KACE Product Support Question

OS Patch Detect Scanning - Active, Inactive, or both?

11/25/2019 165 views

For OS patches, detect only scanning, patch labels, what are you guys doing? 

1. ALL PATCHES (I know this includes app patches)

2. Active Patches Only

3. Active and Inactive patches

4. Other

The question relates to reporting. Do you guys want to know exactly how many OS patches are installed / missing that are both active and inactive? Or just know what OS active patches are installed / missing? What I think I want to see is an exact number of how many OS patches are installed and missing. Is there a down side to this, does it not make sense, and how should I detect to achieve this? Or, what are you doing to get a accurate installed / Missing patch count report?   

0 Comments   [ + ] Show comments


All Answers


I have one detect only once a day.

Then I have two types of deploy jobs:
1. over all patches - for all machines which are "long enough in the env", also daily (small env and some machines are really unregulary online, so I try to catch them with that)
2. detect + deploy for all machines which are freshly deployed, running all 4hr (to catch up with all patches)

I use only active patches ;)

I have two reports (weekly sent)
1. shows all patched systems and the percentage of how many patches are patched
2. failed patches

If you ask for "best patching strategy" you will geht millions of correct answers, since every env has its own needs.

Answered 11/26/2019 by: Nico_K
Red Belt

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login