OS Patch Detect Scanning - Active, Inactive, or both?

For OS patches, detect only scanning, patch labels, what are you guys doing? 

1. ALL PATCHES (I know this includes app patches)

2. Active Patches Only

3. Active and Inactive patches

4. Other

The question relates to reporting. Do you guys want to know exactly how many OS patches are installed / missing that are both active and inactive? Or just know what OS active patches are installed / missing? What I think I want to see is an exact number of how many OS patches are installed and missing. Is there a down side to this, does it not make sense, and how should I detect to achieve this? Or, what are you doing to get a accurate installed / Missing patch count report?   

0 Comments   [ + ] Show comments

Answers (1)

Posted by: Nico_K 2 years ago
Red Belt

I have one detect only once a day.

Then I have two types of deploy jobs:
1. over all patches - for all machines which are "long enough in the env", also daily (small env and some machines are really unregulary online, so I try to catch them with that)
2. detect + deploy for all machines which are freshly deployed, running all 4hr (to catch up with all patches)

I use only active patches ;)

I have two reports (weekly sent)
1. shows all patched systems and the percentage of how many patches are patched
2. failed patches

If you ask for "best patching strategy" you will geht millions of correct answers, since every env has its own needs.

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login


This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ