Controlling the timing of software updates
Hello world,
We deploy Java, Flash, Adobe Reader etc, all those standard things during the initial build of the PC. I'm after opinions on how people best manage the timing and deployment of updates to these programs, for example updating Java 6 Update 2 to Java 6 Update 21.
We have the Managed Install and can roll it out on demand but say I want to update my test group at the same time as I do the Windows security patching for that group? You can't schedule Managed Installs - best I can do is restrict deployment to the test group but I still can't control when it deploys other than 'at logon' or 'during bootup' etc.
Maybe scripting is the answer but that's a lot of work for some updates.
Oh and because we don't want Java, Flash etc prompting users to update ever, I don't use K1000 patching to do these updates because I don't know how they're configured in terms of setting the automatic updating.
Cheers.
Answers (1)
Managed installs let you set a deployment window. Set the "open/close" window time, and it will only deploy between those set times.
If you did choose to use patching for these you can set a scheduled time. You can then suspend pending tasks "X" minutes after the schedule has ran. So if you scheduled it at 10:00 am, then set to suspend tasks by 120 minutes, nothing would run after 12 pm. We personally patch reader and flash using Kace patching. Java we do via MI, but with testing it can also be done with Kace patching.
If all of these are deployed in your initial build shouldn't you know if automatic updating is enabled? This also should not make a difference since a "Detect and Deploy" schedule will let Kace know if the machine even needs the patch. I would run a "Detect" job on all of your machines for these patches just to see where your machines are at.
Comments:
-
Thanks. How I missed the deployment window option all this time I don't know, but its probably what I'm looking for.
With the not knowing if automatic updating is enabled, I actually meant I don't know what update setting will be applied by KACE patching. So we have set all of our software not to auto-update and not to prompt for updates either, but I worry that KACE will patch this software and re-enable the update notifications.
Cheers - twit 11 years ago