/build/static/layout/Breadcrumb_cap_w.png

We sometimes do NOT want to send a patch to individual machines. But to other machines we do.

Hello @ all,


We sometimes do NOT want to send a patch to individual machines. But to other machines we do.


Scenario: Department XYZ cannot patch an application on a machine for two consecutive months because dependencies have not been tested yet. But all other machines should get the patch regularly.

The machines are all grouped by smart label based on the system name and the patches are always set to "install all". 

So how do I exclude a patch for exactly this one machine?


Asked 1 year ago 0 views
0 Comments   [ + ] Show comments

Answers (4)

Posted by: Nico_K 1 year ago
Red Belt
0

Endorsed by Nick The Ninja

create patch labels for the patches in question and link them to systems which don't want the patches in individual schedules

Posted by: Photographix 1 year ago
Yellow Belt
0

Thanks for the reply - but I have only found one way to assign patches with label to a machine to install. I am looking for a way where a patch is NOT installed on the machine. 

Maybe I'll make this a little more concrete:


VM1, VM2 and VM3 each need a different number of patches (6-20 pcs).

But all of them need an update for application XYZ.

I now want this update of application XYZ NOT to run on VM2 for the next two months.


For the other two VM1 and VM3 I want to install all necessary patches  (6-20 pcs) also for application XYZ.


Posted by: Hobbsy 1 year ago
Red Belt
0

So when we build patching routines for customers, yes the majority of devices that are targets are in smart labels, however we create an exception MANUAL label and when we build the smart labels we always include "where label name does not include M_Exception label", this means that we can exempt any machine from any patch schedule by simply adding that machine to the Exception label. Does that help?

Comments:
  • that is genious. totally out of the box thinking. Which is a requirement with kace. - barchetta 1 year ago
Posted by: Photographix 1 year ago
Yellow Belt
0

Actually, that doesn't really help me. I already know how to remove the machine from patching.

I wanted to know if there is a way to deny a patch for only one machine. (Yes / No)


Apparently there is not the possibility and I have to build a workaround (as already suggested).

So the answer I would have expected would have been "No, unfortunately that's not possible" ;-)

Comments:
  • No there is not ;o) - Hobbsy 1 year ago
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ