/build/static/layout/Breadcrumb_cap_w.png

Specifying Patch Deployment

We're currently working on setting up a rolling patching schedule for when Microsoft release their new Windows updates.

This itself is fairly easy seeing as it's always the 2nd tuesday of every month. However in the patch-listings I can also see updates for other software such as Adobe Flash Player, Java and so on.

If I set patching to run every 2nd tuesday of the month I would leave all my machines with outdated flash players seeing as they sometimes update multiple times a month.

 

Is there any way to enable certain updates to deploy around the clock such as flash player, java and adobe reader so that whenever a machine with a outdated said program is detected that update is deployed through the patching and leave all the Microsoft Windows Updates for another schedule every 2nd tuesday of each month?


0 Comments   [ + ] Show comments

Answers (3)

Posted by: martynryan1 11 years ago
Orange Senior Belt
2

You could create a Patch Smart Label for Patches who's vendor is not 'Microsoft Corp.' and then have that one running on a different patch schedule to your one for Microsoft Patches

Posted by: chucksteel 11 years ago
Red Belt
2

(I'm assuming you're talking about the K1000, even though you didn't include that as a tag on your post.)

You can certainly have multiple patching schedules assigned to a machine. For instance, you could create a smart label for patches that includes the Adobe Flash Player updates and then have a patching schedule that just deploys those to all machines (or machines with a specific label). You could have another patch label for Microsoft and then another one for Mozilla, etc.

One thing you should keep in mind is that patches from Microsoft don't always appear immediately in the K1000. They are repackaged by Lumension for KACE first and that sometimes takes a couple of days, in my experience. So if your machines are set to patch on the 2nd Tuesday of the month you're not going to be gauranteed to get the patches from Microsoft released on that day.

A further complication is that KACE doesn't have a good facility to specify that you want to run patching on the second tuesday of the month. You have to choose a day of the month (first, second, tenth, etc.). There are some methods that use smart labels to accomplish "second tuesday" but they are rather complicated to get setup and I haven't seen reports of how well they work in the field.

Posted by: jknox 11 years ago
Red Belt
2

The K1000 uses cron to schedule, and there isn't a way there to schedule every other Tuesday that I'm aware of.

http://unixhelp.ed.ac.uk/CGI/man-cgi?crontab+5

The K1000 supports custom schedules.  Look for Patch Schedule>Run Custom and click the gold question mark box there to see what options and examples are available.


Comments:
  • Jason, you can use the step "/" indicator to do every other Tuesday, but what he's looking for, say the 3rd Tuesday of each month, cannot be done. r2

    Ron Colson
    KACE Koach - ronco 11 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ