Managing Windows Versions and Patching
As new versions of Windows hit the market for both workstations and servers, patching them with Barracuda RMM can sometimes be confusing. As Barracuda RMM emulates Microsoft's Windows Server Update Services (WSUS), what is available in WSUS is available through Patch Management. This brief article will show the best practices to manage your patches for Windows 10/11 and Server 2016 through 2022. Equally, this article assumes that devices are already under a Patching policy in Barracuda RMM and not running under Dual Scan.
Syncing Patches in your Service Center
Navigate to Patch Management.
Select Settings.
Select Synchronization.
Start by clicking Change on Products and Classifications
Ensure that Windows is selected for all versions (past, present and future) that will be checked against in your environment.
The Barracuda RMM Support team recommends that all Windows products be selected, so if Microsoft updates the list, it automatically updates.
Click Save at the bottom of the list.
Next, ensure Classifications are set to your environment patching requirements.
The Barracuda RMM Support team recommends that all classifications are selected but use Automatic Approval Groups for Critical Updates, Security Updates and Updates.
Managing Specific Windows Versions
First, it should be noted that Barracuda RMM only supports enterprise-level versions of Windows. Devices using Windows 10 Home in any version will be unsupported. It is also imperative to keep up to date with Windows 10 version as the lifecycle per version is two years, and those that fall outside of the End of Life date are also deemed as unsupported. For more information on the lifecycle of your Windows 10 devices, please see https://learn.microsoft.com/en-us/lifecycle/products/windows-10-home-and-pro.
Each Windows version had its unique name and version. For example, Windows 10 can include the May 2021 Update, the OS name. However, the version is 21H1 (OS Build 10.0.19043.x). This is also true of the Windows Server builds where Server 2022 is the OS name, but the version is 21H2 (OS Build 10.0.20348.x). Therefore, each is listed in the Products list with specific build names. It is crucial to ensure you have them selected as above. Furthermore, certain upgrades to Windows 10 (and into Windows 11) might have enablement packages or essential prerequisites.
Barracuda RMM Support Note
If the approval is changed within 24 hours of the next scheduled patching cycle, the patch may not install until the following scheduled patching cycle. Also, the “Upgrades” classification can be added to an Automatic Approval to be set to install automatically, but the Barracuda RMM support team strongly cautions against this. For more on Enablement Packages, please see the MS article: https://support.microsoft.com/en-us/help/4517245/feature-update-via-windows-10-version-1909-enablement-package for further information.
For Windows 11, follow the same steps from the above section. However, there are a couple of other intricacies to consider.
Check Devices with the Microsoft Windows 11 Readiness Script
This script can be deployed via Automation and will give a device-per-device output.
Enabling TPM 2.0 on devices is a requirement from Microsoft
Denying Windows 11 from upgrading on devices
Manually set the Windows 11 upgrade patches to declined (this is the simplest and easiest way to manage the version upgrades)
Create an approval group for devices that do not include the Upgrades category
Remove the Upgrades category from Patch Management > Settings > Synchronizations
Remove Windows 11 from the Product list in Patch Management > Settings > Synchronization (this is the least desirable to manage the version upgrade)
Installation Stand Alone Patches or Patches Synced in WSUS
We value your feedback.
If you have questions, suggestions, or feedback on our documentation, contact the Campus Product Documentation team.
For general product inquiries or technical support, please contact the global Barracuda Support team.