OS Software Updates

Stay Patched with FileWave

Keeping your Windows, macOS, iOS, and tvOS device's operating systems updated is one of the most important steps to ensuring device security. FileWave sync with the default Microsoft and Apple Software Update catalogs allowing you to bring in all updates, test them, and then automatically deploy the requested Software Updates to machines.

Automatic Software Update deployment

Using FileWave to automatically deploy Software Updates to requesting machines is the easiest and recommended method of deploying updates to your various devices. After "Approving" a Software Update, FileWave will determine if the update is eligible for your devices and automatically deploy it on your behalf.

• Open FileWave Central and navigate to "Software Updates" on the left.
• Select the desired Operating System from the drop-down menu. As you can see in the below image, Windows is selected. Also notice that Requested Only is checked so as to limit the view to only updates devices believe that they need. Note also that No fileset is selected which further limits what is being shown so that my list of actionable updates is very short.
• Now you can select one or all of hte updates and right-click to pick Create Filesets... and then pick where you want these updates to appear as far as what Fileset Group they are stored in. It makes a lot of sense to have a Fileset Group in the Filesets area specifically for Windows and then another for Apple updates. 
• If you would like the updates to automatically deploy when created then just create a Deployment that assigns the Fileset Group to a Smart Group like All macOS or All iOS or All tvOS or All Windows so that as soon as you create them they are assigned. If you would like to do testing first then you could create the patches in a Fileset Group that is for testing and then later move them to the production Fileset Group.
  

Note that you want to avoid assigning Windows OS updates to pre-16.0.0 clients because they will not function correctly. You can simply add a criteria to your All Windows SmartGroup to check if the "FileWave Client Version" begins with "16." and that would protect you until you can work to upgrade all of your devices.

Also note that Windows OS updates from before FileWave 16 should be purged from your server to free up disk space, and because they will not function correctly. This transition from the old format to this new format should be a one-time exercise to remove the old style of Windows OS updates and ensure your clients are upgraded to FileWave 16.0 or higher.

• "Update Model" to save the changes.

It should be noted that you don't have to make everything so clean as to seperate out the patches by platform. There was another enhancement in FileWave 16.0 where even if a patch was assigned to a device it would be skipped if it didn't apply. You can see this below as the "Ignore non applicable Software Update Filesets" checkbox. When checked you will only see the updates that were applicable. Deselecting it will show the patches that didn't apply but have a Deployment that assigned them. 

Manually deploy Software Updates with Scheduling

FileWave can also deploy Software Updates just like any other Fileset and allow you to schedule the deployment of the Software Update Fileset.

1. Open FileWave Central and navigate to Deployments on the left hand side of the window.
2. Create a new Deployment that contains your Windows or Apple patches and for the target use a Smart Group that is your Windows or Apple devices. You may have already done this earlier, and if you have this already then you can just edit that Deployment.
3. In the Properties for the Deployment you will see on the Options tab that you can decide when to Activate (Install) the patches. You can also set a Reboot deadline. If you re-use this Deployment for monthly patches then know that you'll need to keep changing these dates or else new patches will immediately be past their deadline after enough time passes. 
4. "Update Model" to save the changes.

Windows BIOS/UEFI Firmware and Driver Updates

The latest Windows Software Update filesets now include BIOS/UEFI firmware updates from certain OEM vendors (e.g., Dell, HP, Lenovo). While these updates may appear alongside OS patches, please be careful when deploying. 

The latest Windows Software Update filesets now also includes third-party driver updates, such as those for monitors, audio devices, and peripheral hardware. While these updates can improve compatibility and stability, they often have the following impact:

• Many of these drivers require a reboot to complete installation.
• Automatic deployment may result in unexpected restarts, potentially disrupting end-user workflows.

To maintain a smooth user experience and prevent unplanned reboots, you may want to deploy driver updates via Self-Service Kiosk instead of automatic enforcement.

Next Steps

Now that you have the basics you may want to dig deeper and read the Best Practice Guide: Software Update Deployment (16.0+) to implement more processes to make your patching effective and efficient.

Related Content

• Best Practice Guide: Software Update Deployment (16.0+)