New England Security User Group

Hi,

Someone made an attempt to export patch policies from SMP 7.0 into our new SMP 7.1 environment, and the import didn't seem to work.  Apparently, the admin moved on to other things and didn't think twice about it.

Now, we have a patch admin who is trying to set up patch policies and a screen is showing him that there are conflicting policies for that patch, even though those policies are not viewable through the UI or searchable in the console.  I have attached a screenshot below.

Is there any way to search for and remove these corrupt improperly imported policies, such as a SQL command?  In particular, I could use either of these, since we already know the name of it.

Many thanks in advance.

Could you please provide more exact steps that were used and versions of PM on both NS'es?

Patch Management on the 7.1 server is 7.1.1213 and on the 7.0 server is 7.0.4409.

The steps are the same steps you would follow to create any patch policy.  First, you stage the bulletins, and then you create the policy by choosing which updates you want to enforce.  After you choose the updates, it tells you that there are already policies enforcing these updates and then shows you a list (that's the screenshot).  Our patch administrator is concerned, and so am I, since these policies don't show anywhere in search or in the list of policies in the UI.

I know that another administrator attempted to export and then import these policies from our 7.0 server into the 7.1 server and that the import failed.  It now appears that the policies were at least partially imported, because they at least exist in the database.  I'd like to get rid of them.

Many thanks!

I meant steps that were performed to export and import policies (in details). Also, by "patch admin" you mean a different person or NS role? Thanks.

you would be able to query the item or vitem table for the (partial) name of the offending policy to get the resourceguid. Once you have that you can use the deleteitem utility (located on the download page) to get rid of it. If you don't know the guid, it's going to be tougher.

Do you have access to the SQL Server? A sample query would be "select * from item where name like 'Patching - %' or whatever the 'bad' policy is.

Hi,

We have a large environment and have different administrators.  When I say "patch admin" I mean the administrator responsible for patching.  As I didn't do the import/export attempt myself, I reached out and asked for more information.  All I could get out of them was that they attempted to use the command line import/export tool, and they appeared to export properly and import properly with no error messages.  The import/export isn't a requirement for us, I'm just trying to get these policies out of here so they don't conflict with the new policies we are building by hand.

Many thanks!

Jharings,

Many thanks!  I do have access to the SQL server and I was able to run the query and I did find the items and the associated GUIDS.  I'll have a look for the deleteitem utility and report back.

Hi,

Ok, so as a test I crafted my query, which resolves against the DB successfuly.  I added the string to the appropriate section of the deleteitems.cs file and dumped it in the folder along with nscript.

I ran nscript.exe deleteitems.cs and got the following:

I re-ran the query in SQL, and the item and GUID are still there.

Is there any way to just delete this guy by hand using item.delete?

I was able to delete the individual record using a SQL query, thank you all.