bawise Absent Member.
Absent Member.
1847 views

Patch Management Numbers are not accurate

Hi,
Is everyone else's experience similar with patch/not patched numbers?

Situation 1: Our patched/not patched numbers do not seem to line up with the amount of computers selected to be patched especially on Windows 10 even though they are all running the same OS build. The DAU bundle has all of our Windows 10 computers targeted. The specific patch policy bundle itself has all workstations(W7 & W10) in the folders targeted.
The total count of the patched/not patched seems to represent only 17% to 60% of our windows 10 devices that are selected to be patched.
The total count of the patched/not patched seems to represent only 44% to 98% of our windows 7 devices that are selected to be patched.


Situation 2: When clicking on the numbers, the device results total count doesn't seem to match the original patched/not patched numbers.
This might be explained by the following article: https://www.novell.com/support/kb/doc.php?id=7016199, but we are on version 17.1 currently. *It was upgraded from 11.2 long before me I believe. Is it residual?*

I clicked on the not patched column for Windows 7 and the devices results list had 127 more workstations listed.

Thanks for your help,
Brandon
0 Likes
8 Replies
Micro Focus Expert
Micro Focus Expert

Re: Patch Management Numbers are not accurate

That is normal.
An Entry is made for a device if the patch is ever applicable to that device.
Then when it is patched, it will change from unpatched to patched.
Situation #1 is fairly simple to explain..........

If a patch was never applicable to a device, it will never be listed.

Since the Windows 10 ISOs are constantly updating....many patches will never apply since they are fixed in Current Media that updates 2x a year.
Windows 7 SP1 has been around for ages, so most patches are likely required for it....or at least any not rolled into your image.

Only Tracking Patches that a device has ever needed vastly reduces the ZPM Table Sizes vs Tracking every possible patch that could never be applicable for a device.
No need to record the patch status of a patch released 1 day after the initial Windows 10 Gold Shipment years ago for your Brand New Win10 1803 devices....
0 Likes
bawise Absent Member.
Absent Member.

Re: Patch Management Numbers are not accurate

CRAIGDWILSON;2483430 wrote:
That is normal.
An Entry is made for a device if the patch is ever applicable to that device.
Then when it is patched, it will change from unpatched to patched.
Situation #1 is fairly simple to explain..........

If a patch was never applicable to a device, it will never be listed.

Since the Windows 10 ISOs are constantly updating....many patches will never apply since they are fixed in Current Media that updates 2x a year.
Windows 7 SP1 has been around for ages, so most patches are likely required for it....or at least any not rolled into your image.

Only Tracking Patches that a device has ever needed vastly reduces the ZPM Table Sizes vs Tracking every possible patch that could never be applicable for a device.
No need to record the patch status of a patch released 1 day after the initial Windows 10 Gold Shipment years ago for your Brand New Win10 1803 devices....


All of our computers are built off of the same version of Windows 10 LTSB Enterprise as of today. (We are moving towards Semi-Annual, but it is another beast entirely.) But, we are updating the base image monthly to include the latest patches.

So machines that were imaged with the patches already in the image will not be included in the "patched/not patched" numbers?

If that is the case, what do you recommend for tracking overall patch compliance if "Patched/Not Patched" numbers are not tracking all devices due to them being patched prior to ZENworks Patch Management?

Thanks for your help.
Brandon
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Patch Management Numbers are not accurate

Look for "Not Patched"
That indicates devices that need a patch.


bawise;2483440 wrote:
All of our computers are built off of the same version of Windows 10 LTSB Enterprise as of today. (We are moving towards Semi-Annual, but it is another beast entirely.) But, we are updating the base image monthly to include the latest patches.

So machines that were imaged with the patches already in the image will not be included in the "patched/not patched" numbers?

If that is the case, what do you recommend for tracking overall patch compliance if "Patched/Not Patched" numbers are not tracking all devices due to them being patched prior to ZENworks Patch Management?

Thanks for your help.
Brandon
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Patch Management Numbers are not accurate

Topic #2

Please run this Query
select * from patchdevicestatus where deviceid Not in (select zuid from zdevice);


Any Hits?
0 Likes
bawise Absent Member.
Absent Member.

Re: Patch Management Numbers are not accurate

CRAIGDWILSON;2483431 wrote:
Topic #2

Please run this Query
select * from patchdevicestatus where deviceid Not in (select zuid from zdevice);


Any Hits?


There were 2568 rows returned.
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Patch Management Numbers are not accurate

See - https://www.novell.com/support/kb/doc.php?id=7014395
2nd TID for basically same issue.
This other TID includes the command to cleanup the orphaned entries.

If they keep coming back....we can discuss some things you may be doing that could cause this, but until the come back I would not worry about it since the Zone has been around for awhile.
I heard that Update 3 (August?) may even automatically clean up the Orphans.....but that is not guaranteed to be included in Update 3.


bawise;2483436 wrote:
There were 2568 rows returned.
0 Likes
bawise Absent Member.
Absent Member.

Re: Patch Management Numbers are not accurate

I get "The Article Cannot be Found" when I click on the link.
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Patch Management Numbers are not accurate

Private message sent...
There seems to be some access right issues going on with that TID.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.