eumetsatzcm Absent Member.
Absent Member.
2614 views

How many Win 7 x64 Critical Patches for Sept 2012?

Hi,

How many Windows 7 SP1 x64 Critical Patches released by Novell for ZPM?

We only see 2? Is that what others seeing or is something wrong on our system we did do a rest few day ago that also disabled all patches. Did anyone one else had similar experience when they did rest ZPM it hindes all patches?

Kuru
Labels (2)
0 Likes
31 Replies
shaunpond Absent Member.
Absent Member.

Re: How many Win 7 x64 Critical Patches for Sept 2012?

Eumetsatzcm,

I'm just resetting my ZPM system now, to test...

--

Shaun Pond


0 Likes
Knowledge Partner
Knowledge Partner

Re: How many Win 7 x64 Critical Patches for Sept 2012?

On 26.09.2012 09:06, eumetsatzcm wrote:
>
> Hi,
>
> How many Windows 7 SP1 x64 Critical Patches released by Novell for
> ZPM?
>
> We only see 2?


AFAIK, there were only 2 critical ones released by Microsoft in
September: KB2736233 and just recently KB2744842. These are the only
security patches and AFAIK, ZPM only delivers those not the full set of
all updates Microsoft releases. Correct me if I'm wrong here, as I never
use ZPM for Microsoft patches.


CU,
--
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
shaunpond Absent Member.
Absent Member.

Re: How many Win 7 x64 Critical Patches for Sept 2012?

Massimo,

well security patches always are done first - there's no guarantee that
other patches will be produced, but they may be 🙂

--

Shaun Pond


0 Likes
dschlieder Absent Member.
Absent Member.

Re: How many Win 7 x64 Critical Patches for Sept 2012?

Interesting statement: "...as I never use ZPM for Microsoft patches..."

Could you expand on that statement?

Do you use WSUS or some other solution?

I have been experiencing numerous issues trying to use ZPM for Microsoft patches - I started off creating bundles for specific computers or groups and that seemed to be working okay.

Then learned about baselines - so I implemented that - I think that was a bad decision.

Everything seemed fine for a short time then all of a sudden ZCM started showing me a lot of devices I had previously thought of as patched as not patched! And I confirmed that in some cases they are patched. Tried zac ps, etc. to clean this up to no avail.

Best solution offered is to actually drop all the ZPM tables, delete all the patches, re-create all the tables and start all over again. But that does not appeal to me as that does not correct the problem, only masks it for some time.

And inventory says the patches are there - and if I try to re-apply I get errors. I had to use t-sql to get everything out of the baselines as the UI failed to do so.

So I have stopped trying to do any Microsoft patches as I am concerned I will end up crashing my computers and I can not afford to do that - these are POS systems and I have to keep them running.

I am considering using a WSUS server and using ZCM to make the registry changes to the computers to have then get their Microsoft patches from there instead, using ZCM to manage the registry changes to make this happen.
0 Likes
Knowledge Partner
Knowledge Partner

Re: How many Win 7 x64 Critical Patches for Sept 2012?

Hi.

On 26.09.2012 21:26, dschlieder wrote:
> Do you use WSUS


Yes.

> I am considering using a WSUS server and using ZCM to make the registry
> changes


You mean a policy. 😉

CU,
--
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
dschlieder Absent Member.
Absent Member.

Re: How many Win 7 x64 Critical Patches for Sept 2012?

I have experimented with both policy and registry settings to point a computer to a WSUS server, set various attributes for updates such as notify only, download and notify, etc.

When I applied a policy I set exactly what I wanted to change and no more - but when delivered to the device it also changed a lot of things I didn't want to change such as the size of windows event logs that filed up and stopped the device cold - you have to basically set everything you want in the policy - not just what you want to change.

I can control with a registry change the exact changes I want to implement and only those get changed so I feel i have more control doing that.

My trouble now is convincing the powers that be that we should be using a WSUS server instead of ZPM for Microsoft patches.

They have faith in our consulting company and/or Novell to be able to just log into our servers and make a few tweaks to make these issues magically go away.

And no faith in anything I read here as I was told "no one uses those forums".

Of course I have been trying to figure out for a long time where that magic mystical zen setting is that makes everything okay and all the problems just disappear.

Thanks for the information!
0 Likes
Knowledge Partner
Knowledge Partner

Re: How many Win 7 x64 Critical Patches for Sept 2012?

On 27.09.2012 00:26, dschlieder wrote:
>
> I have experimented with both policy and registry settings to point a
> computer to a WSUS server, set various attributes for updates such as
> notify only, download and notify, etc.
>
> When I applied a policy I set exactly what I wanted to change and no
> more - but when delivered to the device it also changed a lot of things
> I didn't want to change such as the size of windows event logs that
> filed up and stopped the device cold - you have to basically set
> everything you want in the policy - not just what you want to change.


I've no idea how or why, but Policies set exactly what was configured,
not more, not less. <shrug>

> And no faith in anything I read here as I was told "no one uses those
> forums".


<sheepish grin>

> Of course I have been trying to figure out for a long time where that
> magic mystical zen setting is that makes everything okay and all the
> problems just disappear.


Don't be fooled. WSUS isn't without it's own share of problems, and it
sure isn't a "fire and forget" solution.
But for Microsofts very own patches, it's IMHO *by far* the best option.
That's not limited to Zen, but *any* third party patch management
product. In addition, it comes with some additional features *no* third
party patch management can deliver.

BTW, by the same logic and for the same reason I don't use ZCM do patch
SLES servers either.

CU,
--
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
dschlieder Absent Member.
Absent Member.

Re: How many Win 7 x64 Critical Patches for Sept 2012?

Massimo,

Thanks very much for the input!

Since I am fairly new to this I am probably missing something as far as policy configuration...I'll probably play with this some more but time will tell.

I am going to guess you are applying AD policies? The vast majority of my devices are not on our domain so I was attempting to apply a local group policy - probably should have tried to create that policy on one of the devices instead of my personal workstation? Or I needed to go through more than just the update section of the policy.

Earlier this summer I set up a WSUS server (only took me an afternoon to set it up) and tested it against a few devices and I really liked what I had.

I had a few minor issues but overall I found it easy and intuitive to use, much more so than ZPM.

But since we are a die hard Novell shop I was trying to be a team player and make this work all within ZCM.

Have a great day!

Dave Schlieder
0 Likes
Knowledge Partner
Knowledge Partner

Re: How many Win 7 x64 Critical Patches for Sept 2012?

Hi.

On 27.09.2012 17:46, dschlieder wrote:
> I am going to guess you are applying AD policies? The vast majority of
> my devices are not on our domain so I was attempting to apply a local
> group policy


No, I was talking local group polies by ZCM.

> But since we are a die hard Novell shop I was trying to be a team
> player and make this work all within ZCM.


I have a more pragmatic aproach: Use what works best. 😉
And in case of windows patches, nothing beats the OS itself in knowing
which are needed and which not. And nobody other than the OS vendor
itself knows best how to package and deploy them.

CU,
--
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
eumetsatzcm Absent Member.
Absent Member.

Re: How many Win 7 x64 Critical Patches for Sept 2012?

Hi,

We are still in pilot phase we have been trying various options. But I have come across some findings

1) Base line is very badly done in ZPM it was come from the fact it links all patches to each and every device.
2) Group Patches Monthly OS, Office, Adobe etc makes quite lot of different then some what easy to control
3) MS Update service must be set to Manual at-least as it got used to scan for which patches are needed in that sense we still use MS and detection is correct.
4) PS scan create as a bundle and run it on regular basis as this helps if the daily automate one fails to find the status.
we use zac bv "Full name of DAU bundles for the OS version" is better than zac ps

Using above I had lots of success.

Kuru

mrosen;2221331 wrote:
Hi.

On 27.09.2012 17:46, dschlieder wrote:
> I am going to guess you are applying AD policies? The vast majority of
> my devices are not on our domain so I was attempting to apply a local
> group policy


No, I was talking local group polies by ZCM.

> But since we are a die hard Novell shop I was trying to be a team
> player and make this work all within ZCM.


I have a more pragmatic aproach: Use what works best. 😉
And in case of windows patches, nothing beats the OS itself in knowing
which are needed and which not. And nobody other than the OS vendor
itself knows best how to package and deploy them.

CU,
--
Massimo Rosen
Novell Knowledge Partner
No emails please!
Untitled Document
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: How many Win 7 x64 Critical Patches for Sept 2012?

>Everything seemed fine for a short time then all of a sudden ZCM
>started showing me a lot of devices I had previously thought of as
>patched as not patched! And I confirmed that in some cases they are
>patched. Tried zac ps, etc. to clean this up to no avail.



We are having a similar experience. Working with Novell support we tracked
this down to a conflict with our Antivirus software. If I turn off the real
time scanning in the A/V software this issue of false positive patch
vulnerability detections goes away. We are currently working with our A/V
vendor to see if they can resolve the problem.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.