Systems Management Question
K1000 Windows OS Patching Labels
11/22/2016 4940 views
I currently have a Detect All schedule running against my MS machines. However, what I want to do to deploy OS specific patches. How do I create a Label that is OS specific?
The reasoning behind it that I some servers run MS SQL, Exchange, SCCM and other MS products, and clients will have MS Office. We have to get approval from our CAB to push OS patches and application patches, but I am finding it difficult to design a label that filters out OS specific patches.
Please help. Thank you.
Answer Chosen by the Author
Please log in to answer
I'll expand upon this further using my philosophy if you haven't yet resolved your problem.
You will need to create a patch catalog smart label for the systems you want to patch, and a devices smart label to narrow down target devices. Mine is setup using the following criterion:
patch catalog smart label (based on what I use):
OS is (my specific OS, in my case win 2k8 r2)
Category is (OS)
Publisher is (Microsoft Corp)
Type is (security)
Missing is (true)
Superseded is (no)
Name does not contain (service pack) - to prevent accidental SP distribution without being monitored.
Support Rollback is (true) - If something goes awry, the installed patches can be rolled back.
**note that this smart label intentionally prohibits the installation of certain types of patches, including some security patches, service packs, and recommended patches. I address the gaps in my patch management by defining them in separate catalog labels that are more closely monitored vs unattended patch distribution.
device smart label could be:
Name = Microsoft Windows Server 2008 R2 Standard x64
Software Titles does not contain (insert your specific title needs, 1 per line)
Once you have the smart labels tailored to your needs, create a patch schedule and only deploy the patches using the patch catalog smart label you create and only to the assigned device smart label you create.
Answered 11/30/2016 by: rrjustin
Community Chosen Answer
Please log in to answer
Exactly like nshah stated - Create a Smart Label and use both OS and Category to narrow your choices. We use OS of "Windows" and Category of "OS".
Check out Kace master John Verbosk article "K1000 Patching - Setup, Tips & Things I Have Learned (LDAP, Smart Labels, SQL Reports) This was the cornerstone to our success with Kace Patching.
Answered 11/22/2016 by: Bob Vila