Let users manually install patches or defer patches
Created: 28 Jun 2012 | Updated: 08 Jul 2012 | 6 comments
This issue has been solved. See solution.
Hello guys,
Is it possible to let user defer patch installations? Or let them manually install patches?
It is very important to us. Thanks for you help!
Discussion Filed Under:
Comments 6 Comments • Jump to latest comment
So I would create a custom patch agent policy that its set to install patches in 2032 our some year. Then create a software package as managed software delivery and assign it to users. The command line would execute aexpatchutil.exe /Xa /q which triggers the patch cycle. They could execute this task manually, or even a batch file/vbscript that launches that swd task.
Or you can instruct the users how to open the Agent and click the "start software update cycle"link on the patch mgmt tab.
Thanks,
Kyle
Symantec Trusted Advisor
For Forum threads, please click "Mark as Solution" if answered.
For all content, please give a thumbs up if you agree with or support the post.
MSchroeder.,
Please explain how to configure the other settings like the Default Software Update Plug-in Policy, Microsoft Vendor Policy, Maintenance Windows and Managed Delivery Settings.
I have tried all day long yesterday but I can't get it to work.
But thanks for the advice to use aexpatchutil.exe. This program is indeed what we are looking for. We are on the right track now!
Using Workflow you have an almost out of the box Patch Management self service.....
Please, can you clarify your answer a little more?
Do you want all machines to use this "manual patching" method, or only some of them? If all of them, then you can just change the Default Software Update Plugin Policy (Settings > Agents/Plugins > All Agents/Plugins > Software > Patch Management > Windows). If you want only some of your computers to use this policy, right-click and Clone the default policy, and make the changes to that one, then apply it to a target containing the machines you want that setting to apply to. Modify the "Start Date" to 12/31/2030, then check the "Allow user to run" box. Configure the restart defaults section as well; usually "At end of software update cycle" works well, or you may want Never. You may want to configure the user messages on the "Notification" tab as well.
Probably it will be much eaiser to just have the users go into the Agent interface and click the "Start Software Update Cycle", but you could create a script that executes the AexPatchUtil.exe as well and deploy that as a manual Software deployment (but the user would still have to go into the Agent to accomplish that).
Thanks,
Kyle
Symantec Trusted Advisor
For Forum threads, please click "Mark as Solution" if answered.
For all content, please give a thumbs up if you agree with or support the post.
Thank you, that's the solution we are looking for!
Would you like to reply?
Login or Register to post your comment.