Patching - Persistent Issues. Would Love Advice
All-
Been trying to get KACE patching optimized and I just seem to be running into constant issues and would love some advice from others on any kind of best practices and/or if anyone can comment on the questions below.
1. Reboots during patching. Why does this seem so excessive? Our patch schedules are setup for Detect/Deploy since we want to try and get everything patches but it just seems like the amount of reboots necessary is exorbitant. As an example, I had a test laptop with me today that was going to have 10 patches pushed to it. I was forced to reboot three times to cover the ten patches and that was with two errors (patches that failed to install as well). I don't remember WSUS ever needing this many patches
2. Why do .NET Framework patches never seem to install correctly? We push security patches for .NET Framework but always seem to end up with install errors on each machine during the patching cycle. Is this common with .NET Framework?
We're a Windows 7 shop, about 750 hosts. I currently have three patch labels configured; OS/Security Critical, OS/Security Recommended, and Non-Security Recommended. These are used in my Detect and Deploy; we detect on those three labels and deploy on those three labels.
Really would appreciate any advice on a better setup. We're mostly interested in security patches and the windows malicious software removal tool.
Thank you all!
2 Comments
[ + ] Show comments
Answers (0)
Please log in to answer
Be the first to answer this question
Have you watched our KKEs on Patching?
http://kace.com/kke
As to number one above, since you've chosen Detect and Deploy, and likely have a "Max Attempts" higher than 1, the Schedule retried the failed patches on subsequent reboots. It might have been the case, that without those failures, one reboot would have been sufficient.
Ron Colson
KACE Koach - ronco 10 years ago