6 Replies Latest reply on Aug 3, 2010 9:12 AM by FGamer

    Autofix - How it works?

    Rookie

      Hello all -

       

      I've recently set up my patches as Autofix, but I'm not sure if it is working correctly.

       

      The agent is set up to run a scan at log on and 4PM. How can I be sure that the patch will install automatically at this time? And, How can I force to install all patches set up as autofix, for example, in a new computer with LANdesk?

       

      Thank you

        • 1. Re: Autofix - How it works?
          Apprentice

          Requirements for using Auto Fix
               Only Administrators or  users with the Patch Manager right AND the Default All Machines scope can enable  the Auto Fix feature for applicable definitions. LANDesk users without either  the LANDesk Administrator or Patch Manager right won't even see this option on a  definition's shortcut (right-click) menu. For more information on rights and  scope.

               Auto fix has to be enabled in two places in order to work properly. First,  the auto-fix option must be turned on, and secondly the scan and repair settings  must be applied to the scheduled scan task. If either one of these two item's  autofix option is  NOT enabled, autofix will not happen.

               When Auto Fix is enabled in both places mentioned above, the next time the  security scanner runs (either manually or via a scan task), Patch and Compliance  automatically deploys and installs the required patch on any affected device.  With Auto Fix, if a patch requires a reboot, the target device always  automatically reboots.

           

          You can enable Auto Fix for an individual definition, or a multi-selected  group of definitions at once.

          To configure Auto Fix remediation

          1. In the Patch and Compliance tool window, right-click one or  more selected definitions from one of the content groups, and then click  Autofix when  scanning. (Note: You can't enable autofix on a custom  group.)

          2. Now run the security scanner on the devices you want to scan and  automatically remediate using a scheduled security scan task with an scan and  repair settings where the autofix option is enabled.

          1 of 1 people found this helpful
          • 2. Re: Autofix - How it works?
            mrspike SSMMVPGroup

            To add to the rules of Auto Fix, it also must not be "disabled" in the agent configuration (Set to Never Autofix)

             

            Another less known fact about Autofix is, if a patch fails on a a system for whatever reason, say Java because IE is open, that patch will NOT attempt to autofix again on that client unless you right click on the patch and clear the repair status.... so you should also have policy or push jobs in place that will ensure patching takes place.

            • 3. Re: Autofix - How it works?
              Rookie

              Thank you both for you helpful answer.

               

              What would be the best pratice to have all patches in autofix and avoid computers without security patches? I'm woried because I'm replacing my WSUS by the LANDesk and I would like to be sure that all computers have the last approved patch.

               

              Thank you for your suggestion and attention.

              • 4. Re: Autofix - How it works?
                mrspike SSMMVPGroup

                Fabio,

                 

                I am not clear as to what you meant here:

                 

                What would be the best pratice to have all patches in autofix and avoid computers without security patches

                 

                What do you mean "and avoid computers..."

                 

                Did you mean "to avoid having computers not being patched"?

                 

                 

                Autofix is a great tool, you just need to use some caution.  Here are some things to consider:

                 

                • Only enable Auto-Fix on patches your want to install
                • You MAY not want to enable it on Service Packs and .Net packages, these can be troublesome patches in themselves
                • I would not enable autofix until after you have tested new patches for a week or so.
                • If you have systems you do not want to use Autofix on, use a different default scan and repair setting for them that does not have Autofix checked

                 

                 

                For more patching info, I wrote this document, as in many things, there are more ways than one to patch in LANDesk, this is just a simple one I teach to our new techs here on site

                 

                http://community.landesk.com/support/docs/DOC-6820

                • 5. Re: Autofix - How it works?
                  Rookie

                  Thank you James!

                   

                  You got my question! I'll take a look at you doc and let you know if I need more help.

                   

                  Thank you.

                  • 6. Re: Autofix - How it works?
                    Rookie

                    James -

                     

                    In your document I can see two ways to patch and I would like to undestand how the option "Repair as a policy" works, can you help me?

                     

                    This doc really helped me opening my mind.

                     

                    Thank you!