Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Where can I get an Altiris 6.1 manual?

Created: 24 Apr 2012 | 6 comments

I've inherited support of an Altiris 6.1 patch distirbution solution.  Where can I get documentation/training on the features?  I'm specifically interested in executing from a command line and/or batch file on the client machines to:

  1. Check for OS patches that are ready to install but have not been installed yet
  2. Install the OS patches
  3. ALWAYS restart the computer when the OS patch installations are complete (If I can just figure out when they are completed I can handle the restart command through Windows).
  4. If possible I would really like to be able to run a batch routine on one machine that executes the commands above remotely on another machine.  My understanding is that there are remote execution commands but I have no idea what they are or how they work.

 

Comments 6 CommentsJump to latest comment

mclemson's picture

 

Use AeXPatchUtil.exe:

http://www.symantec.com/docs/HOWTO4198
http://www.symantec.com/docs/HOWTO9770

This should answer 1-3.

Regarding #4, are you familiar with using policies and tasks in Altiris to run scripts, install software, collect inventory, etc?  I'm not sure from your post if you understand the management side of Altiris.  It seems as though you are thinking it is only a distribution server, sort of like WSUS -- but it's more like WSUS+SCCM+more.

You can create schedules within policies, and those policies are applied to computers.  Computers will then install the patches on a schedule with reboot and notification behavior you specify.  If you have access to the Altiris Console, you can configure these settings for yourself.

This troubleshooting guide actually takes you to most of the areas, and might help you troubleshoot patch in your environment:
http://www.symantec.com/docs/HOWTO10277

And here's the user guide:
http://www.symantec.com/docs/HOWTO1913

Does this help?

Mike Clemson, Senior Systems Engineer, ASC
Intuitive Technology Group -- Symantec Platinum Partner
intuitivetech.com

MarathonDan's picture

Thank you for the responses.  However, they don't really help me with my environment.  I'm familiar with how to schedule updates to occur a specific intervals and how to run the AexPatchUtil.exe command line.  My issue is that I have other applications running on the computers being patched that need to be shutdown in an orderly fashion BEFORE the upgrades take place.  I would like to be able to schedule something that will check for patches pending install, if patches pending shutdown my applications, install the patches and when the patche installations are known to be complete, restart the computer so that my applications restart.  I can't execute the install software command and then reboot because the command returns control to the calling routine before the patches are installed.  I can't depend on the /reboot switch because it only reboots "when neccessary" and I want to reboot every time in order to properly restart my applications.  I could set up something to inform users that there are patches to install and have them shutdown the application then run a batch routine to install the patches.  However, we would like to limit user access to the console so I was hopefull that I could run the AexPatchUtil.exe command from another machine to execute on the machine that requires the patches and have any prompting show up on the machine that initiated the batch. 

KESH MAN's picture

Most of the companies do this way:

Notify the users in advance about the time when the patches are pushed on to the machines. So they can plan not to run critical apps at that time. Also, you can push the patches silently with out crashing the applications. I have been doing this for years. Most of the times, the patches will get installed with in 6 hours. I still give a day before notifying the users about the reboot of the machines after the patch. I create a software update task to reboot the machines. At the scheduled time, the machines will see a pop up saying, machine will be rebooted and it will give 5 minutes for them to shut down the apps.

Altiris Administrator

Eli Lilly and Company, Indianapolis, USA

 

 

For Forum threads, please click "Mark as Solution" if answered

KSchroeder's picture

So if I understand correctly, you basically want to run some pre-patching tasks (like shutting down services/applications), then install the patches, then reboot?  As Mike mentioned, you can use AeXPatchUtil in a batch or VBScript.  In this case you would need to set a custom Patch Agent configuration that is set to never install patches on a schedule for the specific machines (or rather, set it far in the future, I like 2020 :) ).  Then, create a Software Delivery package and Task that runs your batch/vbscript on a schedule that meets your scheduling needs, something like:

NET STOP MSSQL
IISRESET /STOP
TASKKILL.exe /f /im "myapp.exe"
AeXPatchUtil.exe /i /q /r   (not exactly sure of the switches)
shutdown.exe /r /t 60

So the end result is that the Patch agent installs the packages ONLY as part of your batch file above, so the impacted apps are cleanly shut down.  You could of course have a bunch of logic (which would probably make it easier to use VBScript) to filter and only stop the services if they're there, or brute-force it and NET STOP everything you might want to kill, and if it isn't there it will just skip it and go on.  If you want a popup, use VBScript and a shell.Popup with a timer on it and when the timer runs out, kick off the Shutdown.exe.

This way you don't have to worry about the Patch agent schedule being out of whack, or the Patch Agent triggering an install when the services/apps haven't been shutdown, etc.

Thanks,
Kyle
Symantec Trusted Advisor

For Forum threads, please click "Mark as Solution" if answered.
For all content, please give a thumbs up if you agree with or support the post.

KSchroeder's picture

Also you probably have Patch 6.2 installed, as 6.1 went off support several years ago and no new patches can be deployed with it.  The Patch 6.2 manual is here:
http://www.symantec.com/docs/DOC1298

The Software Delivery Solution 6.1 SP3 manual is here:

http://www.symantec.com/docs/DOC1424

Thanks,
Kyle
Symantec Trusted Advisor

For Forum threads, please click "Mark as Solution" if answered.
For all content, please give a thumbs up if you agree with or support the post.