

4.0 - Updated on 2022-06-03 by Darrick Bremner

3.0 - Updated on 2022-06-03 by Darrick Bremner

2.0 - Updated on 2021-07-26 by Chadwick Seagraves

1.0 - Authored on 2019-06-20 by Chadwick Seagraves

This document is intended to provide insight for end users and supported departments on the operating system and application patching process, including scheduling, communications and preparation that may be taken by the end user. Policies and regulations on security requirements at the university can be found at the Endpoint Protection Standard web page  

 

Table of Contents

 

 

Information

 

The NC State Endpoint Protection Standard requires university-owned computers to be joined to a Configuration Management System (CMS) that manages updates to the operating system, anti-malware, and other required software. 

 

Patch Schedules

If you are concerned that updates may cause problems with your machine's ability to function, or interfere with the work that you do, it is important that you:

1.) Follow communications sent from the OIT Managed Desktop Service,

2.) Use the information to install the updates yourself, when that option is available, or work with OIT to have us install it for you.

3.) Discuss individual use cases or business needs and we may be able to offer alternatives to accommodate your needs.

The Active Directory Tech group and OIT conduct testing on some types of updates to identify and remediate the most common issues. Users who are concerned about problems caused by updates should take an active role in learning patching schedules, joining patching lists, follow news about the operating systems and new releases, and take advantage of self-service options to run updates at their own leisure when available.  

 

Windows 

Software updates for Windows endpoints follow the policies detailed in the Patching Policy for NC State Active Directory (AD). If you have detailed questions, please read the information provided on that page. In general, patches for Windows are applied on the 2nd Tuesday of each month.
 

 

macOS 

Software updates for Apple endpoints follow the Apple Security Update release process. Unlike the process for Microsoft updates, which are released according to a regular monthly schedule, there is no regular schedule for Apple products. On average, they release some sort of update every 56 days.
 
  • OIT Managed Desktop Service customers using Macs currently have full control over installing all updates except for applications installed from the Apple App store (iLife, iWork, etc.), and software we patch, e.g. Firefox, Chrome, Microsoft Office, Acrobat Pro.  These updates do not require a full system restart.
  • Recommendation - To have the best control of the software update experience, install the updates as soon as you are able. 

 

Communication

  • Full version operating system updates and application updates for OIT provided applications will be communicated during the LANTech meeting or via the LANTech Google Group. Examples: Windows, Office Suite, Acrobat, Managed Desktops
    • Local LANTechs are expected to communicate this to users who may be affected. 
  • For other application updates, these are typically handled via the application and software vendors may automatically update their products on their own timetables (for example, Firefox or Chrome).
    • These updates are unrelated to the OIT management process via a CMS.

 

Software Updates by Operating System

There are multiple types of updates and each category has different behaviors. Depending on the operating system, there can be full, variable, or minimal control of when they are deployed. However, in the OIT Managed Desktop environment advance notice will be provided in most cases for the ones that force a reboot. Processes and policies do sometimes differ depending on the operating system installed. 

Choose your operating system to learn about the specifics of the type of updates for each OS.

 

 

 

Escalation

 

Any questions on process or content contained in this document should be escalated through the NCSU Help desk and a have an incident assigned to the OIT_DESKTOP_SUPPORT team. 

 

 

Related Documentation

 

https://policies.ncsu.edu/rule/rul-08-00-18/

https://msrc.microsoft.com/update-guide/

https://ncsu.service-now.com/sp?id=kb_article&sys_id=d634893fdb0e7b402fa0791c8c961986

https://ncsu.service-now.com/sp?id=kb_article&sys_id=61388137db4e7b402fa0791c8c961912

 

 

 

Title: Software Updates and Patching in the OIT Managed Desktop Environment
Service: IT Service Delivery & Support
Template if applicable: N/A
Assignment Group(s): OIT_DESKTOP_SUPPORT
Document Owner: OIT_DESKTOP_SUPPORT
Available Priorities: Medium, Low 
Keywords: OIT Managed Desktop Service, updates, application patches, when is my computer updated, when is my computer patched, how is my computer updated, how is my machine patched, patching schedule, operating system updates, when is my operating system updated, Mac, Apple, Microsoft, Active Directory,  application updates, operating system updates, operating system upgrades, application upgrade, software updates, software patch, software patching,  Software Updates and Patching in the OIT Managed Desktop Environment
Revised by Therman Cherry
Last modified 9 months ago