Hello, I would like to know if someone has already created a baseline for Windows XP SP3 ? I’d like to create a baseline that runs continuously (24 hours/7 days) and deploys ALL post-SP3 patches to a workstation when it’s relevant. What are the best practices for this ?
Microsoft has posted a lot of patches since SP3 is out and it would take some time to create a baseline and add the patches one by one, confirm that the patches are still relevant, etc.
Hello Ben, sounds like easy, but here are my questions:
-What should I do with CORRUPTED PATCHES ? Should I include them as well ?
-We were using Microsoft WSUS since 2005 and our business process includes creating an Excel list of all the patches extracted from WSUS and as of today my list has 1350 patches. We also have a Patch Management Comittee where we approve the patches. Some of them are “Not approved” (because of certain software incompatibilities). What would be the best way to compare that list with Bigfix’s list, since names are not quiet the same ?
-Is it a problem to run a baseline continuously ? Do I need more Relays ? What are the best practices, should I restart after the patches are installed, but what if some patches fail and keep retrying to install ? I have some issues right now (mostly with Windows 2000 computers) when I set my baseline to retry 3 times when a patch is not successfully applied and some users are complaining that they receive 3 times the message to restart their computer.
I am not sure about WSUS format, but we include the MS security bulletin number, KB number, OS or application info if applicable… hopefully it is straight-forward to compare to your spreadsheet.
Creating “policies” that re-apply and retry for your baselines should be fine. The number of relays you need should be the same regardless of your baseline policy… You can choose the restart/reapply/retry behavior as whatever you would like. If you retry 3x and force a restart at the end, then users will definitely be prompted to restart 3x if the patches aren’t applying properly. You can mitigate this with 1x retry and maybe not forcing the restart…