The Altiris Patch Management module in 6.x can no longer be used to deploy patches for Windows XP computers. Though Microsoft stopped providing security updates for Windows XP computers after April 8th 2014, there are some companies that still have an agreement with Microsoft to provide an extend support for XP. Those companies who still haven’t migrated from XP to another OS , will get important and crtical patches for XP from Microsoft ( depends on the agreement). The Altiris administrators need to push these updates on their XP computers, but not through the patch management module as you won’t be able to download XP patches any more using the patch management module. . So what are our options here if we still have some XP computers in the network and you still need to patch them? You need to deploy the updates as software delivery tasks. I will list the steps below to do that:
Suppose, you need to install MS14-019 security update on XP 32 bit computers.
1)Go to https://technet.microsoft.com/en-us/library/security/ms14-019.aspx and download the update by clicking Windows XP Service Pack 3 under Affected and Non= Affected software. Here is the direct link to download the update (Security Update for Windows XP (KB2922229)
http://www.microsoft.com/downloads/details.aspx?familyid=e48a51a6-225e-40e7-876f-c50660feb335
- Save the update in your package server or the common share you use in the Altiris server for creating packages.
- Go to your Altiris Console, hit Resources tab
- In the left pane, select Resource Management > Resources > Software Management > Software Delivery Packages.
- Right-click the desired platform folder, and then select New > Software Delivery
Package .
Change the Name, add description and select the package location as below:
Hit the Programs Tab and hit New. Change the name and description. If you look at the field against Command Line, you can see that I used /quiet and /no restart switches to do a silent install and prevent reboot after the install.The other settings below that are pretty understandable and you can select them based on your needs.
Hit Apply and you are done.
Now you need to create a software delivery task to deploy this package on the target computers.
To create a software delivery task, follow the steps below:
1. In the Altiris Console, click the Tasks tab.
2. In the left pane, select Tasks > Software Delivery > Windows > Software Delivery Tasks.
3. Right-click the Software Delivery Tasks folder, and select New Software Delivery Task.
4. In the Software Delivery Tasks folder, select the newly created Software Delivery task.
5. In the right pane, specify the Software Delivery task details and change the name , select the package name by hitting the Go To Package link . Select the Program from the package. Select the collection you want to push this task to and select the schedule and other settings as per your requirements. Hit Apply and check the Enabled Check Box on Top Left.
You can hit the status tab after some time ( say couple of hours) on the and see if the task has been successfully installed on the computers in your collection selected for deployment.
The next challenge you are going to face is getting a compliance report for these security updates. The inbuilt compliance report in Altiris 6 is not useful any more in tracking the Windows XP security updates. Here is the solution for getting a report to see if the update is successfully installed or not. For MS14-019, I would look for KB2922229 in Add/Remove Programs. I create a report to show the instance of KB2922229 in Add/Remove programs on all machines in my collection that I used for pushing the task.
The SQL that I used for getting this report is:
SELECT T0.[Name] AS 'Name', T1.[Name] AS 'Name', T1.[Version] AS 'Version', T0.[Guid] FROM [vResourceEx] T0 INNER JOIN [Inv_AeX_OS_Add_Remove_Programs] T1 ON T0.[Guid] = T1.[_ResourceGuid] WHERE T1.[Name] like '%Security Update for Windows XP (KB2922229)' AND T0.[ResourceTypeGuid] = '493435f7-3b17-4c4c-b07f-c23e7ab7781f'