Specifying Patch Deployment
We're currently working on setting up a rolling patching schedule for when Microsoft release their new Windows updates.
This itself is fairly easy seeing as it's always the 2nd tuesday of every month. However in the patch-listings I can also see updates for other software such as Adobe Flash Player, Java and so on.
If I set patching to run every 2nd tuesday of the month I would leave all my machines with outdated flash players seeing as they sometimes update multiple times a month.
Is there any way to enable certain updates to deploy around the clock such as flash player, java and adobe reader so that whenever a machine with a outdated said program is detected that update is deployed through the patching and leave all the Microsoft Windows Updates for another schedule every 2nd tuesday of each month?
Answers (3)
(I'm assuming you're talking about the K1000, even though you didn't include that as a tag on your post.)
You can certainly have multiple patching schedules assigned to a machine. For instance, you could create a smart label for patches that includes the Adobe Flash Player updates and then have a patching schedule that just deploys those to all machines (or machines with a specific label). You could have another patch label for Microsoft and then another one for Mozilla, etc.
One thing you should keep in mind is that patches from Microsoft don't always appear immediately in the K1000. They are repackaged by Lumension for KACE first and that sometimes takes a couple of days, in my experience. So if your machines are set to patch on the 2nd Tuesday of the month you're not going to be gauranteed to get the patches from Microsoft released on that day.
A further complication is that KACE doesn't have a good facility to specify that you want to run patching on the second tuesday of the month. You have to choose a day of the month (first, second, tenth, etc.). There are some methods that use smart labels to accomplish "second tuesday" but they are rather complicated to get setup and I haven't seen reports of how well they work in the field.
The K1000 uses cron to schedule, and there isn't a way there to schedule every other Tuesday that I'm aware of.
http://unixhelp.ed.ac.uk/CGI/man-cgi?crontab+5
The K1000 supports custom schedules. Look for Patch Schedule>Run Custom and click the gold question mark box there to see what options and examples are available.
Comments:
-
Jason, you can use the step "/" indicator to do every other Tuesday, but what he's looking for, say the 3rd Tuesday of each month, cannot be done. r2
Ron Colson
KACE Koach - ronco 12 years ago