System patch management should be done on a regulary basis. Microsoft regularly sends patches on a monthly basis. Other software vendors will also be doing updates. checking ZENworks Configuration Management-Patch Management section should be done to determine the patch status of the system. 

Running a Patch Scan against the system may be needed depending on when the system was last patched.

The following is possible scripting and command options available to run against Windows based systems.

Example 1: Manual command line options
- From a cmd.exe prompt or powershell.exe
zac inv scannow  #Hardware and Software inventory scan - uploaded to the ZCM server once done
zac ps #Patch Scan against the system - Uploaded to ZCM server once done
zac bln "Adobe Patch Policy" #A patch policy bundle used to patch Adobe product such as Flash, Shockwave, or Reader
zac bln "Java Patch Policy" #A patch policy bundle used to patch Oracle Java software
zac bln "MS Critical Patch Policy" #A patch policy bundle used to patch critical patches from Microsoft
zac bln "MS Recommended Patch Policy" #A patch policy bundle used to patch recommended patches from Microsoft

Example Script:
zac inv scannow
zac ps
zac bln "Adobe Patch Policy"
zac bln "Java Patch Policy"
zac bln "MS Critical Patch Policy"
zac bln "MS Recommneded Patch Policy"
shutdown -r -f -t 60 -c "Patch installation requires a reboot..."
exit

Example 2: Pre-existing script (Ran from Powershell.exe)
C:\SWTOOLS\Scripts\zacpap.ps1

Example 3: Pre-existing Bundle
zac bln "WindowsUpdate"