For your patch subscription what labels would you recommend to narrow that down?
I have been told to use labels to control what patches Kace downloads, but I'm not sure the best way to divde the patches. We only want the critical OS patches now, but I want a system that can grow allowing us to bring in more patches if need without having to redo all the labels everytime.
Answers (2)
I would recommend doing a patch label like this: os = windows 7 and status = active and patch type = os and impact = critical
Then just change the os name for the various os's.
Also, if you have upgraded to 5.4 this is somewhat uncessary IMHO to limit the download of patches through patch labels as there is a new option to Determine packages to download using detect results listed under settings>control panel> patch settings. This way you can create a patch schedule, limit the detect to your patch labels. The new feature will only download the "missing" patches based on the detect.
You don't necessarily have to redo the labels every time, but you can add more labels going forward. You can start by having your patch schedule detect and deploy OS patches, then add application patches at a later date.
One patch label for Windows 7 x64 SP1 patches that are critical and not superseded.
One patch label for Windows XP SP3 patches that are critical and not superseded.
And a patch label for Application Updates that are critical and not superseded.
Then, combine those labels as needed. Depending on how specific you want to get with patching, you could make individual labels for each application... if some machines should not get certain application patches, you can leave those labels out of the detect/deploy cycle.
Comments:
-
tshupp, if you're making Patch Smart Labels for Subscription Settings, then using OS as a criteria within the lable is redundant. Just FYI. r2
Ron Colson
KACE Koach - ronco 11 years ago
