Baseline Relevance by OS Version

Content Authoring
1

Hello, I recently discovered we have fixlets still relevant for some of our customers running Server 2008 R2, 2012 and 2012R2. The total amount of updates is ~200 so I want to split them into different baselines. The baselines have been built but I have noticed the custom fixlets we have for force restarts (which are in the baseline) are adding machines running 2016-2022 and we don’t want that.

On each baseline, I have added the following as the relevance

  • if exists property “in proxy agent context” then not in proxy agent context else true

  • (name of operating system = “Win2008R2” and version of operating system = “6.1.7601”)

  • if exists property “in proxy agent context” then not in proxy agent context else true

  • (name of operating system = “Win2012” and version of operating system = “6.2.9200”)

  • (name of operating system = “Win2012R2” and version of operating system = “6.3.9600”)

But because the force restart fixlets we have are just ‘restart 60’ action script its going to be relavent on most objects.

I am thinking I need to create different ‘force restart’ fixlets with relevance applicable to a specific OS and then add that into related baseline.

i.e. Create a force restart fixlet that applies to server 2008R2 and add that to the 2008R2 baseline? Any other ideas? Help please.

2

You can leave the same fixlet in all of your baselines, but remove the checkbox below; once done, the fixlet will only apply to devices that are relevant to your baseline.

Simply modify your baseline, go to restart fixlet, and then click the pull down button to see this option and uncheck it.

image

3

That’s already unchecked in all the baselines.

4

If thats already unchecked, your baseline shouldn’t be applicable to 2016/22!!!

If you can post your baseline relevance which is getting applicability for 2016/22, it would help to understand the issue.

5

@vk.khurava has the correct approach here. You should make sure the ‘Reboot’ Task is not selected for the ‘Baseline will be relevant on applicable computers where this component is relevant’ checkbox.

Additionally, your actual Patch fixlets that apply to the Server 2008 R2, 2012, 2012r2 should have that box checked.

This configuration ensures the end computer must be relevant to at least one of the Patch fixlets in order for the Baseline to be relevant; and being relevant for the Reboot task alone is not sufficient to make the Baseline relevant.