I'm testing the patch management at the moment but things haven't gone too well. My requirements were to preinstall a list of choco software onto the machine and to keep it updated. I'm not expecting a full featured patching system.
For the test I've used a clean windows 11 pro VM.
1. The main issue is that there appears to be no retry logic, if a package fails (for example visual studio which requires some other prerequisites to be installed first, or because windows reboots do to an update process) then that's it. Its not smart enough to install to the others and then reboot/retry. There's also no option in the dashboard to reinstall a failed package manually. I ended up manually rebooting and running the choco installers manually in powershell.
2. If reboots are required then the installer appears to just list things as pending instead of rebooting.
3. On a new machine windows may update and reboot at any point in the install which will cause the above issues.
4. I can see no patch update schedule or report option to show failures. When do the packages update?
In short I can't see how this can be used to install software onto new PC's without the retry/reboot logic and I can't see that it's particularly useful for patching existing machines without at least a failure report.
Hey. great questions. So I want to take a moment to clarify a few things. Our Patch Management feature is for the operating systems only. Our patch management does not have currently patch third party or applications.
Sounds like you are referring to the Software Management feature. Which, for windows, uses the Chocolately community repository in order to provide installations and updates. So whatever is on the community repo is what will/should be installed on the machines correctly. This isn't aimed to be a patch management solution for applications, merely an avenue to install applications and to keep them updated when they are verified on the community repo. You can create your own private repo and use that to upload packages as well. This is a great way to version control and to have internal testing before deploying applications to your fleet.
To your other point, you are correct. The software management will attempt to try to install the software and there is a queue of about 10 minutes before it gets flushed out. If the system is offline or to your point it fails the installation, it will not attempt to reinstall. This is to avoid any type of issues where application installations just continue to retry, causing performance impacts globally.
We are continuously working on ways to improve the Software Management capabilities of our platform and would love to hear more about suggestions. Please feel free to submit a feature request so we can have those very valid points looked into 🙂
It seems like there are three possible uses.
1. Install new PC
- Not possible without reboot support, and/or retry logic. I've tested this comprehensively, its just not suitable.
2. Add software to existing group of pcs.
- Not possible without support for offline devices (retry logic again.)
3. Update existing group of PC's.
- Not if offline devices don't updated when switched on (maybe the checks are performed by the agent when it starts up?)
I assume you are using this in your own offices, I'd be interested to know how you're getting around these problems.
Hi, I want to know why JumpCloud Patch Management do not updates 3rd softwares installed on laptops.
I have example like Faronics, he updated all softwares and Windows updates latest version.
Could you help me to understand why solution don´t do that?