I’ve got a question re verifying Global Protect on my employer’s laptop. Do any of you do anything after installing patches to show your IT director that you have done so?
I have a good habit of allowing Microsoft’s patch installer and letting it install, with a restart and then a subsequent shutdown, I always do it right after it prompts me.
I feel like I ought to describe my employer. It’s a rather disjointed organization where I never get to physically interact with my supervisor, manager or, as naturally applies here, IT technicians. Hence why I ask you wonky questions like the above here.
In a sane world, the organization would deploy patches from its own WSUS service infrastructure and know without asking if any if their machines had or hadn’t been patched.
But I concede lots of people are forced to live in Bizarro world, so carry on.
What is Global Protect? Some sort of monitoring software or update rollout service?
Just ask your IT department.
Probably they won’t care, assuming that you’ll eventually get those updates even if it’s a few days late. Presumably the software might allow a small grace period and then eventually force you to install the updates, otherwise what good is it…?
Well, these sort of device management setups are all a bit different from company to company. Only your IT people would know how it’s set up and what the requirements are. If they’re really that disjointed, maybe the update regime isn’t all that strict? It’s still a good practice to keep Windows and other major software (like your browser, Adobe stuff, etc.) regularly updated if you can.
I might also add: If you’re just a rank and file employee and the IT department set all this up, eh, it’s not really your problem. Let them worry about it. Or just ignore it and plead ignorance/innocence.
Like gnoitall said, in a sane world, this sort of stuff would just happen automatically behind the scenes without needing each individual user to perform the right actions. It’s not your responsibility. Don’t suddenly try to make it one just to impress your supervisor… it’s a whole can of worms, and likely your supervisor won’t understand or care either.
Since GlobalProtect (one word) is a 3rd party app having nothing to do with Microsoft, the OPs comments about letting Microsoft’s update service update that app are wrong / inapplicable / confused.
Bottom line: IMO the OP needs to call his IT department. Since none of us work there, none of us can tell the OP how to make them happy. We can guess, but what’s the use of that?
From what I understand, unless the setup has been specifically monkeyed with, Windows Updates are automatic on Windows 11. There is a Windows Update option to “Receive updates for other Microsoft products” along with Windows updates. (In windows Start search, enter “Windows Updates” and poke around.) There’s also an option to see what updates have been applied, in Update History.
Most other software have an option to “Check for updates”. Plus the Help-About in much software will tell you the exact subversion you are on, which is usually indicative of what updates have been applied.
WSUS is a legacy of earlier days, when often updates had to be applied manually or many updates were optional, did not apply; and some corporations restricted access to the internet or updates. Microsoft has gone to default pushing updates because so many computer vulnerabilities stayed open from people who had not applied necessary updates.
Global Protect presumably has something similar. Not having it, I don’t know exactly, but it should have some indication, like full version and sub-versions number, to indicate what level it is. It may even have an update history. And I presume there is some sort of “Search for updates” option. For something that is specifically security, I cannot imagine why they would not want the newest version, unless they need to ensure everyone’s client is up to date before they update the server. Their website seems opaque to me so I don’t see a list of patches to download - possibly that’s restricted to licensed clients. Regardless, if you try to re-apply a patch that has already been applied, it should tell you “this patch has already been applied”.
I would also think if IT Support wants you to check, they would also be able to tell you what they want to see for verification.
I’ve always worked for employers large enough that IT manages the updates. Usually, i get a message that i must update by time X, and do i want to do that now or schedule it for tonight? I usually schedule it for tonight. And then it just happens.
So no, i have never done anything to tell IT, because IT already knows.
In the somewhat comparable situation of having required HR “cya” training, i sometimes mention to my boss that I’ve completed it. Mostly because that took some of my work time to do. The laptop usually can update without my spending more than a couple of minutes telling it when would be convenient, and maybe a couple more minutes rebooting.
My thanks goes to the kind people who give me good advice! I felt grateful to read all your insights here. I’m going to work on putting threads out in the right departments each time too.