Baseline Creation Question

I’ve got a question about creating baselines.

I’ve got a Site “Windows 7 Patching” that is set to subscribe all computers, OS contains “Win7”

To create a baseline, I sort thru the tree of fixlets, selecting all fixlets under By Severity > Critical > By Source > Microsoft.
I see 80 fixlets that have an “Applicable Computer Count”.
I highlight all 80 fixlets and create a new baseline in the “Windows 7 Patching” site

Here’s where I need help.
Looking at my new baseline, I see that maybe 30% of the fixlets are now not applicable, because they do not apply to Win7 machines that subscribe to the site. Is there a way filter those out before they go into the baseline, or an easy way to remove them?
I don’t have the patience to remove them one at a time, but don’t want to leave them in (per best practice).

Of course the Windows Patching Wizard would help here, but that’s only for MS patching, and I’ve got to patch other vendor’s products as well.

Thx

First, you should never just “select all” of the Fixlets and add them to a baseline - you really do need to review each one; sometimes the patches cause problems, sometimes there will be one fixlet to apply a workaround along with another one to undo the workaround (so they conflict with each other), etc.

So, to do what you’re talking about short of writing a custom dashboard, I think the easiest thing is

  • Open your “Windows 7 Patching” site
  • Open the “Subscribed Computers” tree
  • Select all computers, right-click, and “View as Group”
  • In the “Ad-Hoc Computer Group” view, hit the “Applicable Fixlets” tab. This will show only the fixlets that are applicable to at least one member of your temporary group.
  • Navigate through the Applicable Fixlets, either “By Site” or “By Source”, select the ones you want, then right-click and “Add to New Baseline”
  • Inspect each of the Fixlets in the baseline to be sure it’s something you want to keep in the baseline.

You don’t actually need a separate Custom Site for this, and you could use normal Manual or Automatic Computer Groups instead of the ad-hoc groups.

1 Like

Brilliant, that helps a lot.
My Custom site does not have any computers in it, but you’ve given me somewhere to start.

Here’s my current plan:
All Content > Computers > filter or search on “Win7”,
Select all of the Win7 machines and “View as Group” to display them as an "Ad-Hoc Computer Group"
Navigate the tree of Relevant Fixlets to display those I’m interested in, and "Add to New Baseline"
Cull thru the list and remove the deadwood, Superceded, Auditing, No Action, etc.
Done.

Comments welcomed

See this: http://www-01.ibm.com/support/docview.wss?uid=swg21636385

And I only recommend building baselines from components where at least one computer in the deployment is reporting relevant to it (i.e. exclude non-relevant items from your baseline, unless you plan on rolling out golden images that are behind on patching).

Use this button in the console to exclude non-relevant patch items from your view:

Un-depress that button.

1 Like