Smart Patch Label Best Practices after v10 SMA upgrade
Hello there,
I performed an upgrade to v10.0.290 on my KACE SMA last week and noticed that most of the smart patch labels that I made have been modified\converted to a new format. I read through this article to understand the changes in v10 - https://support.quest.com/kb/264454/deprecated-patching-items-in-the-10-0-release
The biggest change that I noticed is a new query called "Classification" in the smart label wizard. Previously, I was using the query "Type" to sort between Security, Non-Security, and Software Installer patches. All patch labels have had this Type query converted over to Classification and this is where my question lies: What is the best way to use this new query? I relied heavily on using Type and now that there are so many options under Classification, I am afraid that I am going to exclude important patches from the label if I do not use the Classification query properly. An example of my previous smart patch labels that worked very well:
| Patch Label Name | Operating System | Category | Type | Impact | Status |
| SPL - Win10-OS-Sec-Crit | Win 10 | OS | Security | Critical | Active |
| SPL - Win10-OS-NonSec-Crit | Win 10 | OS | Non-Security | Critical | Active |
| SPL - Win10-OS-SoftInstall-Crit | Win 10 | OS | Software Installer | Critical | Active |
| SPL - Win10-OS-Sec-Recc | Win 10 | OS | Security | Reccommended | Active |
| SPL - Win10-OS-NonSec-Recc | Win 10 | OS | Non-Security | Reccommended | Active |
| SPL - Win10-OS-SoftInstall-Recc | Win 10 | OS | Software Installer | Reccommended | Active |
| SPL - Win10-App-Sec-Crit | Win 10 | Application | Security | Critical | Active |
| SPL - Win10-App-NonSec-Crit | Win 10 | Application | Non-Security | Critical | Active |
| SPL - Win10-App-SoftInstall-Crit | Win 10 | Application | Software Installer | Critical | Active |
| SPL - Win10-App-Sec-Recc | Win 10 | Application | Security | Reccommended | Active |
| SPL - Win10-App-NonSec-Recc | Win 10 | Application | Non-Security | Reccommended | Active |
| SPL - Win10-App-SoftInstall-Recc | Win 10 | Application | Software Installer | Reccommended | Active |
Each of the query types were put into their own group and bound together with AND operands. This seemed to work well, not many patches were 'missed' from this query. I could easily remove one of these labels from a patch schedule if I found it was redundant or contained too many patches for the SMA to push out at once. I want to include every patch that is detected as missing on my patch schedules through the use of smart patch labels without overloading the SMA with a giant amount of patches\too many machines to push to.
Curious to hear how others are handling this change.
Thanks, Alex
Answers (0)
Be the first to answer this question
Are you using one patch label for detects and a different one for deployments?
That sounds very odd... Any particular reason?
Normally, your Patch Smart Label will be the same one for detects and deploys. - Channeler 5 years ago
See:
https://support.microsoft.com/en-us/help/824684/description-of-the-standard-terminology-that-is-used-to-describe-micro
I'm guessing KACE wants to be aligned with the Vendor and also getting ready to provide more type of security patches.
This of course is madness for any existing Patching labels... and I would really recommend you to access that microsoft URL , and decide with your team how to assemble your patches.
Also you could have (like me), three labels for Detects and Deploy, I could have just one, but I prefer them like this for organization purposes, and all three are attached to a single detect and deploy job. - Channeler 5 years ago