/build/static/layout/Breadcrumb_cap_w.png

patching strategy in combination with managed installs

Hi All,

I've begun with testing patching using our K1000 and I'm running into an annoying problem. I'll use adobe flash plugin as my example but I think this issue will be relevant for all/most products.

I deploy machines using scripted install. After basic machine install the K1000 picks up the machines and installs all the software to the machine via managed installs (our scripted install forces a checkin after deployment so all software is deployed after reboot pretty much instantly)

However the managed install for adobe flash will install adobe flash 10.3.181.26. This will target all machines that join the organisation.

However when patching, of course the version number changes to something else 10.3.181.5 (for example)

Which then means my managed install will try and repush the now older version back to the machine (and subsequently fail)

So my question is, how are the rest of you reconciling Mananged installs with patch updates? I've talked to support and basically the only way it seems is to get very tricky with smart labels. Have machines drop into things like 'no version of adobe installed' and the managed install targets this.

It seems like a solution, but then I need to create a new smart label to go along with every new application install I have to make sure it's NOT installed and then install it. After that patching will update it all to the latest version.

The only other option I can think of is updating every managed install every time there is a new patch available, which seems more hassle than it's worth.

Ideas welcome!

0 Comments   [ + ] Show comments

Answers (5)

Posted by: Swyfter 13 years ago
Yellow Belt
0
I just swap out my Adobe Flash MIwhenever a new version comes out and deploy to all machines so I might not as helpful as you need.

As for the forced scripted install, how are you getting them to check in? 5.3 broke my MIs so the user has to wait for Flash and the like to get deployed which becomes a hassle unless they do it manually. =P
Posted by: cmccracken 13 years ago
Orange Senior Belt
0
I created another set of smart labels (ex. M_NeedFlash) and use those to control MIs.

Casey
Posted by: GillySpy 13 years ago
7th Degree Black Belt
0
Probably not a coincidence that a colleague of mine asked me this same question. Here was my answer:

Only deploy the MI to a smart label with a certain regex pattern to accomplish the “<” effect. e.g. one way to do regex for strings less than 10.3.181.26 is
'(^[0-9][[.period.]])|(^10[[.period.]][0-2][[.period.]])|(^10[[.period.]]3[[.period.]]([1-9]|[1-9][0-9]|1[0-7][0-9]|180)[[.period.]])|(^10[[.period.]]3[[.period.]]181[[.period.]]([0-9]|1[0-9]|2[0-5])$)'
So a template for a smart label that does all adobe versions less than 10.3.181.26 is (watch out for carriage returns added in email)
Select MACHINE.ID
from
MACHINE JOIN MACHINE_SOFTWARE_JT MS ON MACHINE_ID=MACHINE.ID
JOIN SOFTWARE S ON SOFTWARE_ID=S.ID
Where DISPLAY_NAME LIKE '%flash%'
DISPLAY_VERSION RLIKE'(^[0-9][[.period.]])|(^10[[.period.]][0-2][[.period.]])|(^10[[.period.]]3[[.period.]]([1-9]|[1-9][0-9]|1[0-7][0-9]|180)[[.period.]])|(^10[[.period.]]3[[.period.]]181[[.period.]]([0-9]|1[0-9]|2[0-5])$)'
Posted by: RichB 13 years ago
Second Degree Brown Belt
0
Looks like you are missing an "AND" between the "Where" clauses so it should look like this:
Select MACHINE.ID
from
MACHINE JOIN MACHINE_SOFTWARE_JT MS ON MACHINE_ID=MACHINE.ID
JOIN SOFTWARE S ON SOFTWARE_ID=S.ID
Where DISPLAY_NAME LIKE '%flash%' AND
DISPLAY_VERSION RLIKE'(^[0-9][[.period.]])|(^10[[.period.]][0-2][[.period.]])|(^10[[.period.]]3[[.period.]]([1-9]|[1-9][0-9]|1[0-7][0-9]|180)[[.period.]])|(^10[[.period.]]3[[.period.]]181[[.period.]]([0-9]|1[0-9]|2[0-5])$)'
Posted by: dogfish182 13 years ago
Orange Belt
0
Thanks for the responses all, time for some testing. This was covered pretty well by support but was curious to see what everyone is generally doing. I had come up with the smartlabels only catching 'missing' machines and I think we might go this way. Mainly because I don't think any colleagues will know what's going on if we use the regex smartlabels.

alsoAs for the forced scripted install, how are you getting them to check in? 5.3 broke my MIs so the user has to wait for Flash and the like to get deployed which becomes a hassle unless they do it manually. =P

my k2000 scripted install has an 'rename PC and Join Domain'

post deploy task

After it does a join domain it puts in a reg key for run once and runs the following
@timeout 35
"%ProgramFiles%\kace\kbox\kbscriptrunner.exe"

which checks the machine in. The effect is the machine deploys, stops to ask me for a machine name after deployment, I give it that, then it puts in a reg key to run the join domain after reboot. After it reboots, it runs the joindomain script, puts the regkey in for the 'cleanup' batch file which includes the above lines.

After the domain join, machine boots, then starts deploying office -> proofing tools -> flash -> adobe reader -> java and all that other fun stuff.

It seems to work quite well, although I wonder about changing it to do the software deployments as post deploy tasks instead and then let patching handle it from there via the k1000. This would also deal with the patching/version issue somewhat as well.

Is anyone using the K2000 to do most of the software deployments?
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ