need suggestions for setting up a label for patches
Can you recommend some preferred settings for patch labels , how to ignore patches that are for servers and should i set Superseded to YES or NO:?
0 Comments
[ + ] Show comments
Answers (1)
Please log in to answer
Posted by:
JasonEgg
7 years ago
Kind of depends on your environment and needs. Some people have success by simply using the built-in patch subscription options without specifying patch labels. For example, to ignore patches for servers go to Security > Subscriptions then click the pencil icon under "Windows Operating Systems" and deselect any server OSes; no labels needed. I would try this method before your smart label method. In your smart label posted above you specify that the "Released" date is within two months, which means that it's possible that a needed patch would not be applied to a computer simply because a new version hasn't come out for two months. I advise against that.
Regarding superseded: I'm sure there are uses cases for disabling it but I can't even come up with an example. I would definitely keep "Inactivate Superseded Patches" checked.
Comments:
-
JasonEngg, thanks a lot..."Released" date is within two months,?what do you recommend for released date, remove it or set it to 6 months? - rahimpal 7 years ago
-
I would remove it. Deactivating superseded patches will make it so the newest version of a patch is available, no matter when that patch was released. Make sure your settings in Security > Patch Download Settings include "Files detected as missing" and "Delete unused files after:" - JasonEgg 7 years ago
