9 Replies Latest reply on Dec 16, 2008 12:41 PM by Steven Schindler

    Building approved patch lists for Windows Server groups

      I am not sure how to go about doing this. We are a new BL shop and used to use Shavlik HFNetChkPro for patching all of our Windows Servers. Here's how I used to go about patching:


      Some of the bigger app vendors we have would give us lists of approved patches every few months. I would simply take the list and open a "Patch Group" I had created in Shavlik and check off each of the newly approved patches. I would then scan the "Machine Group" of all servers associated with that app against the list the "Patch Group" I had just updated. I could then select an option to deploy those missing patches. In Shavlik, I didn't have to worry about OS and split it up that way either but now it seems I do which will add even more complexity.


      I have seen a few ways I may be able to do the same thing in BL but some seem like they'd take way too much time to set up to be worth it. I'm looking for a best practice for this.


      I have the Best Practices for Security and Patch Management v1 PDF and it shows how to use Component Templates to create Patch Policies but I'm not sure if this is the same thing or if it will still be too difficult to manage that way.


      Another way that seems like it would be more straight forward and similar to what I did before was to use a text file specified in "Analyze only for patches specified in" when I create a Patch Analysis Job.


      Any advice would be appreciated. Thank you