How do you make sure that your patches are tested before being widely deployed?
According to the documentation that comes with the KBox: "For a thorough test, devices should function normally for at least a week after being patched. If no problems are reported after a week, the patch can be deployed to the remaining devices on the network."
(Found here on the Kbox: /locale/en_US.UTF-8/doc/wwhelp/wwhimpl/common/html/frameset.htm?context=Admin&file=c_BestPracticesForPatching.html&single=true )
Has anyone figured out how to automate this? Is there a way to only deploy patches that you are sure have been deployed to a set of pilot systems for at least seven days?
I know how to label patches automatically by how old they are, but I can't figure out how to label them based on when the earliest they were installed.
Any and all suggestions are appreciated.
Please log in to answer
Posted by: kelleyplumos 3 years ago
I have a pilot group ( manual label ) of around 40 computers from various departments. They are aware of the fact they are my patching guinea pigs.
I deploy patches to them twice a month, starting with the Thursday after Patch Tuesday.
They run for a week, and any problems get sent directly to me.
If, after a week, we've not seen anything in our testing or on the various sources I follow for patching issues I then deploy to the entire company.
Posted by: rockhead44 4 years ago
I have labels for the updates I am interested in when they have been released between 20-35 days. I target that label to several labs of computers I have. I then have labels for the same updates, once they are aged 35 days+. If we have no issues with the first set that was deployed I organically allow the patches to join the 35+ days label and deploy to other machines.