I have k1000 security patching for namely microsoft product (to replace wsus), i was wondering if any of you have a suggestion which patching option for the smartlabel is better?

i have currently set up 4 seperate patching for our environment, but i'm still not very happy about it.

i have currently set up 4 patching with smartlabel

1/ the first one is namely for operating system critical patch

 vendor = microsoft, patch type = os, operating system = windows 7, impact = critical

2/ second one is namely for recommanded operating system patch

 vendor = microsoft, patch type = os, operating system = windows 7, impact = recom


3/ the third one is namely for application critical patch

 vendor = microsoft, patch type = application, operating system = windows 7, impact = critical

4/ the forth is namely for recommanded application patch

 vendor = microsoft, patch type = application, operating system = windows 7, impact = recom


the patching works fine at the moment, but from time to time the patching seems to have issue with the architecture, for example it was patching the the patch below on a x64 windows 7 and vice versa... which has cause me a lot of calls 

Microsoft Visual C++ 2008 SP1 Redistributable Package (x86) (Update) (See Notes)

- i also wonder what your group policy is about the windows update for the clients computer? and for the server?

any suggestion is welcome, thanks in advance


Answer Summary:
Title>does not match Regex>2008|2003|server|office|adobe
0 Comments   [ + ] Show Comments


Please log in to comment

Community Chosen Answer


I would use something like this.

        Title>does not match Regex>2008|2003|server|office|adobe


These links also are a good tool.

K1000 KKE's: https://support.software.dell.com/k1000-systems-management-appliance/kb?k=KKE

Answered 07/12/2012 by: dugullett
Red Belt

  • hey Thanks for your suggestion, Currently i m trying several option for this

    as you can see the regex become quite long after a while :s

    OS = Win 7
    Title does not match REGEX : server|office|sharepoint|visual|word|excel|powerpoint
    Vendor contains microsoft
    architecture = x86

    What do you think? as its primary use for windows 7 update (criticial and recommend)
    • I wouldn't think you need "architecture = x86" the OS= should cover that. Just select your correct one from the drop down (if the OS is not in inventory it will not show). I would also include "impact=critical" and "status=active".

      You can also create compound labels.
      1. Create your first label with whatever requirements you need.
      2. Create a new label and include "Label Names = "

      This will give you more options. Then use this master label for your patch schedule.
  • Hey dugullett

    thanks for your advise, i have explicite to cover architecture as the last update round, the update has mess up quite a lot of our computer as it push x86 patches to x64 machine.

    I was wonder, if I want only windows critical patches (one for x86 and one for x64), what would be the best approach?

    to what i understand in the webex session, microsoft seems to have their own approach to define what application and os patch is.
  • You would create separate patch labels for both architectures. Then create machine labels for the same OS Architecture = x86. Then on your patch schedules select "Limit Run to Selected Machine Labels" and select your new machine label.

    Under the Detect section select your patch label that you created.

    Under the Deploy section select your patch label that you created.
    • hmmm.... ok now i have something like this

      i have create a pre-label to sort the architecture

      Vendor : Microsoft
      OS : Win 7
      Architecture : x 64

      after the pre-label i have thin out the patches
      label names : PPL - MS Win7 x64
      title does not match regex : office|sql server|word|excel|access|outlook|lync|visio|powerpoint|infopath|publisher|sharepoint|project|exchange|expression|browser choice|forefront|business|isa server|antigen|visual studio|interconnect|host integration|works
      title does not contain : c++

      somehow when i add c++ in the regex the whole search will stop so i have to put it seperate

      what do you think? i have test it on a few machine, somehow it still miss some patches .... few patches that has been identity as x86 architecture
Please log in to comment



Here is an article I wrote that talks about patching and how to use MatchesREGEX!


Answered 01/31/2013 by: c_brock
Third Degree Brown Belt

Please log in to comment
Answer this question or Comment on this question for clarity