>>>How often do i need to update (manually download) the shavlik patch metadata?
Shavlik metadata gets updated about once/twice per week, but major MS security updates are released on average 8-10 hours after MS has released them (patch Tue). Run through this process per your standards. If you only patch on patch Tuesdays, then run this late Tuesday / early Wednesday, when Shavlik has released the updated XML. I'd also recommend to signup for Shavlik XML notifications to know when they release updates and what updates. See this KB for this and additional info:
KA312026 - FAQ: BBSA Windows Patch Analysis, Deployment, Troubleshooting
Few notes to make the process easier and less problematic in the future:
a) Download metadata and payload via offline downloader utility
- Stick to XML files not CAB files. If the downloader only downloads CABs, that's fine just extract the XML from within.
b) add the patch metadata to the depot.
- For the first time - Yes. For the ongoing times, right-click on the metadata File Object in Depot / 'replace contents' and point to the new metadata file.
This way you do not have to modify the Catalog to point to the new metadata file every time you have updated metadata.
c) Create a windows patch catalog and point to the patch metadata added to the depot. Also point to the offline payload location.
- See note in step b.
d) Run patch analysis job on servers
e) Run remediation patch deploy job for servers
Thanks all for the helpful replies