Rolling Back Patches from Windows Assets

You can create a rollback job to roll back patches from only Windows assets.

Note: Only patches with the isRollback property set to true can be added to a rollback job.

1.  Go to Jobs > Windows > Create Job, and click Rollback Job.

Rollback Job option.

2.  Provide a job title, and then select assets or asset tags to roll back the patches from.

Note: Patches are rolled back on the selected tags only for assets contained in the user's scope. When you select an asset tag, corresponding child tags get automatically selected. Select "Any" to include assets that have any of the selected tags. Select "All" to include only those assets in the patch rollback job that have ALL the selected tags.

3.  Select Add Exclusion Assets check box to exclude specific assets from the rollback job. You can exclude maximum 50 assets from a job.

Exclude Assets

Note: Based on the selected options, the final list of assets is calculated taking into consideration included and excluded assets tags and included and excluded assets.

4.  Select "Add Exclusion Asset Tags" to exclude the assets from the rollback job that have All/ANY of the selected asset tags.

Assets for the rollback job

Note: To understand how final assets are determined for a job, see Which Assets are Included in a Job

5.  Select patches to rollback from the assets. Use the patch selector link to select patches. On the Patch Selector page you can use the Within Scope option to view patches within the scope of the selected assets or view all available patches. Select the desired patches and click Add to Job and then click Close. On the Select Patches pane of the Rollback Job wizard, click Available Patches if you want to add more patches to the job.

Want to add patches later? Go to the Patches tab, and select one or more patches, then from the Quick Actions Menu of a single patch or from the Actions menu (bulk actions) click Add to Existing Job or click Add to New Job. You cannot add patches later to On Demand or run-once (non recurring) jobs once they are enabled.

Note that when you modify a patch job using the Add to Existing Job option from the Patches tab, you can add patches, but cannot add target assets or asset tags. To apply patches to an asset that is not added to the job, you can 1) edit an existing job from the Jobs tab, 2) select the asset from the Assets tab and use the Add to Existing Job option, or 3) create a new patch job for that asset.

Note: You can add maximum 2000 patches to a single job. Create another job to add patches above 2000.

Patches for the rollback job

Choose when to roll back the patches, whether On Demand or Schedule.

The On-Demand option allows you to rollback the patches immediately once the job is created and enabled. The Schedule option allows you to roll back the patches at a set time. You can choose to run the scheduled job daily, weekly, or monthly.

See Schedule Job Settings

Note: Monthly jobs which are scheduled to run on the 31st of the month will be scheduled every two months (where 31st date is available). Recurring jobs (Daily, Weekly, Monthly) should be enabled three hours prior to the scheduled time otherwise next eligible schedule will be considered.

Schedule patch rollback

You can configure how to notify the users about the patch roll back. You can configure pre-rollback messages, deferring the patch roll back a certain number of times. You can also provide progress and completion messages. You can prompt the user or suppress reboot when asset reboot is required post patch roll back.

User prompts for the rollback job

Choose one of these options for reboot messages:

Reboot Request - Many patches require reboot in order to take effect. When enabled, it will show a message to users indicating that a reboot is required. If no user is logged in, the reboot will start immediately after patch deployment.

You can configure this option to give the user the option to either reboot the machine immediately after the patch is deployed or defer the reboot "x" number of times so that the user can save the work and complete other tasks. Reboot will defer until 1) the user clicks OK when reboot message is shown or 2) maximum number of deferments are reached.

Reboot Countdown - Show countdown message, after deferment limit, if set in the Reboot Request option, is reached. When reboot countdown is enabled, this gives the end user an indication of how long it will take before the system is rebooted.

See Reboot Settings

We highly recommend that when you create the job, fill out both the message and description fields for these options as this will have better performance in the agent/platform acknowledging the requests. Keep the messages very brief and the descriptions as detailed as possible.

Reboot messages option

Finally, choose Co-Authors for this job. Besides the owner, the selected Co-Authors can edit this job.

ob access screen shows co authors for the job

Next, review the configuration.

Job can either be created in ENABLED state by using the Save & Enable option or in DISABLED state by using the Save button.

Save drop-down button showing options to save a rollback job

You must enable the disabled job to run it. To enable a disabled job, simply go to the Jobs tab, then from the Quick Actions Menu of a job, click Enable. The Save & Enable option should be chosen only when you are confident that job is correctly configured, because this job will begin executing as soon as you "Save" the job. This option is available only when creating a Job the first time, not during editing the job.

Tip: You can use the Disable option to temporarily disable a scheduled job. You can then re-enable the job later at your convenience. On-Demand or run-once (non recurring) jobs cannot be edited or disabled once they are enabled.

See Enable/Disable Jobs

Tip: You can use the Disable option to temporarily disable a scheduled job. You can then re-enable the job later at your convenience. On-Demand or run-once (non recurring) jobs cannot be edited or disabled once they are enabled.

Note that the SuperUser or Administrator can change the job status (enable/disable), delete and edit the job.

Enable/Disable Jobs

User Roles and Permissions

List of Asset Statuses