Automating VS Manual patch install by schedule question/issue
Since i'm new to Desktop Central, I have been reading the documentation and watched a few videos. However I am still a little confused on how the automation of patches works.
Right now, i am in the process of cleaning up our environment of missed patches as well as going forward, installing patches on a time based schedule.
Currently, this is what I have done:
Created test deployment policy.
Set up Test & Approve
Group Name is set to my test group.
System Health Policy is set.
Here’s where I am running into confusion.
Under Patch Mgmt > Patches
Under Latest Patches, I have 269 listed.
Under Patch Mgmt > Deployment > Automate Patch Deployment
(I have a deployment called Jan Patch test)
Here, the deployment is only showing 45 patches to deploy. Yet I downloaded 269 patches released this month that still have not been pushed out. Out of these 45 patches, a few did not install, I will troubleshoot that issue in a bit.
So my question is, am I not setting this up correctly, to download the latest patches, push them all automatically to the test group based on the policy schedule?
After the patches are pushed to the test group, installed and tested, they should automatically get pushed to production, 5 days after approval. This will give us enough time to make sure nothing goes wrong with a patch.
I created a manual deployment called TEST, as I wanted to see the difference. It has all of the downloaded patches. Some approved, some not. Which is weird because i have the test and approve set. Nothings been manually approved.
Under schedule settings, I chose it to install after Wed. at 4pm. Set Expiry time and date of Feb 12th. Set the policy to the one I created above. Chose the test group of computers. So if i'm reading this right, the manual deploy lists all of the downloaded patches but the automatic deploy does not.
The goal of this, is to get on a regular schedule of patching each month. Once I have that, then i need to go back and deploy all the missing patches.
Coming from an SCCM environment, this is quite a bit different. There a good guide on downloading and auto deploying these patches?
Thanks
Right now, i am in the process of cleaning up our environment of missed patches as well as going forward, installing patches on a time based schedule.
Currently, this is what I have done:
Created test deployment policy.
- Set Mon- Fri each week, 6am to 5am
- Initiate deployment is set to Either
- WOL & Download Patches are checked.
- User notification is set up
- Reboot policy is set up.
Set up Test & Approve
Group Name is set to my test group.
- Policy is set to the above policy I created
- Notifications set
- Approved after 3 days of testing.
System Health Policy is set.
Here’s where I am running into confusion.
Under Patch Mgmt > Patches
Under Latest Patches, I have 269 listed.
- I have gone through and declined all server only patches as the server team patches their own equipment.
- I have declined the Creative updates for Windows 10.
- When declined, they were declined for the Test Group.
- I then selected all remaining patches and chose Download.
Under Patch Mgmt > Deployment > Automate Patch Deployment
(I have a deployment called Jan Patch test)
- Select Applications is set to which updates I want to push as well as deploy after 1 day from release.
- The policy is set to the one mentioned above.
- Target is set to my test group
- Notifications are set.
Here, the deployment is only showing 45 patches to deploy. Yet I downloaded 269 patches released this month that still have not been pushed out. Out of these 45 patches, a few did not install, I will troubleshoot that issue in a bit.
So my question is, am I not setting this up correctly, to download the latest patches, push them all automatically to the test group based on the policy schedule?
After the patches are pushed to the test group, installed and tested, they should automatically get pushed to production, 5 days after approval. This will give us enough time to make sure nothing goes wrong with a patch.
I created a manual deployment called TEST, as I wanted to see the difference. It has all of the downloaded patches. Some approved, some not. Which is weird because i have the test and approve set. Nothings been manually approved.
Under schedule settings, I chose it to install after Wed. at 4pm. Set Expiry time and date of Feb 12th. Set the policy to the one I created above. Chose the test group of computers. So if i'm reading this right, the manual deploy lists all of the downloaded patches but the automatic deploy does not.
The goal of this, is to get on a regular schedule of patching each month. Once I have that, then i need to go back and deploy all the missing patches.
Coming from an SCCM environment, this is quite a bit different. There a good guide on downloading and auto deploying these patches?
Thanks