Video Screencast Help

NS 7.1 Patch Management

Created: 28 Jan 2013 | 3 comments

I recently setup Patch Management and I am trying to find the best way to patch machines with older missing patches. For example Machine A has 10 patches missing and which are different than Machine B which is missing 15 patches. What is the most effecient way of tackling this?

When I get the results of Machine A missing patches, I can create a Policy to apply those patches. Do I have to do the same for Machine B and so on and so forth or is there a better way to tackle this?

Comments 3 CommentsJump to latest comment

Roman Vassiljev's picture

Hi huseinm,

I think it is up to you.

If you want to reach 100% Compliance, you need to distribute and install all updates that are shown as ‘not installed’ in compliance reports.
You may group these updates by different ways and create SWU policy for each group.
For example:
- If you want to manage SWU policies from the point of view of the targeted machines, then you may create policies as you suggested.
- If you want to manage SWU policies from the point of view of the software updates, then you may group bulletins by release date or by vendors or by products and create SWU policies for each group.

Please note that recommended maximum number of bulletins included to 1 SWU policy equals to number of bulletins that are released during 1 month.


jellsworth's picture

I've just been pushing all the updates and I haven't had any problems. I just exclude the patches I don't want. No problems there.