rhuhman1 Absent Member.
Absent Member.
2423 views

Patch Scan after Windows Updates

Part of my image process is to run a series of Windows Updates using Microsofts Windows Updates website or desktop utility. I have noticed that after those utilities are ran and MS shows now new updates that ZPM still shows a ton of patches still needed for the computer. Is there a reason that the two differ so much? I can run the .Net updates and MS shows them updated yet ZPM will show the patches still need to be deployed, as an example.

If ZPM looks at the patches differently what is the best way to force deploy patches to computers that have been imaged for the first time? My Understanding is Baseline options were never intended to be used in this manner. Do I just set up a series of Monthly Patches and then force them to all non-patched computers?

I have also noticed that some computers never patch even through ZPM. Is there a different location for ZPM cache that needs to be deleted if an error has occured?

thanks for the information.

Richard
Labels (2)
0 Likes
4 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Patch Scan after Windows Updates

rhuhman,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your problem been resolved? If not, you might try one of the following options:

- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your Novell Product Support Forums Team
http://forums.novell.com/

0 Likes
eumetsatzcm Absent Member.
Absent Member.

Re: Patch Scan after Windows Updates

rhuhman;2215417 wrote:
Part of my image process is to run a series of Windows Updates using Microsofts Windows Updates website or desktop utility. I have noticed that after those utilities are ran and MS shows now new updates that ZPM still shows a ton of patches still needed for the computer. Is there a reason that the two differ so much? I can run the .Net updates and MS shows them updated yet ZPM will show the patches still need to be deployed, as an example.

If ZPM looks at the patches differently what is the best way to force deploy patches to computers that have been imaged for the first time? My Understanding is Baseline options were never intended to be used in this manner. Do I just set up a series of Monthly Patches and then force them to all non-patched computers?

I have also noticed that some computers never patch even through ZPM. Is there a different location for ZPM cache that needs to be deleted if an error has occured?

thanks for the information.

Richard


Hi Richard,

We had some major issues with the Baseline works I am sure whom ever used NPM will will have same assumptions. ZPM works lot differently.

Here is number of things to look out for.

1) You must not Disable Windows Update Service you st the option not to download or install this will let the WUS to automatically start as this service used by ZPM to check for applied patches.
2) DAU version increment every day if doesn't then delete and let it auto create.
3) Can do create a bundle to force run the scan with "zac bv DAU" where you have to change the DAU with full name base of the OS.
4) Since we can't use the base line the way e used it in NPM we create monthly Patches group bundle then we schedule those to devices.

Hope this information helps you.

Kuru
0 Likes
gerwil1478
New Member.

Re: Patch Scan after Windows Updates

Hi
Just a comment. I have Windows update services turned off and also set in policy so that they cannot be turned back on. ZPM is not 100% by any means but some machines work OK and report back with patches applied. Do you have a doco reference for point 1.
Cheers
0 Likes
eumetsatzcm Absent Member.
Absent Member.

Re: Patch Scan after Windows Updates

Hi Not sure if there is a any in ZCM Doc but we had major issues ZPM and during a SR call we were given this information. But quick search find this

Support | Novell ZPM's New Content Architecture

Support | ZPM scans for Windows Server 2008 require Windows Automatic Updates Service

During our call it was escalated to Lumension and I was told since 6.4 NPM
It was needed not to be disabled it can be Manual (and also set the options not to scan it self or prompt users)

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:1
"AUOptions"=dword:4

Regards,
Kuru
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.