Patch Management on laptops

JeffreyJRiggs's picture
JeffreyJRiggs
September 11th, 2009

Ok so we started on patching our desktops.... simple patch... MS09-017 (powerpoint patch) onto 70 test machines.. all worked great for the desktops.. they got the patch and rebooted at 3am....

however our laptop users show as scheduled.... then when they come in it gets rescheduled for the next morning at 3am.....

is there a way to have laptop users patch if they are home on the weekend? kind of like how software delivery will download and stage it.. a user on the weekend fires up his laptop and gets software.....

so i read the article...

Andrey Shipov
6 weeks 3 days ago

Altiris Patch Management Solution 6.2 always has a delay

at

www-secure.symantec.com/connect/articles/patch-management-solution-62-our-production-configuration-and-few-tips

 

and he has his set for 2pm during the day... is this the only way?

thanks
Jeff

Filed under: ,
0 votes
jharings's picture
jharings
10 weeks 4 days ago

With 6.2, Yes

You'll find several other examples of this elsewhere on the forums. The most direct way is to create multiple software update agent config policies, so laptops can be patched during the day.

Jim Harings
Technical Solutions Consultant
Xcend Group
http://xcendgroup.com

+1 (1 vote)
KSchroeder's picture
KSchroeder
10 weeks 4 days ago

Jim is correct

It is currently the only way.  We have all our workstations (desktop and laptop) set to install every 4 hours starting from 4 AM.  This ensures that the machine will get patched ASAP.  We did spread it out a little bit as the patch cycle does kick off the full patch Inventory/vulnerability scan, which can take a while to run. 

To be clear, the patches won't reapply and the machine won't reboot every 4 hours (unless you have one which is "broken" and doesn't recognize when it is installed properly).

Thanks,
Kyle
Symantec Trusted Advisor
If your question has been resolved, please be sure to click "Mark as Solution"! Thank you.

+1 (1 vote)
dfrancis's picture
dfrancis
10 weeks 2 days ago

We do exactly the same thing,

We do exactly the same thing, Kyle.  The only ill effect is that client-side logs will tend to have a lot of patch data in them so if we're ever troubleshooting other Altiris issues on a particular machine we have to adjust the logging capabilities to retain more data on that client than the default 10 100K files.

+1 (1 vote)