Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Endpoint Management Community Blog

Releasing version 0.6.6 of the patch automation 7.1 SP2 toolkit

Created: 17 Dec 2012
Ludovic Ferre's picture
0 0 Votes
Login to vote

I completed some refactoring and aggregated the 2 related Patch Automation projects [1][2] in the last week and so I can call the 2 programs a toolkit :D.

Some features from the changes are only code related (sharing code between the projects) but there's a major addition to both project: custom patch exclusion.

This is implemented via the database, and it leaves plenty of room for you to choose which bulletins are excluded. The code is written to exclude bulletin by name, from the content of a table or view named "PatchAutomation_Excluded".

And here is a sample implementation, that will prevent duplicate entries in the table and will give some added information (a timestamp when a new exclusion is added):

if exists (select name from sys.objects where type = 'U' and name = 'PatchAutomation_Excluded')
	drop table PatchAutomation_Excluded

create table PatchAutomation_Excluded (
	_id int identity,
	Bulletin nvarchar(255) not null,
	CreateDate datetime default getdate()
	CONSTRAINT pk_PatchAutomation_Excluded PRIMARY KEY (Bulletin)
)

And here are a few SQL queries to add the exclusions for 4 random bulletins:

insert PatchAutomation_Excluded (bulletin) values('MS12-008')
insert PatchAutomation_Excluded (bulletin) values('MS12-058')
insert PatchAutomation_Excluded (bulletin) values('MS12-024')
insert PatchAutomation_Excluded (bulletin) values('MS12-027')

So now you can even better control which bulletins will be deployed based on release date, severity and your very own exclusion table!

[1] Zero Day Patch tool

[2] Patch Automation tool