An item of feedback which I've been trying to push to PMs on Patch Management is the issue of vendor patches not always being patches. This can cause headaches when you find full product installs being pushed down as a patch.
To illustrate, let's take the classic and must loved Adobe Reader. Let's assume we have in our environment Adobe Reader 9.1.2 which we've released as a SWD package. We've crafted the transform to,
- Not put that useless shortcut on the desktop
- Not to update. Why put the lovely icon in the systray to update adobe reader when the user's are locked down and will only get errors...
- Remove Digital Editions.
Now enter Patch Management. It rightly sees an out-of-date Adobe Reader and thus schedules the following 'patches' to come down,
- APSB09-15 AdbeRdr920_en_US.exe
- APSB10-02 AdbeRdr930_en_US.exe
- APSB10-21 AdbeRdr940_en_US.exe
- APSB10-28 AdobeRdrUpd941_all_incr.msp
The top three, not being patches, just uninstall Adobe Reader and re-install the latest version as if installed directly from the web. The result is we've lost all our customisations the moment the first patch comes down.
I can live with the shortcut coming back, and even digital editions. But having user's being nagged about updates they can't install is a bit of a problem.
At the moment this problem is limited to Adobe Reader. As the vendor pool opens up though with Altiris Patch Management this will get worse.
Is this a problem for anyone else, or is it just me?