Patch exculsion for multiple computer from baseline parmanently

Reporting
1

(imported topic written by chandan731)

Hi,

I use a single baseline for patching over multiple servers. however, as specfic requirement for application customer don’t to be installed those updates on their invironment. So i want to exclude those updates parmanently for being patch on monthly patching and rest of the all updates should be received on all servers.

Please suggest process.

Regards, Chandan

2

(imported comment written by Tim.Rice)

We have a similar issue. Several of our Vendors must “Approve” Microsoft patches before we can install them.

To make this work, we use multiple Baselines, using Automatic Groups to limit which baselines are evaluated by the servers in question. Be careful not to put too many patches in a single baseline. While a client is working through the evaluation of the Baseline or processing an action based on a Baseline, it will not do anything else until it completes. If you have too many fixlets/tasks in the Baseline it can take a LONG time to complete. Better to have multiple smaller baselines than one HUGE baseline.

I’ve been trying to limit my Baselines to one month worth of MS Patches.

As an example, if I was supporting an Application called “Widgets” …

  1. I would create an Automatic Group “App-Widgets” configure it to include all member servers that are part of the “Widget” application. Configure the group to automatically add all the appropriate servers (either by Computer Name or by looking for the “Widget” application components", or both).
  2. Create a baseline “2014-04 - Widgets Application MS Patches” with a Relevance checking if Group Membership “IS MEMBER OF” the “App-Widgets” group.
  3. Add all of the “approved” patches released by Microsoft in the month of April 2014.
  4. Now, only computers that are a member of the App-Widgets group will evaluate their relevance to the Components of the “2014-04 - Widgets Application MS Patches” baseline.
  5. I usually like to keep a Group “App-All Microsoft Patches” and a baseline that contains all the MS Patches from a given month (I create a new baseline each month). Most servers go in this group.