Software Patch is a tool to create policies for third-party app patches. You can apply these policies to install or update third-party applications on selected endpoints. You can also specify whether or not Splashtop manages third-party application scans, updates or requires reboots based on a schedule.
Supported Subscriptions
- Splashtop w/ Endpoint Management add-on* (Remote Support license required)
- Splashtop Enterprise w/ Endpoint Management add-on* (Remote Support license required)
Requirements
- Remote Side: Windows 8 and up; Streamer v3.7.2.0. and up.
- Only team Owners and Admins have the ability to configure Software Patch policies.
Software Patch Policies
Creating Policies
You can create a policy which covers Software Patch in your web console under the Management tab → Endpoint Policies
Select Create Policy, edit the policy name (up to 64 characters) and description (up to 256 characters), select a Platform (currently only available for Windows) and choose a Parent.
NOTE: It is not possible to create multiple policies with the same name.
Policies can be created as enabled or disabled. Click on Create.
Creating Child Policies
To create a child policy, choose a Parent Policy when creating a new policy, or select the parent policy and, in the right-side options, select Create Child Policy.
Editing Policies
To edit existing policies, select Edit.
The options on the General tab can be classified into four sections.
Scan Schedule
This option allows you to create one or more fixed or routine scan schedules.
You can choose Daily, Weekly, or Monthly by clicking on the selector, and then set up a scan interval or time.
Update Schedule
This option allows you to configure update schedule(s) for the patch agent.
New Computer
This option ensures that the patch agent on a newly onboarded computer will initiate a scan or update immediately if the box is checked.
Reboot Options (if required)
This option allows you to specify how the patch agent should reboot the computer, if necessary.
On the Software tab, you can choose the software you wish to manage and configure the relevant options. Only the following software are supported with the current version:
- Splashtop Business App
- Browsers (Google Chrome/ Microsoft Edge/ Mozilla Firefox)
- Google Drive
- Adobe Reader
Click the "Add Software" button to choose the software you want to manage from the dialog that appears. Multiple selections are possible.
There are different ways to assign policies to computers and groups. First, from the Endpoint Policies page, click on the policy and select Assign Group and Computer. Select the group and click on Assign.
Assign Policy to a Computer
The default setting of each computer is to "follow the group policy".
Individual computer policies can be edited / overridden. To do this, go to the Computers tab, and on the device you want to assign a policy to, click on Properties.
Next to the policy, click on Edit and select a Policy. Additionally, policies can be assigned in Computers → Properties.
Assign Policy to a Group
To assign a policy to a group, go to Management → Grouping. Create or edit a Computer Group and select the policy.
Editing Policies
To edit existing policies, select Edit.
When deleting a policy, the associated group's policy will roll back to the team Default Policy and its associated computers will fall back to "Follow Group".
All overrides on Computers will be deleted.
NOTE: Parent Policies with child policies cannot be deleted.
Management
In this context, an "update opportunity" refers to a new update that managed software on a managed computer can either upgrade to during the scan or has already been assigned.
A new update opportunity will be created when
- The patching agent on the computer finds a new version update during the scan.
- The patching agent is notified that the pre-approved version of the patch policy is changed and the current installed version is lower than the new approved version.
You can manage all the opportunities from the web console, under Management > Software Patch.
An opportunity at a time may be in one of these states: Pending, Approved, Failed, Installed and Rejected.
- Each opportunity keeps a record of state changes.
- The Installed state is the end of an opportunity lifecycle.
- For an opportunity that never reaches the Installed state for any reasons, you can set it to the Rejected state to ignore it.
The Pending tab
All opportunities with a state of "pending" that were created within the selected time frame are displayed on this tab.
For each pending opportunity, the actions can be taken are: Approve or Reject.
- When a pending opportunity is approved or rejected, it is moved to the other tabs.
- Once a pending opportunity is approved or rejected, it will never be reverted to the pending state.
You can click on any opportunity to take an action, then click on the Actions dropdown to select Approve or Reject.
The Approved tab
All opportunities with a state of "approved" that were created within the selected time frame are displayed on this tab.
For each approved opportunity, the action can be taken is only: Reject.
-
When the scheduled update is up, all the approved opportunities will start to update.
-
When an approved opportunity is rejected, it is moved to the Rejected tab.
Click on any opportunity to take an action, then click on the Actions dropdown to select Reject.
The Failed tab
All opportunities with a state of "failed" that were created within the selected time frame are displayed on this tab.
For each failed opportunity, the actions can be taken are: Approve or Reject.
-
When a failed opportunity is approved or rejected, it is moved to the other tabs.
Click on any opportunity to take an action, then click on the Actions dropdown to select Approve or Reject.
The Installed tab
All opportunities with a state of "installed" that were created within the selected time frame are displayed on this tab.
There is no action can be taken on an installed opportunity since it has reached the end of it’s life cycle.
The Rejected tab
All opportunities with a state of "rejected" that were created within the selected time frame are displayed on this tab.
For each rejected opportunity, the action can be taken is only: Approved.
-
When a rejected opportunity is approved, it is moved to the Approved tab.
Click on any opportunity to take an action, then click on the Actions dropdown to select Approve.
When clicking on the Approve item on the menu popped by the dropdown button Action(s), it pops up the dialog displaying the options regarding the Approve action.
Select the versions you wish to use as the pre-approved versions for the selected policies. Then click on Confirm button to save the changes. Or click on Cancel button to close the dialog.
The Software Patch logs are collected under Logs > History. These logs are generated when the user clicks on the Save button on the Edit Policy page. All the changed items on the Software Patch tab generate logs one by one.
Main Scenarios
This scenario is to install a software on a computer if it is not installed. Three different policies are listed in below:
- Policy 1: The pre-approved v0.9 will be installed and moved to the Approved tab after scan.
- Install if not present: Yes
- Pre-approved version: v0.9
- Approve new version: any
- Policy 2: The latest version v1.0 will be installed and moved to the Approved tab after scan.
- Install if not present: Yes
- Pre-approved version: --
- Approve new version: any
- Policy 3: The installation will be skipped since 'Install if not present' is set to No.
- Install if not present: Yes
- Pre-approved version: v0.9
- Approve new version: any
This scenario is usually used to ensure that the software version on managed computers is higher than a specific version number when vulnerabilities are addressed in that version. The pre-approved v0.9 will be installed and moved to the Approved tab after scan if the installed version is v0.8.
To manage software installations when a new update is released, you can create the following policies to determine whether to automatically approve or manually approve the new version.
- Policy 4: The latest version v1.0 will be installed and moved to the Approved tab after scan.
- Install if not present: any
- Pre-approved version: <=v0.9
- Approve new version: Auto
- Policy 5: The task will be moved to the Pending tab after scan.
- Install if not present: any
- Pre-approved version: <=v0.9
- Approve new version: Manual
You can implement ring updates by creating multiple Software Policies to categorize devices into different groups that receive updates at staggered intervals, allowing for more effective control over the rollout process. This approach ensures that updates are thoroughly tested before being widely deployed across all managed computers.
Use the policy inheritance for easier management.