Hello all -
I was curious how others were going about their deployment strategy here? I’ve been trying to get an environment of about 500 machines (workstations and servers) up to date with windows security patches here and have been mostly successful, but there seems to be a number of machines that do not get patched and I don’t quite have it isolated down as to why, and which machines.
I’ve been trying to deploy the patches during early morning hours that wouldn’t be intrusive to the end users, by using wake on lan and wake from standby schedules. The servers are easy since they’re always up and available, but the workstations are proving challenging as many laptops are not always present… in addition, a couple of remote offices have about a third of their machines that aren’t getting hit by the patches so I assume the wake on lan isn’t working for every machine.
I think the best thing to do here is to troubleshoot wake on lan and why some of the machines aren’t waking. What’s the best way to go about identifying WHICH computers aren’t waking, and how can I troubleshoot them remotely? I’d like to be able to patch all machines after business hours ideally. We do have a baseline policy for Wake-on-Lan setting the following to all machines:
00-10447: BES Client Setting: Designate Wake-on-LAN Forwarders
00-10448: Enable Wake-from-Standby by Magic Packet - Windows XP/Vista/Win7/2008 and Mac OS
00-10449: PC Narcolepsy: Set System Unattended Sleep Timeout - Windows Vista/7
Other than that, is anyone deploying patches during business hours to troublesome machines? I have been itching to do that just to get them patched in the mean time, but I’d hate to invoke a restart or break some functionality during business hours as well. My past patching experience has been with wsus and I used to previously set a company patch day, where we’d roll out the patches during the middle of the business day and require a restart by end of day. I don’t think I can quite do the same here with bigfix and the new company, it needs to be as seamless as possible.
Would love to hear about how other people are handling this Thanks