I have created a baseline that performs driver updates for our machines. I want to achieve two things:
Deploy the driver update baseline in a "phased rollout". i.e., deploy to a small group, then to increasingly larger groups of users. Essentially we would use Active Directory OUs for my org.
Run this action recurringly on a schedule, e.g., once per month.
Patch policy seems to be the intended way to achieve this but patch policy seems to only deploy fixlets and not baselines. I would prefer not to condense my baseline into a single fixlet, I can share the baseline if needed.
Any recommendations on achieving this? So far I have been doing this manually and would prefer to automate this process.
Is that Baseline going to be modified, so basically a new Baseline each month, or is it going to be static for several months in order to rollout across the entire estate ?
This is one way that comes to mind.
Create the Computer Groups mapped to OUs
Create a non-expiring (Policy) action for each computer group from that Baseline, and target dynamically by group… ensure that the execution constraints are set such that the action never ends, retries on failure, reapplies the action, and then ‘Run only when’ a property matches true.
The Run only when constraint uses a retrieved property that returns TRUE only on the specified day and time of every month… set the relevance to evaluate this day and time.
You need one day/time property per group