/build/static/layout/Breadcrumb_cap_w.png

K1000 Patching a New Machine

Hi All,

We have recently implemented the patching section of our KACE appliance. All appears to be OK so far - but the question I have is relating to new OS deployments. Our current build process is done in the following way:

  1. Machines are pre-created in Active Directory and placed into security groups for Applications required (e.g. MI-SOE installs standard software, MI-MS Project installs Project 2010 .etc)
  2. K2000 Deploys Windows 7 SP1 x86 or x64
  3. K2000 Renames based on K1000 asset, joins to domain
  4. K2000 installs/configures Timezone, Virtual Memory, Registry, K1000 Agent, Remote control software, restarts
  5. K1000 picks up as new machine based on K2000 marker file
  6. Managed Installation groups installs required software based on groups
  7. Machine is configured and delivered to user

I want to add my OS/App patching into the mix - but as far as I can see there is no way to "trigger" the patch deployments from the client side.

Is this correct? How can I ensure that this happens at build time?

Any suggestions are welcome - I want to ensure that the machine is patched before delivering to the client.

 

Kind Regards,

David Wedrat
Ausco Modular

<3 KACE ;)


0 Comments   [ + ] Show comments

Answers (6)

Answer Summary:
Thanks guys. I took the approach of having an aggressive patching cycle. Basically my K2000 drops a kace.new file on the system and the K1000 reads the timestamp on it and aggressively patches based on the that file being less than 12 hours long.
Posted by: WGM_Jeff 11 years ago
4th Degree Black Belt
2

I created a detect and deploy in patching specifically for new machines. I manually add the machine to that label and then run patches. Afterwards I remove them from the label. You could probably automate it by creating a Smart Label that looks for machines without a patch that all machines should have, and then have a detect and deploy set up for that label. Once it has the patches, it should drop it from that Smart Label.

Hope this helps.


Comments:
  • That's what i would do. I have a smart label that looks for machines added to the K1, in the last 24 hours. Then an aggressive patch schedule everyday for the new machines. Just be-careful if the machine gets deleted from inventory and re-added to the K1. It'll fall in the label. - dchristian 11 years ago
  • Is that smart label an SQL query? If so, would you be so kind as to share? That would be a handy smart label to have. - tshupp 11 years ago
Posted by: dugullett 11 years ago
Red Belt
2

I've been looking at this as well. Luckily I have about a year before our current contract runs out with current patching solution. I haven't had a lot of time to test this.

I did find a powershell script at http://www.networknet.nl/apps/wp/published/powershell-delete-files-older-than-x-days. Basically I would add a txt file to a directory and have Kace inventory it. Also create a smart label for that software title. Then set an aggressive schedule for this label. 

Then run this script every couple of days or so to delete the text file it it is over X days old. No text file = no more label.

Again I haven't tested this thoroughly, but I would think it should do the trick.


Comments:
  • Forgot to mention to copy the txt file as a post install to give it the current date. - dugullett 11 years ago
Posted by: chucksteel 11 years ago
Red Belt
1

I have wondered about employing the following approach:

Machines are imaged and placed in a specific OU when joined

Use a smart label for machines in that OU and apply a detect and deploy job to that smart label that runs on a frequent basis

Once patching is done and machine is deployed, move it to another OU

 

Posted by: auscoit 11 years ago
Orange Belt
0

Thanks guys.

I took the approach of having an aggressive patching cycle.
Basically my K2000 drops a kace.new file on the system and the K1000 reads the timestamp on it and aggressively patches based on the that file being less than 12 hours long.

Posted by: gkhairallah 11 years ago
Purple Belt
0

This topic is a bit old, but I did a very similar thing yesterday, and created a post about it. My SQL  is a bit like DrewDavid, except I target the MACHINE.CREATED. 

Though the point about MIAs coming back online may be an issue, in discussing with my boss, we decided that it's sensible to force a machine to do updates when it comes back online after being off for more than 120 days. So went we ran with that idea. 

you can see the blog post here: http://blog.foreignkid.net/2013/03/kace-auto-patching/

Posted by: drewdavis1 11 years ago
Orange Belt
0

Hey there, bit new to KACE but here is what I have. I have a smart label that looks at the OS install date and anything that is within the last 24 hours gets added to my "Newly Imaged Systems" collection. Then, I have a aggressive patch job that runs on these systems. The job gives a brief warning that the 'forcefull' job is about to run to give our techs the option to cancel it but once it starts, its will keep going. Now, I'm still trying to find the best way to get this job to rapidly run on systems that have just joined the "Newly Imaged Systems" label...any thoughts on that?

Here is my SQL for "Newly Imaged Systems""

 select 
*,
UNIX_TIMESTAMP(now())-UNIX_TIMESTAMP(LAST_SYNC) as LAST_SYNC_TIME,
UNIX_TIMESTAMP(MACHINE.LAST_SYNC) as LAST_SYNC_SECONDS

from
ORG1.MACHINE
LEFT JOIN
KBSYS.KUID_ORGANIZATION ON KUID_ORGANIZATION.KUID = MACHINE.KUID
LEFT JOIN
KBSYS.SMMP_CONNECTION ON SMMP_CONNECTION.KUID = MACHINE.KUID AND KUID_ORGANIZATION.ORGANIZATION_ID = 1
where
((DATEDIFF(NOW(),OS_INSTALLED_DATE) <= 1))

 


Comments:
  • I would take a look at some of these to help you out better. Basically under Security>Patching> Detect and Deploy Patches you create a new patch schedule. You can deploy it to that specific label as often as you need. There is an option to prompt the user.

    https://kace.webex.com/kace/lsr.php?AT=pb&SP=TC&rID=64794217&rKey=d542627c248ac670&act=pb

    https://kace.webex.com/kace/lsr.php?AT=pb&SP=TC&rID=64102722&rKey=a89fe5f88f378c36&act=pb

    https://kace.webex.com/kace/lsr.php?AT=pb&SP=TC&rID=64794217&rKey=d542627c248ac670&act=pb

    https://kace.webex.com/kace/lsr.php?AT=pb&SP=TC&rID=62620542&act=pb&rKey=1662967d63442b76

    http://www.kace.com/support/resources/kb/article/KACE-Kontinuing-Education-K1000-and-K2000-Recordings - dugullett 11 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ