First Patch Cycle
Hoping Hightower jumps in...,
New 7.1 installation, Endpoints have the appropriate agents and plug-ins (3100 endpoints)
Endpoints are geographically dispersed across several states, I have Package servers at all the appropriate sites
We recently acquired several hundred (thousand) endpoints from a couple different acquisitions. The patching practices from these are all over the place. Some are well patched others are in the weeds. I need to do the first "true up" patch cycle. If I look at the compliance by bulletin for the last year I think its like 173 Bulletins for all the Windows OSs. The work flow will be for all the patches to be approved at HQ then have regional IT people test in the lab before releasing to the endpoints they support. I have already changed my default remediation setting to target the lab OUs. I was hoping to just grab all the updates in one lump this first time and get them bundled together for distribution. Apparently that isn't possible, A:) Altiris times out bundling the packages for distribution. B) I receive an error about not being able to mix OS families.
I am looking for ideas or recommendations of how to get through this first patch. I know I could go through and approve each bulletin one at a time, but then all 173 would need to be touched several times before they would actually be targeted at production. Ongoing I expect it to work just that way. Do I really need to do separate process for each OS type in the Org, That seems like a lot of duplication since mostly XP/2003 are the same and so on for Win7/2008 and the other classes. I am not completely opposed to doing one at a time but there must be a better way. I am sure I am missing some nuance and it's not that complicated.