(imported topic written by ktm_200091)
My company considers each modification of a fixlet to be a new version and with it…
Everytime Big Fix Modifies the fixlets that are released in Baselines I have to go through a nasty change management process to re-release them to my environment.
Is there any way that you can document your changes chronologically in the fixlet itself so a person does not have to look in several places to piece together what may of happened?
(imported comment written by ktm_200091)
I’ve been thinking about this some more, it seems the majority of the changes come from the modification of the relevance but the payload doesn’t change so…
Is there a way that
you can auto sync a fixlet if Big fix decides to change the relevance but the actual content of the patch doesn’t change
and not auto synch if the content of the patch has changed
This would save me a TON of GRIEF
(imported comment written by BenKus)
Hey ktm,
Fixlets need to change for a variety of reasons (for instance, I believe recently Microsoft updated some info about how to detect certain patches, so we reflected the update in the Fixlets)… The product is architected with the guarantee that we won’t change your baselines or your actions from underneath you so that unexpected things don’t happen if we updated our Fixlets.
If your company processes demands change management for each update to your patches, then you absolutely don’t want us auto-changing your baselines for you (because then we defeated your change control and could cause problems). If your company processes doesn’t require change control for updated Fixlet relevance or Fixlet actions or both, then we let you sync the baselines with a button.
I think you have a good point that we should find ways to make it easier for you to sync baselines/actions with fewer clicks and other people have asked for this before…
Note that I removed all the !! from the title of this post…
Ben
(imported comment written by ktm_200091)
Ben,
From the email yesterday… microsoft didn’t modify their patch. Big Fix modified the fixlets due to people not applying the office deployment control fixlet.
BigFix has modified content in the Patches for Windows (English) / Enterprise Security site. The Relevance in the following Fixlet messages has been updated to apply to machines which have not been configured for Office deployment control. Additionally, the action in each Fixlet message has been modified to immediately fail if Office deployment control has not been configured. BigFix has made this change in order to provide vulnerability detection (but not remediation) for unconfigured machines:
Fixlet IDs:
28208, 28301, 28403, 29203, 29208, 29213, 29226, 38102, 38103, 38104, 38106, 38112, 38116, 38121, 38201, 38204, 38211, 105005, 206701, 303601, 303606, 303702, 303707, 303801, 303804, 400901, 401702, 402701, 402704, 402707, 402825, 403301, 403306, 500501, 502301, 502303, 502305, 503501, 503502, 600301, 600303, 600306, 600319, 600321, 600341, 600342, 600343, 600344, 600345, 600346, 600347, 600348, 600349, 600350, 600351, 600352, 600353, 600354, 600355, 600356, 600357, 600358, 600359, 600360, 600361, 600362, 600363, 600364, 600365, 600366, 600367, 600368, 600369, 600370, 600371, 600372, 600373, 600374, 600375, 600376, 600377, 600378, 600379, 600380, 600381, 600382, 600383, 600384, 600385, 600386, 600387, 600388, 600389, 600390, 600391, 600392, 600393, 600394, 600395, 600397, 600398, 600399, 600905, 600906, 600911, 600912, 600913, 600914, 600915, 600916, 600917, 600918, 600919, 600920, 600921, 600922, 600923, 600924, 600925, 600926, 600927, 600928, 600929, 600935, 600940, 600941,
600942, 600943, 600944, 600945, 600946, 600947, 600948, 600949, 600950, 600951, 600952, 600953, 601001, 601201, 601206, 601211, 601216, 601241, 601244, 601247, 601250, 601271, 602701, 602706, 602709, 602801, 602804, 602807, 603701, 603705, 603708, 603801, 603805, 603810, 603901, 603904, 603911, 604701, 604708, 604802, 604804, 604806, 605401, 605403, 605407, 605801, 605807, 605811, 605901, 605907, 605911, 605915, 606001, 606007, 606011, 606109, 606201, 606204, 606208, 690301, 690302, 690303, 690304, 690305, 690306, 690307, 690308, 690309, 700101, 700107, 700201, 700204, 700207, 700215, 700301, 700304, 700306, 701301, 701306, 701309, 701331, 701401, 701406, 701409, 701501, 701506, 701509, 702301, 702306, 702309, 702401, 702409, 702413, 702501, 702506, 702509, 703601, 703604, 703607, 704201, 704401, 704411, 704421, 706002, 706011, 800901, 800911, 800921, 801201, 801207, 801213, 801301, 801307, 801311, 801401, 801411, 801421, 801423, 801425, 801501, 801511, 801521, 801601, 8016
11, 801621, 801711, 801771, 802601, 802606, 802611, 802701, 802706, 802711, 804106, 804111, 804116, 804201, 804206, 804301, 804306, 804311, 804401, 804406, 804411, 805101, 805106, 805111, 805115, 805216, 805271, 805501, 805506, 805601, 805701, 805706, 805711, 806932, 807206, 807211, 807216, 807401, 807406, 807411, 900901, 900906, 900911, 901006, 901011, 901701, 901706, 901711, 902101, 902106, 902111, 902401, 902406, 902411, 902701, 902706, 902711, 6012021, 6012121, 6012122, 6012124, 6012125, 6012126, 6012127, 6012128, 6012129, 6012130, 6012131, 6012132, 6012133, 6012134, 6012135, 6012136, 6012137, 6012138, 6012161, 6012162, 6012163, 6012164, 6012165, 6012166, 6012167, 6012168, 6012169, 6012170, 6012171, 6012172, 6012173, 6012174, 6012175, 6012176
(imported comment written by BenKus)
Hey KTM,
Yes. This was an example of us changing the Fixlets for reasons specific to BigFix, which we need to do from time-to-time to correct errors or to make things work better… Other cases we change Fixlets are related to changes beyond our control, like if MS releases a patch revision or if we find errors in the patch.
Note that if you don’t really care about this specific change (which was done to help customers who had Office patch deployment problems), there is no need to re-synchronize and you can use the older version.
Ben
(imported comment written by ktm_200091)
Ben,
Please correct me if I am wrong but It appears that when a fixlet in a baseline has a message “source fixlet differs” it is skipped over when the baseline goes to apply so you really don’t have the option to use the older version if you want to install the patch.
(imported comment written by BenKus)
Hey KTM,
That is not correct… The Fixlets are copied when they are moved to the baseline and you can continue to use them without any issues (unless there is something very wrong that I don’t know about).
The whole point of us not automatically updating the Fixlet in the baseline is that you can continue to use the old one without any changes…
Hopefully this helps clear up some confusion…
Ben