As new versions of Windows hit the market for both workstations and servers, patching them with Barracuda RMM can sometimes be confusing. As Barracuda RMM emulates Microsoft's Windows Server Update Services (WSUS), what is available in WSUS is available through Patch Management. This brief article will show the best practices to manage your patches for Windows 10/11 and Server 2016 through 2022. Equally, this article assumes that devices are already under a Patching policy in Barracuda RMM and not running under Dual Scan.
Syncing Patches in your Service Center
- Navigate to Patch Management.
- Select Settings.
- Select Synchronization.
- Start by clicking Change on Products and Classifications
- Ensure that Windows is selected for all versions (past, present and future) that will be checked against in your environment.
- The Barracuda RMM Support team recommends that all Windows products be selected, so if Microsoft updates the list, it automatically updates.
- Click Save at the bottom of the list.
- Next, ensure Classifications are set to your environment patching requirements.
- The Barracuda RMM Support team recommends that all classifications are selected but use Automatic Approval Groups for Critical Updates, Security Updates and Updates.
- The Barracuda RMM Support team recommends that all classifications are selected but use Automatic Approval Groups for Critical Updates, Security Updates and Updates.
Managing Specific Windows Versions
First, it should be noted that Barracuda RMM only supports enterprise-level versions of Windows. Devices using Windows 10 Home in any version will be unsupported. It is also imperative to keep up to date with Windows 10 version as the lifecycle per version is two years, and those that fall outside of the End of Life date are also deemed as unsupported. For more information on the lifecycle of your Windows 10 devices, please see https://learn.microsoft.com/en-us/lifecycle/products/windows-10-home-and-pro.
Each Windows version had its unique name and version. For example, Windows 10 can include the May 2021 Update, the OS name. However, the version is 21H1 (OS Build 10.0.19043.x). This is also true of the Windows Server builds where Server 2022 is the OS name, but the version is 21H2 (OS Build 10.0.20348.x). Therefore, each is listed in the Products list with specific build names. It is crucial to ensure you have them selected as above. Furthermore, certain upgrades to Windows 10 (and into Windows 11) might have enablement packages or essential prerequisites.
For Windows 11, follow the same steps from the above section. However, there are a couple of other intricacies to consider.
- Check Devices with the Microsoft Windows 11 Readiness Script
- This script can be deployed via Automation and will give a device-per-device output.
- Enabling TPM 2.0 on devices is a requirement from Microsoft
Denying Windows 11 from upgrading on devices
- Manually set the Windows 11 upgrade patches to declined (this is the simplest and easiest way to manage the version upgrades)
- Create an approval group for devices that do not include the Upgrades category
- Remove the Upgrades category from Patch Management > Settings > Synchronizations
- Remove Windows 11 from the Product list in Patch Management > Settings > Synchronization (this is the least desirable to manage the version upgrade)
Installation Stand Alone Patches or Patches Synced in WSUS
- Go to Automation
- Select Library
- Either Schedule or Run Now
- If a patch requires a reboot, scheduling might be a better option
- Choose Item from Library
- Then select Install Standalone Windows Update From the Web
- Fill in the MSU Download URL
- This can be found in the Microsoft Update Catalog