/build/static/layout/Breadcrumb_cap_w.png

How to configure a mixed environment deploying latest and older patches each month

Hello, how would you separate systems if for example, you have one group where you deploy the latest patches vs another group where they want to deploy patches that are 6 months old for example? If superseded patches are marked inactive, basically the oldest patches you can install are about 30 days old. Does this mean we have to create new packages every month to deploy patches released 6 months ago?   

Asked 2 months ago 0 views
0 Comments   [ + ] Show comments

Answers (3)

Posted by: JS_DC 1 month ago
Orange Senior Belt
0

We have different labels for different patch "rings"


Group one "alpha" gets patched the week of patch tuesday and the latest updates.

Group teo "beta" is has patches over 7 days old. 

Group 3 "prod" has patches over 2 weeks.

Group 4 is manual patching.  Stuff offline, not on the domain, etc. 

Posted by: Nico_K 2 months ago
Red Belt
0

Endorsed by Nick The Ninja

well, the "oldest patch" is the latest patch for a software which is not patched for a longer time.
Superseded patches just mean, that a newer patch includes it already.

In your case it may be a good idea to not disable superseded patches and work with Labels with timestamps and groups.

Comments:
  • The problem with turning off the option to mark superseded patches inactive is that space fills up. And we dont want to do this when a small number of systems require patches released a couple months ago. The only way I can think of is having to keep track of which KBs need to be installed, creating a package each month and setting it to install in 6 months. That will be a nightmare to try to keep up with. - lama01 2 months ago
    • well, as I said: superseded means, that there is a newer patch avaiable. The issue is, that you want to have a group of systems with only 6+ month old patches. If you setup an (still supported, like W11 22h2) outdated system and let it patch using KACE with superseded patches off, all patches will be deployed, so it is not nessesary to have superseded enabled.

      BUT! if you really want such a nightmarish setup with some systems 1/2 year unpatched by default you need more space (obviously) and need to minimize it with labels, that not EVERYTHING is downloaded but only the patches you need. Since dates are reported you can do this with patch labels as we did it in the past.
      See here for more: https://support.quest.com/kb/4272365 - Nico_K 2 months ago
      • lol nightmarish setup with some systems 1/2 year unpatched by default - Yes I know. Some companies are really strict esp when they are running engineering software. Thanks! - lama01 2 months ago
  • Is it possible to use a different ORG within KACE to do something like this? - lama01 1 month ago
Posted by: davidwilliamson 1 month ago
White Belt
0

Thanks for the information.

Posted by:

lama01 Fourth Degree Green Belt
Ninja since: 6 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:

KACE Product Support Questions
question

Related Questions

Link

Related Links

Post

Related Posts

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ