Hi Everyone,

So we are starting to use the K1000 to patch our servers. Initially we just want to apply critical OS patches.

My problem is that OS as a category is not granular enough and includes SQL, Exchange, Office, Sharepoint. (Found this out during our TEST environment patching)


So I have tried two ways to try to exclude those patches:

1. Smart label for those apps I want to exclude, then the last line, for patch label names not equal to BLOCKED. 
2. Static label for those apps I want to exclude, then the same last line (in case of some weird smart label issue).

Then I load the Critical_OS_Servers patch label and search the the patches to find it does not exclude those. They still show in the list and I do not want to arbitrarily patch my live Exchange against our BES without some more planning.

Any tips to get this working properly? Thanks in advance.

EDIT: Thanks, I  spoke to support and found simple labels are far better to narrow down what I want.

For those interested, we are trying to do security patches for OS.
Label is:
Publisher = Microsoft
Severity is Critical
Operating System is Win 2K8.R2
Name contains Windows Server

Doing one for each OS and applying to patch schedules as needed.
0 Comments   [ + ] Show Comments


Please log in to comment


Besides trying to build a better patch label I don't think there's too much you can do. I manually update servers that are business critical (Exchange, SQL, RDS, etc...) and use KACE for the rest.
Answered 06/26/2015 by: h2opolo25
Red Belt

Please log in to comment
Answer this question or Comment on this question for clarity