Deploy All Windows Critical Patches Automatically

Hi Guys,

Anyone of use have tried to deploy all Windows critical patches automatically using BigFix? I have tried to create baseline, but it also need the effort from user to deploy those patches, what my customer want is it is totally automatically, if there are any new critical patches from Windows, those patches will be deployed to clients without any efforts.

From what I’ve heard, something might be coming down the pipeline. Either way, you can automate your patch deployment with the REST API.

If you have a license to Bigfix LifeCycle, I believe you could do something like this through the Server Automation dashboard as well. I haven’t used it myself, but if I recall you can set up a schedule to “Deploy all baselines from custom site”. You still have to keep the baselines up-to-date, but don’t have to send Actions for each.

It is really not advisable to automatically deploy all new content. You should review each first, as there are often several options when choosing fixlets (ie. Monthly Security-Only, Monthly cumulative rollup, etc) and sometimes even contradictory actions (like “Enable Workaround” and “Disable Workaround” fixlets published together).

Hi jhickok,

Did you have any related document how to use REST API to deploy patches automatically? I am not familiar with REST API actually.

Good question. I guess the best place to start is here:

https://developer.bigfix.com/rest-api/

1 Like

Hi @adityowicaksono

Not exactly automatic Baseline creation but BigFix is working on an automatic patching solution and have been showing customers an early preview of what it looks like. Maybe you want to signup to the BigFix Patch Open Beta program and get access to the demos there to see what it is.