You could do this a couple of ways:
1. Create a "Patch" action in the System Configuration section of your provisioning template.
2. Create a batch file that kicks off an inventory scan or security scan. Which ever you need.
I've configured all our provisioning templates with a "Patch" action. Mainly to insure the image is up-to-date before the box is deployed, despite the age of the image. This eliminates some of the image PM hassles.
Thanks for the reply.
So when you use the patch, do you create a custom Group to scan and remediate on?
If so is there an easy way to populate this group, or does it have to be a manual process? I find this a little tedious to know exactly what i need in it.
Correct, you can create a custom group or configure one particular vulnerability ID to be "patched" or you can perform a security scan only. I created a custom group that contains third party software updates and Windows updates. Yes, It is somewhat of a pain and it is a very manual process, unless you setup or configure process manager to automate certain tasks.
What I did was, imaged a test box, performed a security scan and noted all vulneribilities LANDesk found. I then opened Patch, created my custom group, searched for all vulneribilites then copied them to my custom group. This is a good starting point. Of course updates are published regularly. So, this is something you will have to "manage".