/build/static/layout/Breadcrumb_cap_w.png

Detect and Deploy vs Deploy (only)

We've always had our monthly Windows server patch schedules run as Detect and Deploy. We also run a daily detect on those servers late afternoon and a nightly patch download at 1am.

It was recently suggested to me that there is no point to using Detect and Deploy when during the patch deployment because it won't get downloaded in time to patch during that run and then it will error with something like "Downloading". They said we only need to use "Deploy" since we run the daily detection. It was a Kace engineer who had assisted with some other things and he knew is way around Kace as well or better than most Kace Engineers I've worked with over the last decade.

Is that correct that Detect and Deploy doesn't work in time to download missing patches during during a given patch schedule?

Asked 6 years ago 1377 views
0 Comments   [ + ] Show comments

Answers (4)

Posted by: DaveMT 6 years ago
4th Degree Black Belt
1
From what I understand and have experienced. doing a daily detect seems to be no more efficient than doing a weekly one if you are only patching once a month.  If you do a deploy only, you will complete faster, but it will only patch was is listed in the latest detect.  Doing a detect and deploy will take longer, but after each deploy, it reruns a detect to see if there are any more approved patches (maybe some required a previous patch to install first).  If more are found it will deploy them as well and repeat until you are patched fully to what is approved.  It does take longer but you will have a higher rate of fully patched.  If you were doing patches every week, you could probably do the detect once a week and only deploy once a week and stay pretty current.  You just run the risk of having a server or workstation potentially be missing patches during that time.
Posted by: Nico_K 6 years ago
Red Belt
1
The difference is as follows:
A Detect only deploys the patches to the machines until it needs a reboot. Then the patching job ends. After a reboot nothing happens.
If you run da D&D the reboot from the patching job triggers a new detect and a new deploy.

Posted by: chucksteel 6 years ago
Red Belt
0
That sounds a bit off to me, but you are duplicating effort, I think. The only reason that a schedule wouldn't be able to download all of the missing patches during a schedule is if you have it set to timeout too quickly. Also, if you are patching your machines daily, then why are you also patching monthly? Are the settings and included patches different?

Posted by: murbot 6 years ago
10th Degree Black Belt
0
Hi Chuck. Thanks for the reply.

Sorry for the confusion. We only "detect" daily. We "Detect & Deploy" (D&D) monthly on these servers.

It didn't make sense that Kace would even have the option to D&D (in the same patch schedule), if new patches couldn't download during a patch schedule's run. There are occasional one off issues, but typically, a K1k should be able to detect & deploy while also downloading patches that are detected during the same schedule.

Thanks again.

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ