Overview
In this article, you will learn the things that are important to know when setting up automatic software installation or de-installation using GFI LanGuard features.
Introduction
There are important notes that you may need to consider before enabling and configuring Auto-Remediation options and Patch Auto-Deployment. Studying them will help you to make informed decisions regarding deployment automation settings.
Description
Installing Software
- Always test patches in a test environment before applying them to production systems. Windows patches may work well in isolation, but there is always a possibility for incompatibilities between a patch and other software.
- By default, Microsoft updates are not enabled for automatic deployment. Manually approve each patch (as it is tested) or set all Microsoft updates as approved, if you are making a weighted decision about it.
- When going the manual approval route, check the issues that Microsoft knows about for each patch.
- Keep up with news from third-party patch monitoring sites.
Uninstalling Software
To uninstall software, a three-stage process is required in order to identify whether the selected application supports silent uninstall:
| Stage | Description |
|---|---|
| Stage 1 | Select the application to auto–uninstall. |
| Stage 2 | Ensure that the application supports silent uninstall. Test this by trying to remotely uninstall the application. This is the validation process. |
| Stage 3 | Setup a scheduled audit that will remove the unauthorized application. This is done automatically (using agents) or manually (agentless approach). |
Auto-remediation and uninstallation of unauthorized applications only work with scanning profiles that detect missing patches and/or installed applications.