The College of New Jersey

Apply     Visit     Give     |     Alumni     Parents     Offices     TCNJ Today     

Patch Management

Patch Management

With the increase of worms and viruses on the Internet, anti-virus and operating system updates are now a part of daily life. In order to reduce the amount of time individuals need to spend managing the security of their systems, and to improve the overall security posture at the College, Information Technology employs a layered defense to security, including a network firewall, network based anti-virus and centrally updated anti-virus on each workstation.

Information Technology has taken additional steps to improve the security of college owned computers. Through a centrally managed system, Information Technology will “harden” operating systems by applying critical patches released by Microsoft. Applying these patches will limit the vulnerabilities that a worm or virus can take advantage of, reducing the chances of a user becoming infected.

As part of this update process, you may be asked to reboot your machine for the patch to take effect. A dialogue box will open up with related instructions. Rebooting your computer, or the classroom computer, is an important step in applying these patches.


Why are patches important?

Operating systems have flaws that are discovered over time. As these flaws are discovered, the software vendor writes some code to fix the problem. This code is called a patch. If a system is unpatched, a malicious user can write code, such as a virus or worm, to exploit the flaw. Malicious code can do anything from slow down your system to emailing your passwords to a remote site.

How does this benefit me?

While the college has a layered defense that keeps most viruses and worms out of our network, there is always a chance one will slip past our defenses and start attacking, crashing, slowing down or compromising the security of our desktop machines. By applying Microsoft critical patches on a regular basis, the amount of time an end user spends dealing with viruses and worms will be reduced. This process will also benefit users who take their laptops off campus. Your operating system will be up to date, so your chances of getting infected on someone else’s network are less.

When will patches be pushed out?

Whenever possible, patches will be distributed on the 4th Wednesday of the month at 5 am. This time and day was chosen in consultation with ITPC and the Cabinet in order to minimize the impact of this process on academic activities (Microsoft publishes it’s patches on the second Tuesday).  IT will test these patches that Microsoft publishes on a small group of users. If there are no issues with the patches, we will distribute them campus wide on the 4th Wednesday. This makes it easier for campus community members to anticipate the patch process and minimizes the chances of a patch disrupting a class.

What can a user expect from the Patch Process?

Some patches will be completely transparent to the end user, the computer will simply be updated behind the scenes. Some patches will require the system to reboot. When this is the case, a restart message will appear, asking the user to reboot the machine. The user will have the option to delay the reboot by clicking on a “Restart Later” button or they could choose to restart immediately by clicking on “Restart Now”.  If the user takes no action, the machine will reboot automatically after 15 minutes.   If the user chooses to delay the reboot, another reboot message will appear every 15 minutes until they choose to restart.

The warning message will look like this:

auto update.bmp

If you choose to shut down your PC after the updates have downloaded, but before they’ve had a chance to successfully install, you will get a message that asks you to install the Updates before you shut down.   Please install the updates before shutting down, to avoid any issues with the installation.  The patches will install and then automatically shut your PC off when finished.

The window will look like this:

install and shut down.bmp

What patches will be pushed out?

Microsoft critical operating system patches will be pushed out automatically, unless they cause a problem with the campus standard image. Other patches and updates may be included as required by Information Technology staff.

What do I do if there is a problem?

Call the Help Desk at ext 2660.

Can I opt out?

Based on input from ITPC and the cabinet, IT has developed an “opt out” process that will allow the exclusion of machines from the automatic update process if these machines meet certain criteria and are kept up to date in some other way. If you think you have a machine that should be considered for this process, please fill out the form on this page: