Setting patch policy question

Usage and Config Patch
1

Hey guys,
So I went over the docs about setting up a patch policy and would like to ask some follow up questions.
So let’s say I have a policy that refreshes every month on the second Wednesday and is applied to a few computer groups, and each group has it’s own maintenance window.

  1. When I create a new schedule, that schedule will be applied to a group of my choice. Let’s say the maintenance window of that group is on the second Wednesday of each month. When should I schedule the the policy to be deployed to that group? My confusion is that if I have a maintenance window for a group, and I also have a schedule that applies the policy at a given time, wouldn’t I just end up with 2 windows of time at which the updates are sent to that group? My concern is that when the WebUI policy is applied to a group, the group won’t be in an “unlocked” state to receive those updates. I’m surely missing something here because when I create a new action, I can set it to be available for a whole month, and during that month those patches will be available for installation, but that will only be done when the maintenance window arrives. Does that also exist in Patch Policy in the WebUI?

  2. Aside from automation, how are patch policies different from baselines and what do I do with their actions? For example, when I create a baseline with updates in it, I usually have to go over updates that don’t have a default action. How do I address it with the patch policy in the WebUI? Do those updates just don’t get applied?

  3. Let’s say there’s a new 0Day or CVE patch that I would like to immediately roll-out, how do I properly do it when the computers are in a “locked” state due to not being in their maintenance window time? Is there an option to override it for those specific edge use cases?

  4. When can I expect new updates from BigFix? From my understanding, BF doesn’t roll out updates immediately on Patch Tuesday. I believe that is essential knowledge to plan maintenance windows and patch policy refreshes in order to receive the latest updates each month.

  5. What else should I take into consideration when I plan my maintenance windows? I currently don’t have a lot of machines to manage and I would like to properly test everything out to see that patches are indeed applied on time and that there is no funny business going on that I missed. Any best practices or tips are welcome :slight_smile:

Thanks in advance!