ZENworks 2020 Update 3 introduces the next generation of patch management. The new ZENworks Patch Management provides:
Faster patch scanning on endpoints
A new patch feed with an actively growing patch catalog of operating system and third-party application patches
Faster support for new platforms and patch content issues
Use of the new Unified Content Management capabilities to stream patch content to Content Servers as patches are needed (ondemand) rather than pre-replicating the content
Automated, periodic cleanup of unused patch content from Content Servers
Improved formatting of patch-related email notifications
Decreased amount of patch data stored in the ZENworks database
Same administrative workflows (Patch policies, Remediation deployments, etc.) for managing your day-to-day patching activities
If You Have Never Used ZENworks Patch Management
If you have never activated ZENworks Patch Management in your system, the new patch management is available immediately after installing Update 3. All you need to do is follow the Getting Started instructions on the Security tab of ZENworks Control Center.
If You Have ZENworks Patch Management
If you have previously activated ZENworks Patch Management, you migrate to the new patch management capabilities after installing Update 3. The current patch capabilities remain in place after the system update, giving you time to ensure that the system update has completed successfully on your Primary Servers and Satellites before starting the patch migration.
The patch migration is necessary because of changes in the patch feed and the Patch agent; improvements in the management of the patches in the ZENworks database and content system; and enhanced processing of patch-related data on Primary Servers through the use of a new Patch service. The migration does the following:
Cleans up all patch-related database entries.
Removes all patch content from Primary Servers and Satellites.
Gives you the option of retaining or removing your Patch policies and Patch configuration settings. Please note that the change in patch feeds has resulted in changes to patch names, patch naming conventions, and vendor names. For example, many patch names now include OS build numbers rather than “Windows 10”, “Windows 11”, “Windows Server 2019”, and so forth. If you retain your Patch policies, the policies are disabled during migration until you edit the policy rules to ensure that the criteria provide the results you are expecting.
After migration, displays the Getting Started page in ZENworks Control Center to help you configure the new patch system, including starting the new Patch service on all Primary Servers.
If You Are Using Older ZENworks Agents
The new Patch agent is backwards compatible with older ZENworks 2017 and 2020 Agents that meet the following requirements:
For Windows managed device, .NET Framework 4.8 or newer is installed. Not all Windows operating systems support version 4.8. Please refer to Microsoft’s .NET Framework system requirements article.
The managed device operating system is supported for patching by ZENworks Patch Management.
We recommend that you upgrade as many managed devices to the ZENworks 2020 Update 3 Agent as possible before migrating. If that is not possible, please consider the following when using older ZENworks Agents:
The reboot prompt for Remediation deployments and Patch policies does not display on devices.
In ZENworks Control Center on the device Patches page, the “Installed by” field will always show “Other” even when installed by ZENworks.
On Windows devices, the new Patch Agent requires Microsoft .NET Framework 4.8 or newer. ZENworks installs .NET 4.8 with the ZENworks 2020 Update 3 Agent if necessary. However, Update 2 and earlier ZENworks Agents only required .NET 4.5. You need to update them to .NET 4.8 for the Patch Agent to work.
If You Are Using the Airgap Solution
An Airgap solution for the new ZENworks Patch Management is not available in this Update 3 release. It will be provided in the next ZENworks release. You need to continue using the current solution until the next release is available.
If You Patch macOS Devices
Please be aware of the following for macOS patching with the new ZENworks Patch Management:
Both patch detection and remediation for third-party applications works for macOS Intel and macOS Silicon.
Patch detection for operating systems works for both macOS Intel and macOS Silicon.
Patch remediation for operating systems DOES NOT work for either macOS Intel or macOS Silicon. This is due to recent changes by Apple that require admin or volume user credentials to be supplied when applying operating system patches. We are currently working on securely providing this capability and expect it to be available within a few months of the Update 3 release. If the current ZENworks Patch Management solution is working for your macOS patching needs, we recommend that you do not migrate to the new solution until we have released the fix.