/build/static/layout/Breadcrumb_cap_w.png

K1000 security patching / gpo

I have k1000 security patching for namely microsoft product (to replace wsus), i was wondering if any of you have a suggestion which patching option for the smartlabel is better?

i have currently set up 4 seperate patching for our environment, but i'm still not very happy about it.

i have currently set up 4 patching with smartlabel

1/ the first one is namely for operating system critical patch

 vendor = microsoft, patch type = os, operating system = windows 7, impact = critical

2/ second one is namely for recommanded operating system patch

 vendor = microsoft, patch type = os, operating system = windows 7, impact = recom

 

3/ the third one is namely for application critical patch

 vendor = microsoft, patch type = application, operating system = windows 7, impact = critical

4/ the forth is namely for recommanded application patch

 vendor = microsoft, patch type = application, operating system = windows 7, impact = recom

 

the patching works fine at the moment, but from time to time the patching seems to have issue with the architecture, for example it was patching the the patch below on a x64 windows 7 and vice versa... which has cause me a lot of calls 

Microsoft Visual C++ 2008 SP1 Redistributable Package (x86) (Update) (See Notes)

- i also wonder what your group policy is about the windows update for the clients computer? and for the server?

any suggestion is welcome, thanks in advance

 

Asked 11 years ago 3030 views
0 Comments   [ + ] Show comments

Answers (2)

Answer Summary:
Title>does not match Regex>2008|2003|server|office|adobe
Posted by: dugullett 11 years ago
Red Belt
3

I would use something like this.

        Title>does not match Regex>2008|2003|server|office|adobe

 

These links also are a good tool.

K1000 KKE's: https://support.software.dell.com/k1000-systems-management-appliance/kb?k=KKE

Comments:
  • hey Thanks for your suggestion, Currently i m trying several option for this

    as you can see the regex become quite long after a while :s

    OS = Win 7
    Title does not match REGEX : server|office|sharepoint|visual|word|excel|powerpoint
    Vendor contains microsoft
    architecture = x86

    What do you think? as its primary use for windows 7 update (criticial and recommend) - desty_aya 11 years ago
    • I wouldn't think you need "architecture = x86" the OS= should cover that. Just select your correct one from the drop down (if the OS is not in inventory it will not show). I would also include "impact=critical" and "status=active".

      You can also create compound labels.
      1. Create your first label with whatever requirements you need.
      2. Create a new label and include "Label Names = "

      This will give you more options. Then use this master label for your patch schedule. - dugullett 11 years ago
  • Hey dugullett

    thanks for your advise, i have explicite to cover architecture as the last update round, the update has mess up quite a lot of our computer as it push x86 patches to x64 machine.

    I was wonder, if I want only windows critical patches (one for x86 and one for x64), what would be the best approach?

    to what i understand in the webex session, microsoft seems to have their own approach to define what application and os patch is. - desty_aya 11 years ago
  • You would create separate patch labels for both architectures. Then create machine labels for the same OS Architecture = x86. Then on your patch schedules select "Limit Run to Selected Machine Labels" and select your new machine label.

    Under the Detect section select your patch label that you created.

    Under the Deploy section select your patch label that you created. - dugullett 11 years ago
    • hmmm.... ok now i have something like this

      i have create a pre-label to sort the architecture

      pre-label
      Vendor : Microsoft
      OS : Win 7
      Architecture : x 64

      after the pre-label i have thin out the patches
      label names : PPL - MS Win7 x64
      title does not match regex : office|sql server|word|excel|access|outlook|lync|visio|powerpoint|infopath|publisher|sharepoint|project|exchange|expression|browser choice|forefront|business|isa server|antigen|visual studio|interconnect|host integration|works
      title does not contain : c++

      somehow when i add c++ in the regex the whole search will stop so i have to put it seperate

      what do you think? i have test it on a few machine, somehow it still miss some patches .... few patches that has been identity as x86 architecture - desty_aya 11 years ago
Posted by: c_brock 11 years ago
Third Degree Brown Belt
1

Here is an article I wrote that talks about patching and how to use MatchesREGEX!

http://www.itninja.com/blog/view/matches-regex-101

Posted by:

desty_aya Senior Yellow Belt
Ninja since: 12 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:

KACE Product Support Questions
question

Related Questions

Link

Related Links

Post

Related Posts

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ