Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Endpoint Management Community Blog

{CWoC} Patch Toolkit 0.7.0 is out now

Created: 18 Feb 2013
Ludovic Ferre's picture
+1 1 Vote
Login to vote

Based on demand I have updated both the PatchAutomation [1] and ZeroDayPatch [2]downloads with a few additional features that allow the user to better control which bulletins are handle and how to invoke the tools.

Here are the new feature command line details:

/config=<file path>
    Reads the file at the provided path and parses each line for com-
    -mand line options. Here is a sample config file content:

    This option allows the user to specify a custom stored procedure to
    be called during the execution. The stored procedure may be present
    on the database (if not the automate will return with no errors) and
    must contains the following columns that are used and needed:
      * _resourceguid [Software bulletin guid]
      * released [Software bulletin release date]
      * bulletin [Bulletin name]
      * severity [Bulletin Severity]
    You can also add a vendor column if you want to filter bulletins by
    vendor (see option /vendor)

/vendor=<vendor string>
    Configure a vendor filter to only return bulletins that match the
    vendor string from a custom procedure. This is because the vendor
    field doesn't exist in default Patch Procedures used by this tool.

    If /vendor is specified with a custom-sp that doesn't contain the
    vendor field the setting will be ignored (all bulletins will be
This allows us to have per-vendor policies, per release dates and per severity policies. Here is a set of sample configuration files that resolves the overlap problems highlighted in [3]:

Manage Microsoft critical updates released in 2012:


Manage Google critical updates released in 2012:

If you want to use the above with PatchAutomation.exe you will need to add the required target guids or use the /debug switch to avoid this check and add /dry-run to avoid messing up the environment.

[1] {CWoC} Patch Automation - With Full Test Life-cycle
[2]  Patch Automation Tool for PMS 7.1 SP2
[3] {CWoC} PatchAutomation Toolkit - Documentation and Guides