4 Replies Latest reply on Oct 31, 2014 9:00 AM by dlindhorst

    bypass a maintenance window - vulscan - patch manager

    Rookie

      Hello, I could you help with in soving some small problem with vulscan patch manager.


      I use Landesk 9.6, I have a agent with some agent settings to be deployed on user workstations.


      I configured distribution and patch settings with a maintenance windows.

      My question is, I want to start a manual scan/repair on a specific workstation for an urgent patch.

      I mean I want to bypass the maintenace windows settings from the current agent and force a patch scan and auto fix.

       

      I tried to start a patch and compliance scan now on the workstation where I choose an other scan and repair setting where no maintenance windows is configured in.

       

      The scan and repair always finish with, something like: deferring action until next maintenance window...

       

      any idea about how to achive that?

       

      thank you.

        • 1. Re: bypass a maintenance window - vulscan - patch manager
          Frank Wils ITSMMVPGroup

          Right-click on the urgent patch to be deployed and choose 'Repair'. This will create a Task. In this task you can choose to ignore Maintenance Windows.

           

          Frank

          • 2. Re: bypass a maintenance window - vulscan - patch manager
            Rookie

            ok, thank you for the that.

             

            I have also that case:

             

            workstation staging using a provisionning template.

            Agent is installed with same scan repair settings during provisionning.

            I added a final step into the template in order to scan and patch (autofix) each new staged workstations

            I have the same problem during scan and patch as the agent setting have maintenance window.

             

            How could I start a full scan and repair and bypass the maintenace window when I use a provisionning template and a scan and repair task ?

            • 3. Re: bypass a maintenance window - vulscan - patch manager
              Apprentice

              We are having the same problem.  I found we have to deploy new patch and distribution agent settings to the machine that do not have a maintenance window, then kick off the secuity scan. Once it is complete, we push the old agent settings back that contain the maintenance window.  Really a pain and hope this is fixed in sp1.

              • 4. Re: bypass a maintenance window - vulscan - patch manager
                Apprentice

                I found out that the maintenance window for a device is set by the default agent setting and is not overridden by selecting a different Distribution and Patch setting.  To scan and avoid a maintenance window you have to schedule the task from the Patch and Compliance component.  Click on the Calendar icon on the toolbar then select "Security Scan".  In the window that appears you need to check the box "Ignore maintenance window if specified".  Then select the agent settings you want to use if needed.  You will then have a scheduled task you can run for any of the machines that you need to run a security scan on.  If you look under the "Message" column after starting the task you will see where it is at in the scan process and it will show how many patches it has installed and how many total are needed.

                1 of 1 people found this helpful