Now if I use some baselines with 50 fixlets, what is better way to that those baselines work all the time catching computers accesed to the network for first time and all necessary security patches are installed ?.
It is easier on the system to have the individual Fixlets open, but as long as your baselines are not too big, you can send actions from the Baselines to save yourself time from individually activating actions.
wolverine,
Here is an approach some of our customers use to help manage new builds by applying many actions, but not affect the rest of their users:
Create a separate operator account called “NewBuilds”. Set this user to manage computers with a “newbuild” registry key set somewhere.
Build all the appropriate baselines with this “NewBuilds” operator account and send actions that don’t expire to all computers.
When a new computer comes online for the first time, set the “newbuild” registry key (you can even set it in the image). This will make the agent on the computer look at all the actions for the “NewBuilds” operator and install all the needed patches.
As a final step in the build process, remove the “newbuild” registry key.
With this method, the newbuild computers will be able to automatically install everything needed, but the other agents in the system will not have any adverse affects from the large baseline actions because they will never be looking at the “NewBuilds” operator site.