(imported topic written by SystemAdmin)
Hello,
We have a client that wants to reproduce their current patch management process (WSUS) using BigFix.
This process is:
- install each Windows patch on a group of machines (G1) for 15 days
- if no problems, automatically installs the patch on another group of machines (G2), for another 15 days
- if no problems, the patch is automatically installed to all relevant machines
Please tell me what you think about the following solution.
Do you see any better ways of doing this?
-
Configure BES so that all fixlets are globally hidden
-
On the BES server, identify the most recent actionsite folder (…\wwwrootbes\bfsites…)
2a Use BESDownloadCacher.exe to download all the files from the Enterprise Security (Patch Manager for Windows) Fixlet site and store them in the download cache
-
Create a Custom Site called G1 and identify its folder
-
Select the machines in Group 1 and subscribe to the G1 site
-
Create a script that moves all new Windows fixlets and actions from the actionsite folder to the G1 folder
Schedule this script to run daily
-
Create a Custom Site called G2 and identify its folder
-
Create a script that moves all files in G1 created 15 days before the current date to the G2 folder
Schedule this script to run daily
-
Create a Custom site called DeployToProduction
-
Create a script to move all files in G2 created 15 days before the current date to the DeployToProduction folder
-
Schedule (daily) the ActionRegenerator script (http://support.bigfix.com/bes/misc/actionregenerator.html)
to automatically deploy all fixlets in the DeployToProduction group to all relevant machines (without operator intervention).
Thanks,
Marc