You want to patch them when a new KB is release? is that what you mean??
I want to know the filters which should be applied to a Patch Catalog Smart Group to pull the latest Windows Update Rollup's, so our servers can be patched with the required Hotfix Rollup, Cumulative updates and Windows Service Packs when they are released.
As Microsoft have stopped releasing Service Packs and seem to be leaning towards Hotfix Rollup's.
When you specify the Group Patch Analysis Option, it will automatically apply supersedence rules and only selects the latest patches to be installed. This includes recognition of roll-up patches, Cumulative Updates and Service Packs.
Thanks for the update Jim that makes sense, however I'm struggling with the condition which should be applied to the Patch Catalog Smart Group in order to select the Hotfix Rollup's, Cumulative updates or Windows Service Packs.
The filter I'm currently running names the individual KB's specifically e.g : Any Windows Bulletin Where ??KB_ARTICLE_URL*?? equals http://support.microsoft.com/kb/28*****
I assume there is a way of filtering for Hotfix Rollup's, Cumulative updates or Windows Service Packs using the conditions available in the smart groups?
1 of 1 people found this helpful
I suggest setting Group=>Security Patches and letting the detection logic bring your target to the most secure state based on the content of the Patch Catalog
Thanks Jim, your suggestion has helped us resolve the issue.
Jim Wilson, I have a question based off this topic. Does this discussion thread basically state that the only way to get a service pack is to make sure when you configure your job, that you select Group = Security Patches (Recommended)? I thought security patches and service packs are different? We're trying to find KB2687455 and it does not appear in the default Windows Catalog in Hotfixes or Bulletins.
To the best of my knowledge, Service Pack status is always detected unless you have selected "Exclude Service Packs".
Service Packs do not explicitly appear in the Patch Catalog. The analysis for Service Packs is based on the Dynamic Product Detection phase that identifies the supported products (and service packs) on the target at the start of the Patch Analysis.
If you have the latest Windows Patching- product_categories.xml version 1.6 which contains a number of Office Product updates, you should see Office 2010 SP2 identified as missing in Patch Analysis results of a target which has Office 2010 <SP2 (unless you have selected Exclude Service Packs")
So, even if I update to the latest .xml file (1.6), and filter on a particular service pack, it still will not show up? It will only show up if I actually do the Analysis?
Thanks for responding - you're awesome!!
You can't see them under Bulletins or HotFixes Smart Groups because those Smart Group only include Depot Object of Type 114 which is HOTFIX_WINDOWS_INSTALLABLE so they do not include Service Packs which are Depot Objects of Type 117 which is SERVICEPACK_WINDOWS_INSTALLABLE
You can see the Service Pack if you create a Smart Group:
To see all Service Packs:
Any HotFix Where ??HOTFIX_TYPE*?? equals Service Pack
To see the Office 2010 SP2 Service Pack (KB
Any HotFix Where ??SHAVLIK_FILENAME*?? contains kb2687455