Did you ever get somewhere with this? I was wondering the same thing myself. Ugghh
Following up on this: We've gotten a little farther, but still not to a workable point. We created a shell script called 'ldpatch' within the LD bin directory. This calls vulscan with the appropriate repair argument:
/Library/Application Support/LANDesk/bin/vulscan /repair "vulnerability=all"
We then inserted a line in the ldcron.xml config file to run this script on a schedule. It does start, but the process pauses and puts a dialog box on the Mac GUI as shown in the attachment. The process won't proceed until someone answers the dialog box. The log file is included below.
We've been waiting for the Mac LD client to work properly for years, and in my opinion it's still not really usable for a university environment. For lab settings where large numbers of machines may be unattended, something like this makes the product unusable; I don't want dozens of machines sitting idle with no one logged in and with a dialog box preventing the patching process from taking place. It just doesn't make sense to me that the client would display this dialog box when no one is logged into the machine.
Perhaps I'm missing something, like a switch to the vulscan command that would bypass this dialog?
Wed Aug 10 10:31:20 2011  ldcron : Executing scheduled event (id:105): /Library/Application\ Support/LANDesk/bin/ldpatch
Wed Aug 10 10:31:20 2011  ldcron : Next scheduled execution (id:105): /Library/Application\ Support/LANDesk/bin/ldpatch Time:Thu Aug 11 11:21:13 2011
Wed Aug 10 10:31:20 2011  vulscan : Patch started.
Wed Aug 10 10:31:21 2011  vulscan : Repairing vulnerability all.
Wed Aug 10 10:31:21 2011  vulscan : GetPatchesForVulnerability(all)
Wed Aug 10 10:31:21 2011  vulscan : Downloading the patch http://BLAH.EDU/LDLogon/patch/SecUpd2010-005.dmg sdclient 2011-08-10 10:31:21 Final result = 229638144
Wed Aug 10 10:31:21 2011  vulscan : Finish downloading 1 webPatch(es).
Wed Aug 10 10:39:17 2011  ldremote : Attempt to send to unauthenticated client.
[ wait here indefinitely, until someone logs into the GUI -- and then the process continues ]
Wed Aug 10 10:43:15 2011  vulscan : Processing 1 webPatches.
Wed Aug 10 10:43:15 2011  vulscan : Dealing webPatch SecUpd2010-005.dmg.
Wed Aug 10 10:43:15 2011  sdclient : execute: 'echo "Y" | /usr/bin/hdiutil attach -mount required -noidme -nobrowse -plist '/Library/Application Support/LANDesk/sdcache/SecUpd2010-005.dmg''
blocking-dialog.png 267.2 K
Good workaround shodgesgt,
Its unfortunate you had to go through all this trouble though. A product with a price tag like LANDesk should have all of this baked in and stable but its never been the case. I've heard from customers and support staff that they're working on it but I've been hearing that for years.
Now that Remote Desktop is broken after moving to Lion, I'm giving LANDesk till the end of this month (August 2011) to get it together. If there aren't improvements or at least a release date, I'm uninstalling the LANDesk agent from all (200+) of our MACs and moving to ARD (Apple Remote Desktop).
Centrally managed patch management is no longer a nice to have feature for MACs, its a necessity.
You could go to Manage Scripts in the LDMS console and then click on New Local Scheduler Configuration Script and set those tasks up and then deploy it to your agents.