/bundles/itninjaweb/img/Breadcrumb_cap_w.png

We deploy PCs using Microsoft Deployment Toolkit (MDT), one of the last tasks we would like the task sequence to do is Windows patching. I know that a script can be run via command line, runkbot.exe 123 0.

Is there any way to get a client to kick off a patching schedule, i.e., 'Post Build Detect and Deploy'?

Or, does anyone have a creative solution for kicking off patching immediately on newly built PCs? Please confine answers to MDT built devices, we do not have, do not plan to have the K2000.

Thank you!
2 Comments   [ - ] Hide Comments

Comments

  • We do not use a script to do this, but we do use a detect & deploy patch schedule to handle this, in our environment.

    We use a smart label that identifies machines that have had an OS deployed to it within the last 4 hours (we didn't use the wizard to create this label, but use SQL for it). Because our inventorying runs once an hour, we set this label to OS's deployed in the last 4 hours, in case the machine takes a bit to inventory for the first time.

    We have the patch schedule to detect all patches and to deploy all patches. This patch schedule is set to run once every hour, do forced reboots, and run on next connection if the agent is offline.
  • I've got two methods setup. All of our new desktop and laptop computers initially go into the same OU, then after they're ready to go on a user's desk we move them to the appropriate OU depending on which office they'll be managed by. During the initial install of KACE, the support person had us install a Custom Field piece of software "Active Directory Distinguished Name (CIF)". The custom inventory rule is a 1-liner
    RegistryValueReturn(HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine, Distinguished-Name, TEXT)
    We then have a Smart Label called "Computers in KACE OU", which has
    "Active Directory Distinguished Name (CIF)" "ends with" "OU=KACE,DC=Company,DC=Local"
    Then we have a patch Detect and Deploy which runs every 4 hours on the computers with the Smart Label. This allows us to deploy new computers deployed using the K2000 and get them updated fairly quickly, but doesn't affect computers installed manually or added to a different OU (servers and VMs primarliy).

    I also have a Smart Label "Computers Added in Last Day", which is set to
    "Created" "is within last" "24 hours"
    You could use that Smart Label with a patch detect and deploy, but it would affect ALL computers added to KACE, which we don't want to do.
    • good good, that is what I call using the KACE features in harmony!

      -Patch Schedules
      -Custom Inventory Rules
      -Device Smart Labels
      -LDAP (to query the Active Directory for info.)
Please log in to comment

There are no answers at this time
Answer this question or Comment on this question for clarity

Answers

Share