Here is a quick and dirty way to use patch polices for patching old templates before machines go into production.
3 Likes
Patch Policies are ideal for this use case.
I wouldn’t recommend using Manual Groups for this, or really anything. They are not ideal, especially at scale.
One option is to use the “BigFix agent install time” < X days as a mechanism for machines that should be brought into the patch catch up policy. Related: Delay BigFix site subscription to speed up client provisioning
Turns out you likely can’t use number of relevant fixlets: Client relevance to get computer group memberships
I generally use minima of subscribe times of sites as a proxy for time in which the client joined BigFix, but there is the possibility of using minima of effective dates of (settings of it; administrators of it; settings of manual groups of it; settings of sites) of client as well, though that seems to be lower quality, would need some filtering to really use it.
This comes close:
minima of unique values whose(multiplicity of it = 1 AND 3650*day + it > now) of effective dates of (settings of it; administrators of it; settings of manual groups of it; settings of sites) of client
But this is still generally best:
minima of subscribe times of sites
1 Like
Right this is just the quick and dirty way how to set it up. You can use a manual group or a client setting to kick off the catchup then you would have to remove that client setting once complete. I just did a manual group for simplicity of setting this up.
1 Like