Hello everybody! I need suggestions with a recent problem we are having. Currently we use BigFix Patch for one of the largest companies in Argentina.
One of the requirements we had to meet was to create a policy that only installs the patches that were released in the last week.
This should be done automatically on a group of testing servers. The problem arises because many of these servers are old and require patches that were never applied. So when we create the policy we have a lot of errors in the older servers.
There is some way to remove old patches within the policy. The idea is that if we have new patches for those servers or their applications we can fix them.
From BigFix support they recommended that we do not have policies with more than 150 patches. Policies currently have more than 3000 patches. They also said that if we want to add a filter by patch publication date we must request an enhancement request.
The final objective of this policy was the following:
Every day it should be checked if microsoft published a new patch, in case a patch has been published, the next day it was installed at 0 am on all laboratory servers.
On Sunday of the same week, the patches published in that week were installed, in case there are no new publications, NOTHING IS INSTALLED.
Subsequently, once a month, it is applied to the Production servers.
Any help or solution for this problem would help us a lot.