Q about Dell Kace Patch Management third-party software (mainly Java)
Hi Guys,
I'm more or less the Kace administrator for the company I work at. I haven't had any training or prior knowledge of the product so I'm finding it quite difficult sometimes to get things done. There is one last thing I'm running into and that is automating the updating of Java, Flash player and Reader through Kace. I'm aware that fully automated updates isn't something you may want in a business environment as it could potentially cause problems, but we lack the resources (time) to do it any other way.
Someone suggested using the Patch Management from Kace but I can't seem to get it working. If someone could point me in the right direction that would be great!
Patch management:
Subscriptions: I have set the application patches to all types, all publishers, all impacts. There was already a label associated with patch management called 'P_Java update'. When I click on the label I see 55 patches including the latest java version (at this moment Java 8 Update 71).
There are two schedules for deploying the software, one I just created for the purpose of testing. I've set the Operating systems to 'all', device set to only my own and patch label to 'P_Java update'. I've set the reboot option to 'promt user'.
So with that set I clicked on 'run now' and after a while I got a prompt to reboot my machine. I checked, but no software has been installed. There is some documentation on patch management, but I find it quite difficult to find exactly that what I need which is updating third-party software.
Any information that could point me into the right direction would be greatly appreciated!
Kind regards,
Dennis
1 Comment
[ + ] Show comment
-
Have you tried splitting out just the latest update from the other patches and deploying that single update? - Hobbsy 8 years ago
Answers (2)
Please log in to answer
Posted by:
rockhead44
8 years ago
I used to patch Java but found it much easier to deploy Java as a Managed Install when i want to update the version. Admittedly, I skip several releases before I update.
I do patch Flash and Adobe Reader.
Comments:
-
I've tried that as well and got it semi-working. Could you please describe the way you have done it with managed install? - DLans 8 years ago
-
Make sure you have the software entry in Inventory for the version you are installing. Then create a zip file containing your msi and a .bat file to call the msi for installation. As part of the .msi call you can set your switches. For example, here's one I did for Java 8 Update 65
msiexec /i jre1.8.0_65.msi INSTALL_SILENT=1 STATIC=0 AUTO_UPDATE=0 WEB_JAVA=1 WEB_ANALYTICS=0 EULA=0 REBOOT=0 NOSTARTMENU=1 SPONSORS=0 /qn
You could also use something like this to uninstall old versions prior to deploying the new one:
@ECHO OFF
taskkill /F /IM iexplorer.exe
taskkill /F /IM iexplore.exe
taskkill /F /IM firefox.exe
taskkill /F /IM chrome.exe
taskkill /F /IM javaw.exe
taskkill /F /IM jqs.exe
taskkill /F /IM jusched.exe
WMIC product where "Name LIKE '%%java%%'" call uninstall /nointeractive
taskkill /F /IM iexplorer.exe
taskkill /F /IM iexplore.exe
taskkill /F /IM firefox.exe
taskkill /F /IM chrome.exe
taskkill /F /IM javaw.exe
taskkill /F /IM jqs.exe
taskkill /F /IM jusched.exe
msiexec /i jre1.8.0_65.msi INSTALL_SILENT=1 STATIC=0 AUTO_UPDATE=0 WEB_JAVA=1 WEB_ANALYTICS=0 EULA=0 REBOOT=0 NOSTARTMENU=1 SPONSORS=0 /qn
exit
=====================================================================================
From there, I create a Smart Label to identify machines that do not have Java 8 Update xx then target that Smart Label with a Managed Install.
If you don't know how to get the .msi from the .exe Java offers, see below:
To extract the MSI, run the “jre-8u60-windows-i586.exe” or “jre-8u60-windows-x64.exe” EXE BUT do not proceed with the installation. Open the folder “C:\Users\USERNAME\AppData\LocalLow\Oracle\Java\jre1.8.0_60”, depending if you ran the i586 or x64 version you will see one of the following folders.
jre1.8.0_65
jre1.8.0_65_x64
==========================================================
I also could not deploy via MI until I had populated (using the K1000) a java.setings.cfg file into the following folder:
C:\ProgramData\Oracle\Java
Once I pushed the file there I could successfully deploy via MI
My .cfg file has the following entry:
AUTO_UPDATE=0
EULA=0
INSTALL_SILENT=1
SPONSORS=0
WEB_ANALYTICS=0 - rockhead44 8 years ago-
Going to look into this, thanks! - DLans 8 years ago
Posted by:
getElementById
8 years ago
I update Java with patch management on only a few computers that are approved to have it. I haven't had any problems with it so far. Your subscription details look fine. I have a separate patch schedule defined for java, here is a snapshot of it.
I do a forced reboot and it runs every Monday night. I realize that is a bit aggressive but this way I don't have to worry about it too much as its only 5 or 6 machines.
The solution provided above is good too. Gives you much more control IMO.
[EDIT]
The Kace Kontinuing Education (KKE) is a good free resource for getting familiar with Kace.
https://support.software.dell.com/k1000-systems-management-appliance/training/154/kace-kontinuing-education
And if your company is willing to pay for it, the Kace Jumpstart training I found to be invaluable.
https://support.software.dell.com/k1000-systems-management-appliance/training/152/kace-k1000-management-appliance-jumpstart-program
Comments:
-
Sorry for the very late reply. Thank you for those two links, I'll definitely ask my manager. Not much I can do without training =) - DLans 8 years ago