This document is intended to provide insight for end users and supported departments on the operating system and application patching process, including scheduling, communications and preparation that may be taken by the end user. Policies and regulations on security requirements at the university can be found at the Endpoint Protection Standard web page  

 

 

 

Information

 

The NC State Endpoint Protection Standard requires university-owned computers to be joined to a Configuration Management System (CMS) that manages updates to the operating system, anti-malware, and other required software. 

 

Patch Schedules

If you are concerned that updates may cause problems with your machine's ability to function, or interfere with the work that you do, it is important that you:

1.) Follow communications sent from the OIT Managed Desktop Service,

2.) Use the information to install the updates yourself, when that option is available, or work with OIT to have us install it for you.

3.) Discuss individual use cases or business needs and we may be able to offer alternatives to accommodate your needs.

The Active Directory Tech group and OIT conduct testing on some types of updates to identify and remediate the most common issues. Users who are concerned about problems caused by updates should take an active role in learning patching schedules, joining patching lists, follow news about the operating systems and new releases, and take advantage of self-service options to run updates at their own leisure when available.  

 

Windows 

• Reference: Microsoft Patch release information

 

macOS 

• OIT Managed Desktop Service customers using Macs currently have full control over installing all updates except for applications installed from the Apple App store (iLife, iWork, etc.), and software we patch, e.g. Firefox, Chrome, Microsoft Office, Acrobat Pro.  These updates do not require a full system restart.
• Recommendation - To have the best control of the software update experience, install the updates as soon as you are able. 

 

Communication

• Full version operating system updates and application updates for OIT provided applications will be communicated during the LANTech meeting or via the LANTech Google Group. Examples: Windows, Office Suite, Acrobat, Managed Desktops
  • Local LANTechs are expected to communicate this to users who may be affected. 
• For other application updates, these are typically handled via the application and software vendors may automatically update their products on their own timetables (for example, Firefox or Chrome).
  • These updates are unrelated to the OIT management process via a CMS.

 

Software Updates by Operating System

There are multiple types of updates and each category has different behaviors. Depending on the operating system, there can be full, variable, or minimal control of when they are deployed. However, in the OIT Managed Desktop environment advance notice will be provided in most cases for the ones that force a reboot. Processes and policies do sometimes differ depending on the operating system installed. 

Choose your operating system to learn about the specifics of the type of updates for each OS.

• Apple macOS Software Updates and Patching
• Microsoft Windows Software Updates and Patching

 

 

 

Escalation

 

Any questions on process or content contained in this document should be escalated through the NCSU Help desk and a have an incident assigned to the OIT_DESKTOP_SUPPORT team. 

 

 

Related Documentation

 

https://policies.ncsu.edu/rule/rul-08-00-18/

https://msrc.microsoft.com/update-guide/

https://ncsu.service-now.com/sp?id=kb_article&sys_id=d634893fdb0e7b402fa0791c8c961986

https://ncsu.service-now.com/sp?id=kb_article&sys_id=61388137db4e7b402fa0791c8c961912

 

 

 

Title: Software Updates and Patching in the OIT Managed Desktop Environment