Overview
This article describes all the built-in tasks available in JetPatch.
These tasks are the core automation units used by JetPatch workflows to perform patching operations, endpoint health checks, WSUS management, and more across Windows, Linux, SUSE, Solaris, and AIX environments.
Tasks are grouped into 8 categories below. Each task entry includes its name and a description of what it does. Tasks marked as Internal are typically triggered automatically by JetPatch workflows; others may also be run manually by an administrator.
| Category | # Tasks | What It Covers |
|---|---|---|
| WSUS & Windows Update Tasks | 13 | Sync, group management, approvals, WUA reset, WSUS-Less registration |
| Notification, Reboot & User Interaction | 6 | Interactive reboot, patching notification, forced reboot per OS |
| OS Upgrade - SUSE | 2 | Service Pack upgrade and rollback for SUSE Linux |
| Endpoint Health & Communication | 8 | 24hr check, system status, endpoint readiness per OS |
| Master Scripts | 2 | Windows and Linux master orchestration scripts |
| Patch Installation & Update Collection | 14 | Patch install per OS, update collection per OS, AIX NIM updates |
| Network, Repository & Configuration | 3 | CentOS 6 Vault repo, IPv6 disable for Windows and Linux |
| Diagnostic & Check Tasks | 9 | License, execution policy, reboot checks, WUA diagnostics, CentOS epoch |
| Total | 57 | Windows, Linux (RHEL/CentOS/Ubuntu/Debian/SUSE), Solaris, AIX |
WSUS & Windows Update Tasks
These tasks manage the integration between JetPatch and Windows Server Update Services (WSUS), including group synchronization, update retrieval, approval management, and Windows Update Agent (WUA) maintenance.
For more details :
| Task Name | Description |
|---|---|
| WSUS Synchronize between Primary and Replicas |
Ensures that all changes made to WSUS Computer Groups or endpoint assignments on the Primary WSUS server are fully synchronized to all Replica WSUS servers. It is critical in environments with multiple WSUS servers, as it guarantees that group membership and update approvals are consistent across the entire WSUS hierarchy. JetPatch uses this task to confirm that after any group or assignment change, all Replicas reflect the new state before proceeding with patching or compliance checks. If synchronization fails, endpoints may appear out of sync or patching may be delayed. |
| WSUS Group manipulations |
Manages the lifecycle of WSUS Computer Groups. It creates new groups, renames existing ones, or deletes groups in WSUS to match the structure of JetPatch Smart Groups. This is essential for dynamic grouping, as JetPatch relies on WSUS groups to target endpoints for patching. The task ensures that any change in JetPatch's group logic is reflected in WSUS, maintaining a one-to-one mapping between Smart Groups and WSUS groups. |
| WSUS get updates |
Queries the WSUS server for the full list of available updates, including metadata such as KB numbers, categories, and approval status. It can run in diff mode (fetching only new/changed updates) or full mode (fetching all updates and cleaning up removed ones). The results populate JetPatch's patch catalog, enabling accurate compliance reporting and patch selection for remediation plans. |
| wsus get update summaries per group |
Collects summary statistics for each WSUS Computer Group, such as how many endpoints in the group need a specific update, how many have installed it, and how many failed. This data is used to display group-level compliance dashboards and to prioritize patching actions for groups with the highest risk or lowest compliance. |
| wsus get update summaries per computer |
Retrieves detailed update status for each individual endpoint from WSUS. It records which updates are installed, missing, failed, or pending a reboot. This granular data is essential for per-endpoint compliance tracking, troubleshooting patch failures, and generating audit reports. |
| wsus get groups and computers in group |
Queries WSUS for the current list of Computer Groups and the endpoints assigned to each group. JetPatch uses this information to verify that endpoints are in the correct groups according to Smart Group logic, and to detect any discrepancies that might require corrective action such as reassigning endpoints. |
| WSUS client synchronization with WSUS server |
Triggers a forced synchronization on the Windows Update Agent (WUA) of an endpoint, making it immediately contact the WSUS server to refresh its list of available updates and group memberships. This is especially important after group or approval changes, ensuring the endpoint is aware of its new patching context without waiting for the next scheduled sync. |
| Sync approval status with WSUS |
Synchronizes the approval status of updates between JetPatch and WSUS. Ensures that JetPatch's internal records match the actual approval state in WSUS (e.g., Approved, Not Approved, Declined), which is critical for accurate patch targeting and compliance reporting. |
| Reset WUA Authorization for WSUS (PowerShell) |
Runs a PowerShell script on a Windows endpoint to reset the Windows Update Agent's (WUA) authorization and registration with WSUS. Used to fix issues where the agent is not communicating properly with WSUS, often by clearing configuration and forcing a re-registration. |
| Reset WUA Authorization for WSUS | Resets the WUA's authorization with WSUS using a Batch script or command-line method. Used for troubleshooting stubborn WSUS communication problems where the PowerShell method is not suitable. |
| Register Windows Endpoint to Microsoft Update (WSUS-Less) |
Configures a Windows endpoint to use Microsoft Update directly, bypassing WSUS entirely. Used in WSUS-less environments where JetPatch manages patching without a local WSUS server. The task updates registry settings and Windows Update configuration to point to Microsoft's public update servers. |
| Assign or Remove Endpoint(s) to/from WSUS Group(s) |
Assigns endpoints to the correct WSUS Computer Groups or removes them from groups they no longer belong to, based on JetPatch Smart Group logic. Ensures accurate targeting for patching and compliance. |
| Advanced WUA reset |
Performs a deep reset of the Windows Update Agent, including stopping services, clearing update caches, re-registering components, and restoring default settings. Used to fix persistent or complex WSUS/WUA issues that cannot be resolved by the standard reset tasks. |
Notification, Reboot & User Interaction
These tasks handle end-user notifications before patching and rebooting all supported operating systems, both interactively (with a user dialog) and non-interactively (forced).
| Task Name | Description |
|---|---|
| Windows Patching Notification |
Displays a notification to the logged-in Windows user before patching begins. The notification informs the user that updates will be installed soon, giving them a chance to save work or prepare for a possible reboot. The notification is non-blocking (the user cannot postpone the patching), but it improves user awareness and reduces surprise disruptions. |
| Interactive reboot |
Displays an interactive reboot dialog to the Windows user after patching. The user can choose to reboot immediately, snooze the reboot for a configurable period, or optionally cancel the reboot. The task can be configured to only trigger if a reboot is actually required, and the number of allowed snoozes can be set by policy. |
| Execute reboot for Windows computer |
Performs an immediate, non-interactive (forced) reboot of a Windows endpoint. Used when a forced reboot is required, such as after critical updates or as part of an automated workflow where user interaction is not needed. |
| Reboot Solaris computer |
Issues a reboot command to a Solaris endpoint. Typically used after patching or as part of a remediation plan that requires a system restart to complete updates. |
| Reboot Linux computer |
Reboots a Linux endpoint. Can be triggered automatically after patching or run manually by an administrator as part of maintenance. |
| Reboot AIX computer | Reboots an AIX endpoint, either after patching or as part of a maintenance workflow. |
OS Upgrade - SUSE
These tasks manage Service Pack upgrades on SUSE Linux endpoints, including the ability to roll back a previously applied upgrade.
| Task Name | Description |
|---|---|
| SUSE Upgrade Service Pack |
Upgrades the Service Pack level of a SUSE Linux endpoint. Handles the necessary repository changes, downloads the new Service Pack packages, and performs the upgrade process. This is a major operation that may require a reboot and can impact system stability if interrupted. |
| SUSE Undo Upgrade Service Pack |
Attempts to roll back a previously performed Service Pack upgrade on SUSE Linux. Restores the system to its prior state, if possible, using SUSE's rollback mechanisms. Used if the upgrade caused issues or was performed in error. |
Endpoint Health & Communication
These tasks verify that endpoints are reachable and ready for patching.
They check communication status, system health, and OS-specific readiness conditions before a patching operation is attempted.
| Task Name | Description |
|---|---|
| 24 Hour Endpoint Communication |
Checks if the endpoint has communicated with JetPatch within the last 24 hours. Used for health monitoring, reporting, and to identify endpoints that may be offline or disconnected. |
| System Status Linux |
Runs a series of health checks on a Linux endpoint, such as verifying that required services are running, checking disk space, and confirming network connectivity. The results help JetPatch determine if the endpoint is healthy enough to proceed with patching or if pre-remediation steps are needed. |
| Endpoint readiness for Windows endpoint |
Checks if a Windows endpoint is ready for patching. Verifies disk space, required services, network connectivity, and ensures there are no pending reboots or other blockers. If the endpoint is not ready, JetPatch may delay patching or alert the administrator. |
| Endpoint readiness for Ubuntu endpoint | Performs readiness checks on an Ubuntu endpoint, similar to the Windows version but tailored to Ubuntu's environment and requirements. |
| Endpoint readiness for Solaris endpoint | Checks if a Solaris endpoint is ready for patching, including OS-specific prerequisites and health checks. |
| Endpoint readiness for Linux endpoint | Runs readiness checks on a Linux endpoint, ensuring it is prepared for patching. |
| Endpoint readiness for Debian endpoint | Checks if a Debian endpoint is ready for patching, with Debian-specific logic. |
| Endpoint readiness for AIX endpoint | Checks if an AIX endpoint is ready for patching, including AIX-specific requirements. |
Master Scripts
Master scripts are central orchestration utilities used internally by JetPatch across many workflows.
They perform environment data collection and standard preparation steps on Windows and Linux endpoints.
| Task Name | Description |
|---|---|
| Master Script - Windows |
Performs a series of checks and setup steps on a Windows endpoint, ensuring the system is ready for patching or other JetPatch-managed activities. May collect system information, verify prerequisites, and set up the environment. |
| Master script Linux |
Runs multiple checks and preparatory steps on a Linux endpoint. May collect system information, verify prerequisites, and set up the environment for patching or other operations. |
Patch Installation & Update Collection
These tasks scan endpoints for available updates and install patches. Each task is OS-specific. Update collection tasks feed the JetPatch patch inventory, while installation tasks are triggered during remediation workflows.
For More Details :
Linux/Unix Architecture and Patch Management FAQ - Here
| Task Name | Description |
|---|---|
| execute patch installation - Windows (WSUS) | Installs all available and approved patches on a single Windows endpoint via WSUS, handling dependencies and reporting results back to JetPatch. |
| execute patch installation - Windows (WSUS-Less) | Installs all available and approved patches on a single Windows endpoint via Microsoft Update directly (WSUS-Less mode), handling dependencies and reporting results. |
| execute patch installation - Ubuntu | Installs all available updates on a single Ubuntu endpoint using the system's package manager. |
| execute patch installation - Solaris | Installs all available updates on a single Solaris endpoint using Solaris-specific tools. |
| execute patch installation - Linux (RHEL/CentOS) | Installs all available updates on a single Linux endpoint, handling the full patch installation process including dependency resolution and error handling. |
| execute patch installation - Debian | Installs all available updates on a single Debian endpoint using Debian's package management tools. |
| execute patch installation - AIX | Installs all available updates on a single AIX endpoint using AIX-specific mechanisms. |
| Collect endpoint updates - Windows |
Scans a Windows endpoint for available updates, either via WSUS-less mode or direct scan. Results are used to populate JetPatch's patch catalog and determine compliance. |
| Collect endpoint updates - Ubuntu |
Scans an Ubuntu endpoint for available updates using the system's package manager. Results are parsed and reported to JetPatch for compliance and remediation planning. |
| Collect endpoint updates - Solaris | Scans a Solaris endpoint for available updates using Solaris-specific tools and repositories. |
| Collect endpoint updates - Linux | Performs a Linux update scan, compatible with various distributions, to find available patches and report them to JetPatch. |
| Collect endpoint updates - Debian | Scans a Debian endpoint for available updates using Debian's package management tools. |
| Collect endpoint updates - AIX | Scans an AIX endpoint for available updates using AIX-specific mechanisms. |
| Collect AIX NIM updates | Queries a NIM (Network Installation Manager) server for available updates for an AIX endpoint. Used in environments where AIX patching is managed centrally via NIM. |
Network, Repository & Configuration
These tasks modify network configuration or repository settings on endpoints.
They are typically run as pre-patching preparation steps in specific environments.
| Task Name | Description |
|---|---|
| Enable Vault repository for CentOS 6 |
Enables the Vault repository on CentOS 6 endpoints, allowing access to archived (EOL) updates after official repositories are shut down. Essential for maintaining legacy systems that still require patching. More Details - Here |
| Disable IPV6 Windows |
Disables IPv6 networking on a Windows endpoint by modifying system settings. Often done for security or compatibility reasons in environments that only use IPv4. More Details - Here |
| Disable IPv6 and Reboot Linux |
Disables IPv6 on a Linux endpoint and immediately reboots the system to apply the change. Used for hardening or compliance with network policies. More Details : Here |
Diagnostic & Check Tasks
These tasks run targeted checks on endpoints to detect configuration issues, pending reboots, licensing problems, or conditions that could block patching.
They are commonly used in pre-flight validation or troubleshooting workflows.
| Task Name | Description |
|---|---|
| Check Windows License |
Checks the activation and licensing status of a Windows endpoint. Ensures the OS is properly licensed, which can affect update eligibility and compliance. |
| Check PowerShell Execution Policy - Batch |
Checks the PowerShell execution policy on a Windows endpoint to ensure that scripts can be executed. If the policy is too restrictive, JetPatch may not be able to run required scripts for patching or remediation. More Details - Here |
| Check if Windows Reboot is Required and Reboot if Needed |
Checks if a Windows endpoint requires a reboot (due to pending updates or system changes) and automatically reboots the system if necessary. Ensures that endpoints are in a clean state before or after patching. |
| Check if Windows Reboot is Required |
Checks if a Windows endpoint requires a reboot, but does not perform the reboot. Used for compliance checks or to alert administrators without triggering an automatic restart. |
| Check if Windows EP is in more than one group |
Checks if a Windows endpoint is assigned to more than one WSUS Computer Group, which can cause targeting conflicts or compliance issues. Alerts administrators to correct group assignments. |
| Check if Linux Reboot is Required and Reboot if Needed | Checks if a Linux endpoint requires a reboot (due to kernel updates or other changes) and reboots automatically if necessary. |
| Check if Linux Reboot is Required | Checks if a Linux endpoint requires a reboot, but does not perform the reboot. Used for compliance checks or to notify administrators. |
| Check for potential Windows Update Agent issues |
Runs diagnostics on the Windows Update Agent (WUA) to detect common problems that could block patching, such as misconfiguration, missing services, or corrupted update databases. Provides actionable results for troubleshooting. |
| Check epoch of patch for centos |
Checks the epoch value of a CentOS patch, which is used in versioning to determine update order. Ensures JetPatch correctly interprets which patches are newer or older, preventing accidental downgrades. |
Comments
0 comments
Please sign in to leave a comment.