Patching - Persistent Issues. Would Love Advice
Been trying to get KACE patching optimized and I just seem to be running into constant issues and would love some advice from others on any kind of best practices and/or if anyone can comment on the questions below.
1. Reboots during patching. Why does this seem so excessive? Our patch schedules are setup for Detect/Deploy since we want to try and get everything patches but it just seems like the amount of reboots necessary is exorbitant. As an example, I had a test laptop with me today that was going to have 10 patches pushed to it. I was forced to reboot three times to cover the ten patches and that was with two errors (patches that failed to install as well). I don't remember WSUS ever needing this many patches
2. Why do .NET Framework patches never seem to install correctly? We push security patches for .NET Framework but always seem to end up with install errors on each machine during the patching cycle. Is this common with .NET Framework?
We're a Windows 7 shop, about 750 hosts. I currently have three patch labels configured; OS/Security Critical, OS/Security Recommended, and Non-Security Recommended. These are used in my Detect and Deploy; we detect on those three labels and deploy on those three labels.
Really would appreciate any advice on a better setup. We're mostly interested in security patches and the windows malicious software removal tool.
Thank you all!
There are no answers at this time