KACE Patching Detection
I have an odd question about the way KACE Detections work.
As an example, if on Monday I did a detect against a system for patches in the PatchesA tag, and then on Tuesday I did a detect against the same system for patches in the PatchesB tag, and then did a Deploy for patches in PatchesA and PatchesB, would it deploy the patches from both tags? or only the ones from the most recent detect?
Or another example, if i did the detect for PatchesA on Monday and then Tuesday did a Detect and Deploy to detect PatchesB and Deploy PatchesA & PatchesB. would it deploy the patches from both tags or just the ones from PatchesB.
Answers (1)
really depends on your settings.
Any detect writes its results in the database (which patches are patched and which not)
If your deploy contains all the patches in the database it patches all. If it only contains a part then only the parts are patched.
As an example:
On Monday you detect for Patches A which contain _ALL_ patches from Microsoft.
On Tuesday you detect for Patches B which contain _ALL_ patches from Adobe.
Then it will deploy, if your labels contain ALL patches from Microsoft and Adobe together.
If you only run a Detect AND Deploy on Patches B then the neededs Microsoft patches will not deployed.
Comments:
-
Both patch tags contain Microsoft Patches. Patches A is essentially a "general release" tag for stuff that has been out for x days, and Patches B is a tag for CVE patches that need to go out regardless of how long they have been out.
The reason im asking is because im looking at some systems that didnt install the July Cumulative Patch (Which is in Patches A), but did install the July OOB PrintNightmare patch (which is in Patches B)
There is a weekly detect job that detects all patches on Sundays, and then once a month on Tuesday it does a Detect and Deploy where it Detects the CVE patches (PatchesB), and Deploys General Release and CVE Patches (Patches A+B) - cgrasty 2 years ago
