/build/static/layout/Breadcrumb_cap_w.png

How to Patch newly deployed Computer

Hi All,

In our environment, we use MDT to deploy our Windows Devices. Our Task Sequence builds our the operating system by installing our base application and configure them according to our GPO policies. One issue got real time consuming is always updating application packages in the Task Sequence. For example, Firefox and Zoom loves to update their applications every 2 days (ridiculous) and to keep up with updating those packages is time I could use elsewhere for other projects/research. So below is an idea i came up with to patch new computers as they are deployed.

In my Task Sequence i have a the Kace agent installed on the machine. This generates a field in Kace called CREATED.

+8BVsiZXS11f4CpK2+Eu2Rs+YMWPWSqHn+l3GoQoAAADdgGsrAAAAAAAAAAAAYFvg2goAAAAAAAAAAADYFohWAAAAAAAAAAAAwLZAtAIAAAAAAAAAAAC2BaIVAAAAAAAAAAAAsC0QrQAAAAAAAAAAAIBtgWgFAAAAAAAAAAAAbAtEKwAAAAAAAAAAAGBbIFoBAAAAAAAAAAAA2wLRCgAAAAAAAAAAANgWiFYAAAAAAAAAAADAtkC0AgAAAAAAAAAAALbFrr29vampydXVlZ4BAAAAAAAAAAAAMKjg2goAAAAAAAAAAADYFohWAAAAAAAAAAAAwLZAtAIAAAAAAAAAAAC2hCD+f2+PYP1G21tdAAAAAElFTkSuQmCC

I decided to build a Smart Label Query that is based on this field. 

Label Creation:

  • Inventory | Devices | Smart Label 
  • In Search Field, leave blank
  • Choose Label - Name your Label. Mine was "Computers created in Last 24hrs"
  • Go to Home | Label Management | Smart Label - Find the label you created
  • Edit SQL and enter the query below which returns devices that were created within the last 24hrs.


Query:

SELECT NOW() AS 'Current Time',

        TIMESTAMP(DATE(NOW()) - 1, TIME(NOW())) AS 'Yesterdays Time',

        m.*,

        C.CLIENT_CONNECTED, UNIX_TIMESTAMP(now()) - UNIX_TIMESTAMP(LAST_SYNC) as LAST_SYNC_TIME,

        UNIX_TIMESTAMP(LAST_SYNC) as LAST_SYNC_SECONDS

FROM ORG1.MACHINE m

LEFT JOIN KBSYS.KUID_ORGANIZATION O ON O.KUID = m.KUID

LEFT JOIN KBSYS.SMMP_CONNECTION C ON C.KUID = m.KUID AND O.ORGANIZATION_ID = 1

WHERE m.CREATED BETWEEN TIMESTAMP(DATE(NOW()) - 1, TIME(NOW())) AND NOW()


Patching:

  • Go to Security | Patch Management | Schedules
  • Create a schedule that Detect and Deploys patches to the smart label created earlier (the settings below are catered to my environment. Change to your environment)

wE6tqbW1vYvZAAAAAAElFTkSuQmCC



23lYnBwc4wAEOcIADHKivA0LOOiyHDpujkPMwXt6NAAIIIIDAOQkIOYWcOjc4wAEOcIADHOAABxIOCDnPuSypxrGEnNWok1EigAACCNSTwP8d1iTu5M2oOwAAAABJRU5ErkJggg==


Force a reboot if you want

+Cwb8zSKahJgECBAgQIECAAAECBAgQIECAAIFiBYTKydAIUv9dkMr6wzqZhpoECBAgQIAAAQIECBAgQIAAAQIEihUQKhc7NDpGgAABAgQIECBAgAABAgQIECBAgACB8gSEyuWNiR4RIECAAAECBAgQIECAAAECBAgQIECgWAGhcrFDo2MECBAgQIAAAQIECBAgQIAAAQIECBAoT0CoXN6Y6BEBAgQIECBAgAABAgQIECBAgAABAgSKFRAqFzs0OkaAAAECBAgQIECAAAECBAgQIECAAIHyBITK5Y2JHhEgQIAAAQIECBAgQIAAAQIECBAgQKBYAaFysUOjYwQIECBAgAABAgQIECBAgAABAgQIEChPQKhc3pjoEQECBAgQIECAAAECBAgQIECAAAECBIoVECoXOzQ6RoAAAQIECBAgQIAAAQIECBAgQIAAgfIEhMrljYkeESBAgAABAgQIECBAgAABAgQIECBAoFgBoXKxQ6NjBAgQIECAAAECBAgQIECAAAECBAgQKE9AqFzemOgRAQIECBAgQIAAAQIECBAgQIAAAQIEihUQKhc7NDpGgAABAgQIECBAgAABAgQIECBAgACB8gSEyuWNiR4RIECAAAECBAgQIECAAAECBAgQIECgWAGhcrFDo2MECBAgQIAAAQIECBAgQIAAAQIECBAoT0CoXN6Y6BEBAgQIECBAgAABAgQIECBAgAABAgSKFRAqFzs0OkaAAAECBAgQIECAAAECBAgQIECAAIHyBITK5Y2JHhEgQIAAAQIECBAgQIAAAQIECBAgQKBYAaFysUOjYwQIECBAgAABAgQIECBAgAABAgQIEChPQKhc3pjoEQECBAgQIECAAAECBAgQIECAAAECBIoVECoXOzQ6RoAAAQIECBAgQIAAAQIECBAgQIAAgfIEhMrljYkeESBAgAABAgQIECBAgAABAgQIECBAoFgBoXKxQ6NjBAgQIECAAAECBAgQIECAAAECBAgQKE9AqFzemOgRAQIECBAgQIAAAQIECBAgQIAAAQIEihUQKhc7NDpGgAABAgQIECBAgAABAgQIECBAgACB8gSEyuWNiR4RIECAAAECBAgQIECAAAECBAgQIECgWAGhcrFDo2MECBAgQIAAAQIECBAgQIAAAQIECBAoT0CoXN6Y6BEBAgQIECBAgAABAgQIECBAgAABAgSKFRAqFzs0OkaAAAECBAgQIECAAAECBAgQIECAAIHyBITK5Y2JHhEgQIAAAQIECBAgQIAAAQIECBAgQKBYAaFysUOjYwQIECBAgAABAgQIECBAgAABAgQIEChPQKhc3pjoEQECBAgQIECAAAECBAgQIECAAAECBIoVECoXOzQ6RoAAAQIECBAgQIAAAQIECBAgQIAAgfIEhMrljYkeESBAgAABAgQIECBAgAABAgQIECBAoFgBoXKxQ6NjBAgQIECAAAECBAgQIECAAAECBAgQKE9AqFzemOgRAQIECBAgQIAAAQIECBAgQIAAAQIEihUQKhc7NDpGgAABAgQIECBAgAABAgQIECBAgACB8gSEyuWNiR4RIECAAAECBAgQIECAAAECBAgQIECgWAGhcrFDo2MECBAgQIAAAQIECBAgQIAAAQIECBAoT0CoXN6Y6BEBAgQIECBAgAABAgQIECBAgAABAgSKFRAqFzs0OkaAAAECBAgQIECAAAECBAgQIECAAIHyBITK5Y2JHhEgQIAAAQIECBAgQIAAAQIECBAgQKBYAaFysUOjYwQIECBAgAABAgQIECBAgAABAgQIEChPQKhc3pjoEQECBAgQIECAAAECBAgQIECAAAECBIoVECoXOzQ6RoAAAQIECBAgQIAAAQIECBAgQIAAgfIEhMrljYkeESBAgAABAgQIECBAgAABAgQIECBAoFgBoXKxQ6NjBAgQIECAAAECBAgQIECAAAECBAgQKE9AqFzemOgRAQIECBAgQIAAAT2rVuQAAAF4SURBVAIECBAgQIAAAQIEihUQKhc7NDpGgAABAgQIECBAgAABAgQIECBAgACB8gSEyuWNiR4RIECAAAECBAgQIECAAAECBAgQIECgWAGhcrFDo2MECBAgQIAAAQIECBAgQIAAAQIECBAoT0CoXN6Y6BEBAgQIECBAgAABAgQIECBAgAABAgSKFRAqFzs0OkaAAAECBAgQIECAAAECBAgQIECAAIHyBITK5Y2JHhEgQIAAAQIECBAgQIAAAQIECBAgQKBYAaFysUOjYwQIECBAgAABAgQIECBAgAABAgQIEChPQKhc3pjoEQECBAgQIECAAAECBAgQIECAAAECBIoVECoXOzQ6RoAAAQIECBAgQIAAAQIECBAgQIAAgfIEhMrljYkeESBAgAABAgQIECBAgAABAgQIECBAoFgBoXKxQ6NjBAgQIECAAAECBAgQIECAAAECBAgQKE9AqFzemOgRAQIECBAgQIAAAQIECBAgQIAAAQIEihX4P1bkI+zqL+FPAAAAAElFTkSuQmCC


For the schedule, I wanted machines to be patched as soon as possible before it is sent to an employee. This means I needed the schedule to run as quickly as possible so it is configured to run every 30min. (do wish there's a way to trigger the runkbot.exe to force this schedule on-demand)

Custom Schedule

*/30 * * * 1-5 - Runs every 30mins between Sunday - Friday. (Would like to fine tune this to only run during work hours like 6am-6pm. If anyone can provide that schedule i'd appreciate it)

5WlQKVVvIsgAAAABJRU5ErkJggg==


Save and then test.

If you have a machine that was imaged/created within 24hrs force an inventory so the machine falls into the smart label then it should trigger this Patch schedule.



Comments

  • Hi kayroccs,

    many thanks to your contribution - very helpfull for all who do not use SDA. If you are using KACE SDA you can use the breadcrum files to create a smart label.

    Screenshot: https://timokirch.de/downloads/Screenshot%202021-01-04%20at%2012.09.53.png

    Kind Regards - Timokirch 8 months ago
    • Hi Timokirch,

      Thanks a lot. I didn't realize this was available. I guess I'm accustomed to old habits of when you first learn a method you stick to it. - kayroccs 8 months ago
This post is locked

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ