Client Management Suite

 View Only

  • 1.  Prevent patching to group of PCs?

    Posted Nov 29, 2011 03:42 PM

    I have a group of computers that I would like to exclude from patching but I still would like them to be in the console for inventory purposes and tracking.  I'm not sure what the best way to do this is.  I thought about excluding them from getting the software management plugin but that didn't quite work.  I would like to place the computers in an OU or make them members of an AD group that would prevent patching somehow.  Any ideas?



  • 2.  RE: Prevent patching to group of PCs?

    Posted Nov 30, 2011 12:34 PM

    Just put those machines in a collection and create a PatchManagement collection with all desktops, excluding this group.

     

    Then on the patch tasks, target the PatchManagement Collection only.



  • 3.  RE: Prevent patching to group of PCs?
    Best Answer

    Posted Nov 30, 2011 05:34 PM

    They need the Software Update Plug-in too.

    I'd use a belt and braces approach. Create your collection/filter with the excluded machines in. Apply the Software Update Plug-in Uninstall Policy to it. Clone the Patch Management Policy and have the one applying to the excluded machines set to install once in 2035 or something similar.



  • 4.  RE: Prevent patching to group of PCs?

    Posted Dec 04, 2011 01:25 AM
    I'm with Andy on this one, definitely the safest route to go is excluding them from the plug in all together.


  • 5.  RE: Prevent patching to group of PCs?

    Posted Dec 07, 2011 09:32 PM

    Create a new Organizational group (lets say Exceptions group) under the exisiting Organizational View.

    Add all the machine names that you want to exclude from patching to above created Exception group.

    Make sure all your target machines for patching are under the exisiting Organizational view and under some group ( lets say Target group) .

    Any machine can only exist either in Target group or in Exception group under same Organizational View.

    When you apply patch policies, apply to only taget group and not to entire Organizantional View. This is how you can prevent patching a exception computer.

     

     

     

     

     



  • 6.  RE: Prevent patching to group of PCs?

    Posted Dec 11, 2011 04:23 AM

    I recommend to exclude those systems from SW Update Plugin.

    1. Disable the “Software Update Plug-in Install”  and make a clone and name it “Software Update Plug-in Install-Custom”  
    2. Create another filter excluding the systems that you don’t need to install SWU plug in.
    3. Modify ‘Apply to’ of “Software Update Plug-in Install-Custom”  policy and select the newly created Filter .
    4. Enable policy “Software Update Plug-in Install-Custom”.

     

    To remove if SWU plugin already got installed on those systems.

    1. Create filter  for the systems that you don’t need to install SWU plug in.
    2. Modify policy  “Software Update Plug-in Uninstall” with this new filter
    3. Enable it.

     This will make sure to uninstall SWU plugin in case any of those systems accidentally got installed again.



  • 7.  RE: Prevent patching to group of PCs?

    Posted Dec 15, 2011 11:29 AM

    I created the OU for the computers and applied the uninstall policy to that OU.  It removed the agent and it never came back.  Seemed to do the trick.  THanks to all who contributed.