Windows Update

Context

The “Windows Update” feature centralizes, supervises, and automates the deployment of Windows patches across your entire IT infrastructure.

It provides a comprehensive view of the update status detected on each agent via a "Update Status" list, with the option to manually launch installations or exclude specific updates using a blacklist. This exclusion list allows one or more updates to be set aside so they are not deployed automatically.

A deployment history lets you trace all performed updates, whether they originate from the RG agent or third-party tools (such as Windows or other management solutions).

Lastly, a dedicated tab for creating automation rules allows for the scheduling of recurring deployments, thus facilitating proactive maintenance of your Windows environment. This new feature aims to offer precise, secure, and automated control of the update lifecycle on your devices.

Access

To access the “Windows Update” feature:

1. Select the node or agent on which you wish to manage Windows updates.

2. In the left-hand menu, navigate to the “Action” section.

3. Click on “Windows Update” to open the Windows update management interface.

View Windows Updates

The "Update Status" page is the central hub for viewing available Windows updates on the agents in your network. It provides a detailed, clear, and up-to-date overview of all detected updates, whether on a specific agent or globally from a node.

Available actions include:

• Targeted or Group Deployment: Select one or more updates to initiate their installation. The deployment process can be tracked in real time until completion, after which the update is automatically added to the history.

• Blacklist: Exclude one or more updates to prevent their automatic deployment, while still having the option to reintegrate them later.

• Multi-selection: Increase efficiency by applying actions (deployment, blacklist) to several updates in a single operation.

• Direct Access to Automation Rules: View and adjust automatic deployment rules from the same interface to dynamically adapt your patch management strategy.

Exclude Windows Updates

The "Blacklist" page allows you to view and manage all Windows updates excluded from automatic deployment.

It plays a key role in controlling patch distribution by allowing you to temporarily or permanently pause certain updates deemed non-priority, unstable, or incompatible with your environment.

The blacklist is based on an intelligent inheritance system :
Each agent inherits the configuration defined at the root of the hierarchy by default. However, this inheritance can be disabled at any level (node or individual agent), enabling the creation of a specific blacklist for a particular context. This provides maximum flexibility in managing exclusions, taking into account the technical or organizational needs of each segment of your infrastructure.

Main available actions on this page include:

• Disable inheritance to customize the blacklist locally.

• Remove an update from the blacklist to make it eligible again for automatic deployment.

• Multi-selection for efficiently managing multiple updates in one go.

The "Blacklist" page is designed to give you fine-grained, contextual control over your update strategies while ensuring overall consistency in your patch management.

⚠️ Important:

To ensure Windows updates are not carried out locally on your machines, please execute the following scripts on the relevant agents:

• Disable Windows Update via Local GPO

• Check Local Windows Update GPOs

These scripts apply GPOs (local or domain group policies). Implementing GPOs is mandatory to prevent automatic update deployments on workstations. Without this configuration, Windows will continue to launch updates autonomously.

Accessing scripts in RG :
Action > Custom Script > Create a Custom Script > Script Library > Community data-start There, you’ll find templates for the two scripts to apply.

Note :
If domain-level GPOs are already applied, they will override the local GPOs configured by these scripts.

Windows Update History

The History page allows you to view all Windows updates effectively deployed on your machines. Accessible from a node or a specific agent, it offers complete traceability of all patch deployment actions, whether performed by the RG agent or a third-party tool.

Each detected and installed update is recorded in the history, along with key data to ensure fast and relevant analysis :

• Update severity (important, optional, critical, etc.)

• Deployment date

• Update type (security, cumulative, feature, etc.)

• Unique update ID

• Deployment source : via the RG System agent or a third-party source (such as Windows Update or another patch management solution)

This page serves as a reliable and centralized reference for validating deployments, verifying machine compliance, and facilitating security audits. The history is an essential tool for maintaining a precise record of all update-related actions, regardless of the source.

Automation Rules

The Automation Rules page centralizes all automatic Windows update deployment rules configured on a node or specific agent. It simplifies the viewing, editing, or creation of automation rules directly from the update management interface.

This feature allows you to implement an effective and tailored deployment strategy for your infrastructure by scheduling update installations according to precise criteria:

• Update type (software or driver)

• Severity (optional or critical)

• Agent type (workstation or server)

• Frequency : one-time or recurring, depending on your network needs

With this interface, you ensure continuous and controlled compliance while reducing the operational load of manual patch management.

This new dedicated view complements the standard access via the dashboard menu :
Configuration > Automation, offering quicker and more intuitive contextual navigation when analyzing or managing Windows updates.