Recommended Patch Label Size and Intervals
I'm currently managaing about 350 systems using the K1000. I had some general Best Practices Questions for Patching and machine management. I currently patch once a month(use to be more often, but I had alot of pushback).
What is the recommended size per patch label group?
Currently I have 6 Labels with about 50 users in each group. They all get patched the same day(about an hour apart).
Should I start spreading the patching over multiple days?
I also have about 10 macs in our enviroment. Should I keep those machines in their own grouping?
Thank you for your time!
Answers (2)
I use machine labels for patching. Depending on the patch label is how often I patch. Critical gets once every two weeks, while recommended gets once a month. Also laptops, and servers are on a different schedule. Laptops are more frequent while servers are more manual.
With 350 machines you should have no problem doing that many in one day.
Take a look at these sites. There's a ton of knowledge here.
K1000 KKE's: https://support.software.dell.com/k1000-systems-management-appliance/kb?k=KKE
I also have ~350 machines in my environment.
See section 9 of this post for full details of my setup:
http://www.itninja.com/blog/view/k1000-patching-setup-tips-things-i-have-learned-ldap-smart-labels-sql-reports
In short, I patch all client machines twice a week (once for OS, once for Applications). Corp office & branch site workstations are done at night, laptops and remote workstations are done during the day. I prompt to reboot with an hour delay to force rebooting on most machines, snooze reprompts after two hours. For sensitive users, I turn off the reboot action (using a separate label and Deploy patch schedule for these), but these are few and far between. With this setup, I've had no pushback (and yes, I got quite a bit until I worked out this schedule). Servers and control PCs are a mix, with some being scheduled and some deployed manually.
John
