How many different patch schedules do you have?
I've been using the KBox since before Dell acquired it from KACE, and I still hate still struggle with making the patching process efficient.
I'm curious how you setup your patch schedules. Do you have separate schedules for each OS / machine importance / patch importance? (If I setup something like that I would have 18 different patch schedules, just for our servers!)
Please share how you setup machine & patch labels and patch schedules for your Windows servers with the group so that we can all benefit from each other's experience.
Answer Chosen by the Author
We have several main schedules for workstations, server patching is handled by a separate group. All of our schedules include the OS and application patches that we push, we do not use separate schedules for software/critical/etc. Patch definitions are updated Tuesday night, this allows us to test on Wednesday and then deploy to production on Thursday. Occasionally we do setup a specific schedule that is more aggressive (can you say WannaCry?).
Patch Production - This is the default patching schedules for machines. Detection runs Thursday morning, patching runs Thursday night. Users can snooze the restart for an hour a few times before they are forced to restart. The schedules are both set to run on next connection of the computer is offline.
Test Patching - Runs on a smaller set of computers for testing purposes. Detect Wednesday morning, patching Wednesday night.
Lab Patching - Lab computers (higher ed environment) get patched every night with a detect and deploy schedule. This schedule does not run on next connection of the machines are offline, which is one of the reasons it runs every night. We originally did have this schedule run on next connection, but it interfered with teaching, so that changed.
No Patching - System critical machines (and some faculty that can't be told what to do) are in this schedule. We run a detect schedule once a month and inform users if they are out of date. Repeat offenders may be moved into an actual schedule.
We have one schedule setup for a specific department with special needs. It runs a detect and deploy cycle once a month.
Answered 05/15/2017 by: chucksteel
Please log in to comment
log in to commentPlease