K1000 Patching: Will detect schedule for "All Patches" override subsequent deploy scheduled with filtered criteria?
I’m in the process of setting up patching for MSSQL on approximately 80% of our servers through KACE, but I've hit a snag that I need help navigating.
Currently, we run one daily detect schedule and numerous deploy schedules, all configured to "All Patches." This setup complicates matters, as I want to add SQL updates to the software catalog. However, doing so would trigger automatic deployments to several high-touch, sensitive servers that require manual oversight during patching.
My proposed solution is to create a smart label for patch criteria, scoped to OS Category updates. These updates would need to be Active, Not superseded, and Not released within the last 3 days. I plan to apply this smart label retroactively to all existing patch deploy schedules, effectively narrowing their scope to OS security updates. Meanwhile, the detect schedule would remain set to "all patches."
However, I'm unsure about the behavior of the deploy schedule in this context, as I vaguely remember once seeing a deploy schedule's criteria being ignored due to a previous detect schedule being set to all patches.
So, here's my question:- If a detect schedule runs and identifies both OS and application updates, and two days later, a deploy schedule (scoped to only OS updates) runs, will it strictly deploy the OS updates? Or is there a risk that both OS and application updates might be deployed?
All the detect all will do is identify patches that are missing from the targeted endpoints. You will need to deploy a patch marked as missing for it to be installed by a deploy schedule.
So in short No, the patch will be marked as missing , but unless you deploy the missing patch it will never be installed.
Hmm, I'm still a bit unclear.
Can you help me by confirming the following scenario?
Detect Schedule runs on Windows Server system, scoped to "All Patches";
- Windows Server Cumulative Update is flagged as missing.
- .Net Framework Cumulative Update is flagged as missing
- Microsoft SQL Server Cumulative Update is flagged as missing.
2 Days later, a Deploy schedule runs scoped to ONLY OS Updates;
- Windows Server Cumulative Update is installed.
- .Net Framework Cumulative Update is installed (as it's technically an OS update).
- Microsoft SQL Server Cumulative Update is NOT installed as it's not an OS update.