Baseline Alternative

(imported topic written by cstoneba)

I am currently in the process of designing, and implementing, a process to push both monthly patches to our clients, and get new servers builds up to date. In the past, I have just created a baseline for each month of MS patches and then pushed them accordingly. However, I’m just trying to find a more efficient way to do it. As we all know, baselines actually duplicate the fixlets that’s in the baseline. This requires that the baseline be synched periodically, but the big thing I don’t like is that now clients have to report back on both the original fixlet AND the baseline (double the work).

My workaround was going to be putting monthly baselines in a custom site, but then I am duplicating the fixlets myself, and that’s not any better. Plus you have to deal with custom site subscription and that is just one more task.

What I am asking is, is there some sort of mechanism (wizard, task, client API, etc) that you could push all Microsoft critical security updates that were released between 6/1/10-6/30/10 at once?

Sorry for the rant and I’m sure it has been asked before, but I’m just trying to do something that makes more sense.

(imported comment written by anthonymap91)

I am looking at the same issue.

Anthony

(imported comment written by BenKus)

You can always filter your Fixlet list, right click, and take-default-action for a one-time deployment to lots of computers.

In general, the fact that the Fixlets are in the baseline AND in the Fixlet sites is not terrible and the agent can handle it well… The issue that you always hear us worry about is when you have big baseline

actions

when using non-efficient-mime (http://support.bigfix.com/cgi-bin/kbdirect.pl?id=420)… Those tend to cause the agent to do a lot of work that isn’t particularly efficient.

Ben

(imported comment written by cstoneba)

That would work, if every fixlet had a default action. MIME is ienabled in our environment, but I am not looking forward to creating 1 baseline for every month of windows updates from here on out…