3 Replies Latest reply on Dec 15, 2010 6:38 AM by Rich_Jolley

    How do you run a scan at the end of a provisioning script

    Apprentice

      Hi

       

      Just a quick question.

       

      Im not sure how to initiate a patch at the end of a provisioning script.

       

      If i preload the machine into certain scheduled tasks that are policies. How do i execute a command at the end of my script to invoke the policies.

       

      This is on landesk 9, SP2 with windows 7.

       

      Thanks

        • 1. Re: How do you run a scan at the end of a provisioning script
          Rookie

          You could do this a couple of ways:

           

          1.  Create a "Patch" action in the System Configuration section of your provisioning template.

          2.  Create a batch file that kicks off an inventory scan or security scan.  Which ever you need.

           

          I've configured all our provisioning templates with a "Patch" action.  Mainly to insure the image is up-to-date before the box is deployed, despite the age of the image.  This eliminates some of the image PM hassles.

          • 2. Re: How do you run a scan at the end of a provisioning script
            Apprentice

            Hi Rich

             

            Thanks for the reply.

             

            So when you use the patch, do you create a custom Group to scan and remediate on?

             

            If so is there an easy way to populate this group, or does it have to be a manual process? I find this a little tedious to know exactly what i need in it.

             

            Regards

             

            Ryan

            • 3. Re: How do you run a scan at the end of a provisioning script
              Rookie

              Correct, you can create a custom group or configure one particular vulnerability ID to be "patched" or you can perform a security scan only.  I created a custom group that contains third party software updates and Windows updates.  Yes, It is somewhat of a pain and it is a very manual process, unless you setup or configure process manager to automate certain tasks.

               

              What I did was, imaged a test box, performed a security scan and noted all vulneribilities LANDesk found.  I then opened Patch, created my custom group, searched for all vulneribilites then copied them to my custom group.  This is a good starting point.  Of course updates are published regularly.  So, this is something you will have to "manage".