patching strategy in combination with managed installs
Hi All,
I've begun with testing patching using our K1000 and I'm running into an annoying problem. I'll use adobe flash plugin as my example but I think this issue will be relevant for all/most products.
I deploy machines using scripted install. After basic machine install the K1000 picks up the machines and installs all the software to the machine via managed installs (our scripted install forces a checkin after deployment so all software is deployed after reboot pretty much instantly)
However the managed install for adobe flash will install adobe flash 10.3.181.26. This will target all machines that join the organisation.
However when patching, of course the version number changes to something else 10.3.181.5 (for example)
Which then means my managed install will try and repush the now older version back to the machine (and subsequently fail)
So my question is, how are the rest of you reconciling Mananged installs with patch updates? I've talked to support and basically the only way it seems is to get very tricky with smart labels. Have machines drop into things like 'no version of adobe installed' and the managed install targets this.
It seems like a solution, but then I need to create a new smart label to go along with every new application install I have to make sure it's NOT installed and then install it. After that patching will update it all to the latest version.
The only other option I can think of is updating every managed install every time there is a new patch available, which seems more hassle than it's worth.
Ideas welcome!
I've begun with testing patching using our K1000 and I'm running into an annoying problem. I'll use adobe flash plugin as my example but I think this issue will be relevant for all/most products.
I deploy machines using scripted install. After basic machine install the K1000 picks up the machines and installs all the software to the machine via managed installs (our scripted install forces a checkin after deployment so all software is deployed after reboot pretty much instantly)
However the managed install for adobe flash will install adobe flash 10.3.181.26. This will target all machines that join the organisation.
However when patching, of course the version number changes to something else 10.3.181.5 (for example)
Which then means my managed install will try and repush the now older version back to the machine (and subsequently fail)
So my question is, how are the rest of you reconciling Mananged installs with patch updates? I've talked to support and basically the only way it seems is to get very tricky with smart labels. Have machines drop into things like 'no version of adobe installed' and the managed install targets this.
It seems like a solution, but then I need to create a new smart label to go along with every new application install I have to make sure it's NOT installed and then install it. After that patching will update it all to the latest version.
The only other option I can think of is updating every managed install every time there is a new patch available, which seems more hassle than it's worth.
Ideas welcome!
0 Comments
[ + ] Show comments
Answers (5)
Please log in to answer
Posted by:
Swyfter
13 years ago
I just swap out my Adobe Flash MIwhenever a new version comes out and deploy to all machines so I might not as helpful as you need.
As for the forced scripted install, how are you getting them to check in? 5.3 broke my MIs so the user has to wait for Flash and the like to get deployed which becomes a hassle unless they do it manually. =P
As for the forced scripted install, how are you getting them to check in? 5.3 broke my MIs so the user has to wait for Flash and the like to get deployed which becomes a hassle unless they do it manually. =P
Posted by:
cmccracken
13 years ago
I created another set of smart labels (ex. M_NeedFlash) and use those to control MIs.
Casey
Casey
Posted by:
GillySpy
13 years ago
Probably not a coincidence that a colleague of mine asked me this same question. Here was my answer:
Only deploy the MI to a smart label with a certain regex pattern to accomplish the “<†effect. e.g. one way to do regex for strings less than 10.3.181.26 is
Only deploy the MI to a smart label with a certain regex pattern to accomplish the “<†effect. e.g. one way to do regex for strings less than 10.3.181.26 is
'(^[0-9][[.period.]])|(^10[[.period.]][0-2][[.period.]])|(^10[[.period.]]3[[.period.]]([1-9]|[1-9][0-9]|1[0-7][0-9]|180)[[.period.]])|(^10[[.period.]]3[[.period.]]181[[.period.]]([0-9]|1[0-9]|2[0-5])$)'
Select MACHINE.ID
from
MACHINE JOIN MACHINE_SOFTWARE_JT MS ON MACHINE_ID=MACHINE.ID
JOIN SOFTWARE S ON SOFTWARE_ID=S.ID
Where DISPLAY_NAME LIKE '%flash%'
DISPLAY_VERSION RLIKE'(^[0-9][[.period.]])|(^10[[.period.]][0-2][[.period.]])|(^10[[.period.]]3[[.period.]]([1-9]|[1-9][0-9]|1[0-7][0-9]|180)[[.period.]])|(^10[[.period.]]3[[.period.]]181[[.period.]]([0-9]|1[0-9]|2[0-5])$)'
Posted by:
RichB
13 years ago
Looks like you are missing an "AND" between the "Where" clauses so it should look like this:
Select MACHINE.ID
from
MACHINE JOIN MACHINE_SOFTWARE_JT MS ON MACHINE_ID=MACHINE.ID
JOIN SOFTWARE S ON SOFTWARE_ID=S.ID
Where DISPLAY_NAME LIKE '%flash%' AND
DISPLAY_VERSION RLIKE'(^[0-9][[.period.]])|(^10[[.period.]][0-2][[.period.]])|(^10[[.period.]]3[[.period.]]([1-9]|[1-9][0-9]|1[0-7][0-9]|180)[[.period.]])|(^10[[.period.]]3[[.period.]]181[[.period.]]([0-9]|1[0-9]|2[0-5])$)'
Posted by:
dogfish182
13 years ago
Thanks for the responses all, time for some testing. This was covered pretty well by support but was curious to see what everyone is generally doing. I had come up with the smartlabels only catching 'missing' machines and I think we might go this way. Mainly because I don't think any colleagues will know what's going on if we use the regex smartlabels.
also
my k2000 scripted install has an 'rename PC and Join Domain'
post deploy task
After it does a join domain it puts in a reg key for run once and runs the following
@timeout 35
"%ProgramFiles%\kace\kbox\kbscriptrunner.exe"
which checks the machine in. The effect is the machine deploys, stops to ask me for a machine name after deployment, I give it that, then it puts in a reg key to run the join domain after reboot. After it reboots, it runs the joindomain script, puts the regkey in for the 'cleanup' batch file which includes the above lines.
After the domain join, machine boots, then starts deploying office -> proofing tools -> flash -> adobe reader -> java and all that other fun stuff.
It seems to work quite well, although I wonder about changing it to do the software deployments as post deploy tasks instead and then let patching handle it from there via the k1000. This would also deal with the patching/version issue somewhat as well.
Is anyone using the K2000 to do most of the software deployments?
also
As for the forced scripted install, how are you getting them to check in? 5.3 broke my MIs so the user has to wait for Flash and the like to get deployed which becomes a hassle unless they do it manually. =P
my k2000 scripted install has an 'rename PC and Join Domain'
post deploy task
After it does a join domain it puts in a reg key for run once and runs the following
@timeout 35
"%ProgramFiles%\kace\kbox\kbscriptrunner.exe"
which checks the machine in. The effect is the machine deploys, stops to ask me for a machine name after deployment, I give it that, then it puts in a reg key to run the join domain after reboot. After it reboots, it runs the joindomain script, puts the regkey in for the 'cleanup' batch file which includes the above lines.
After the domain join, machine boots, then starts deploying office -> proofing tools -> flash -> adobe reader -> java and all that other fun stuff.
It seems to work quite well, although I wonder about changing it to do the software deployments as post deploy tasks instead and then let patching handle it from there via the k1000. This would also deal with the patching/version issue somewhat as well.
Is anyone using the K2000 to do most of the software deployments?
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.