Autodesk Patch Management Strategies
By John Semel | IT
Staying up to date with software is increasingly important, as applications become more complex and update cycles shorten. Collaborative applications such as Revit are particularly important, as the updates often tie into cloud services such as A360 Collaboration for Revit.
However, the increasing pace of updates can present a challenge for firms of all sizes. Small firms may not have extensive IT resources to manually patch products, while larger firms need to coordinate dozens or hundreds of workstations. In this post, we will review several options for patch management for Autodesk products.
Autodesk Solution: Desktop App
The first method for handling patches is the Desktop App, which is typically installed with the 2016 and 2017 versions of Autodesk software. It runs in the background, and keeps track of what software, patches and updates are installed on the local computer.
Although it runs on the workstation itself, it has several useful options for central or automated management. We can see two of these in the Settings panel:
The first setting specifies that the Desktop App can use a network share to store content downloads. The first user that downloads a specific update will save it in that location; any instance with the same configuration, to the same spot, will then copy it to the local location for installation purposes. In addition to speeding up downloads, it also provides a central repository for future access to those installation files.
The second option, as it states, automatically installs updates.
While both of these options must be configured on the client side, access to downloads can be controlled by the Contract Manager via your firm’s Autodesk Account. Start by logging into your account at https://manage.autodesk.com and click on the Gears icon near the upper right corner:
This will open up a dialog box, which provides global options for users to download software and updates:
Note that by default, all Devices have access to Products & Versions, as well as Updates & Add-Ons.
In addition to these global options, you can also dial in on specific updates. In the Products and Services panel, click on Product Updates. You will see the “Access Control” button for a specific product and version, and then a list of the available updates:
Note that the Access Control for the specific product should override the global controls.
Thus, if we are using the Autodesk system, one possible workflow for larger firms might look like the following.
- Desktop App is preconfigured to use a shared download location, and optionally automatically install updates.
- Set the global option to only make updates available to a test user, who operates exclusively on a test machine.
- Every Monday morning, the BIM manager for the firm checks the Desktop App on the test machine, and verifies that the updates work with existing files.
- The BIM manager then makes the update available to either selected users (perhaps a specific team) or to All Devices.
- AEC staff installs the updates (either manually or automatically).
For your reference, Autodesk has written some KB articles explaining the functionality of the Desktop App:
Autodesk: Control Which Devices Can Install Product Updates
Autodesk: Configure Which Users and Devices Can Install Autodesk Products
You can also review the Autodesk Desktop App FAQ.
3rd Party Options
As noted, Autodesk is moving towards a web-based centralized management system for Autodesk patches. However, there are two potential issues with their current implementation:
- Users must have Local Admin rights in order to install updates, and in some environments that conflicts with existing security requirements.
- Although access to the updates is centrally managed, it still relies on individual users to log into the Desktop App using their credentials; install the updates; or keep the correct Desktop App settings.
- Autodesk’s system only manages Autodesk updates, and does not address the larger issue of patch management.
As a result, some IT departments may prefer to look at 3rd party solutions, such as SCCM, KACE or PDQ Deploy. These packages offer more centralized control over patches, more comprehensive remote installation and uninstallation options, and in some cases additional tools to manage hardware resources, inventory, and other aspects of a computing environment.
There are some considerations when using 3rd party tools for Autodesk patch management. One key issue is ensuring that users do not accidentally access or install applications on their own. At this time, if the users do not have Local Admin rights, they should be blocked from installations, but not downloads. Therefore, IT departments may want to lock down updates and/or uninstall the Desktop App.
Another consideration is that the Desktop App is now the fastest way to download new patches, as it updates in the background and receives updates before they are made available via the Web. As a result, IT staff may want to configure a test workstation to automatically download and install updates via the Desktop App, use a network share to store the files, then use those files to push out the patches.
A third issue is that not all updates can be easily pushed out via those tools. Most patches will work fine, as they are typically distributed as or with MSP files, which do not require any special considerations or switches. However, some tools will require interaction from the user, perhaps to specify an installation location or click on a user agreement. E.g. the Space Naming Utility is available via the Desktop App, but runs a full installer, and won’t function properly unless it’s converted to an MSI. (This in turn may require additional software, such as Caphyon’s Advanced Installer.)
If you have questions about these procedures, please email us at firstname.lastname@example.org or by phone at 888-768-7568.