I’m using maintenance windows with “enforce maintenance window with client locking” to patch endpoints each morning from 1am-6am. I’ve been asked to come up with a solution to patch systems outside the maintenance window if they have not been patched after x days. Coming up with the relevance to populate a “catch_all” group i think will be possible but i’m not sure how to get around the client locking. I know there is an option to edit the masthead to “Exempt the following site URL from action locking”. The issue with this is i would have to create custom copies of all the required fixlets (manual work each month) and baselines with the custom copies does not seem to work. The action i take on the baseline is prevented from running by the “lock”. Even selecting multiple fixlets in the exempt site at once is prevented by the lock. Only actions taken on individual fixlets in the exempt site bypass the lock and install. Is there a way to run a baseline against a “locked” system?
Thanks!