gshaw0 Absent Member.
Absent Member.
1137 views

Scheduled multi-patch Bundle - will it work?

A while back we started trying out ZPM for all our patching, soon found that using it for Microsoft patches was a) a nightmare to manage and b) slowed our ZCM database down to a crawl for 8 hours a day while it did something odd with the ZPM log tables. Anyhow I've since deleted all Microsoft patches from Zen and gone over to WSUS for the Microsoft stuff, works a treat so I'm leaving that where it lies.

However we really need to push out some important Flash and Java updates (also found Google Chrome in the list so that would be nice too) and here's how I want to do it...

1) set the updates to install on a timed schedule and only install during this window
2) set a requirement on the patch Bundle to only run if HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon is set to 0 (i.e. the machine isn't in the middle of imaging as ZPM made a mess of things when it cuts in too early)
3) run Flash, Java and Google Chrome patches one by one i.e. the first one completes, next one starts and so on
4) run this Bundle daily so if machines miss it one time they grab it the next, although if the Bundle has already run successfully it doesn't reinstall every time (as that would just be silly)
5) run the updates successfully whether the user has admin rights or not (UAC may be on as ZCM 11.2.3a seems to have problems with Computer GPOs)

I tried doing multiple scheduled Bundles for each product individually which seemed to work, bit of a pain to manage though so I then tried a multiple Bundle. Thus far I've tried it two ways without success:

1) using the Deploy Remediation wizard and setting schedule in there (doesn't seem to run on schedule despite the Agent on a client knowing the Bundle is there and on schedule)
2) use Deploy Remediation to create the individual ZPM Bundles then make a separate Bundle that calls the ZPM ones. Worked on one machine where nothing had previously run but failed on another where the patches had already been applied.

I don't really want to use baselines as they are in 11.2.3a as they don't seem to work that well and don't give me control over when patches are applied. Can't go to 11.3 until summer at the earliest so that's out the equation as well. Any suggestions for how to achieve the above and where I might be going wrong?

ZCM 2017 U2 on VMware| SQL 2016 database | 4 primary servers over 3 sites | 3000+ Windows 10 images to deploy via MDT :cool: Check out my blog http://gshaw0.wordpress.com - ZCM imaging and other tech stuff
Labels (2)
0 Likes
1 Reply
Anonymous_User Absent Member.
Absent Member.

Re: Scheduled multi-patch Bundle - will it work?

gshaw0,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your problem been resolved? If not, you might try one of the following options:

- Visit http://www.novell.com/support and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your Novell Forums Team
http://forums.novell.com


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.