3 Replies Latest reply on Aug 30, 2016 4:43 PM by phoffmann

    Selecting Definitions for a Repair Group

    Apprentice

      When creating a repair group for a group of Windows computers, and selecting the definitions to add to that group, can anyone guide me or give me some pointers or suggestions as to the best way to go about this?  I am somewhat new to LANDesk, so please forgive me if this question seems stupid.

      For example, I am setting up a repair group for some Windows 7 machines with Adobe Acrobat, Java, Flash Player and Chrome, among others.  They have Office 2013, so I don't want to add hundreds of Office 2003/2007/2010/2016 patches.  One option is to simply add all the available definitions, but then I am just asking for a failed task, right?  So if I want to add only the necessary definitions, (patches and updates) to the group, I find myself spending an incredible amount of time going through all these definitions and trying to select the ones (that I think we need).  There has got to be a better way.  I have tried sorting the definitions on the date published, and the vendor, and that helps, but it is still very time-consuming.  I appreciate any suggestions very, very much!

       

      Best,

      Sam S.

       

      P.S. I did just now have an epiphany of sorts, and feel pretty dumb for not thinking of it sooner.  I used "2012 R2" for a search term and applied it on all columns, and it returned a lot of definitions that all looked appropriate for this repair task, so I will go with that and see how it goes. 

        • 1. Re: Selecting Definitions for a Repair Group
          phoffmann SupportEmployee

          So there's a bunch of stuff here - and yes, we do "kill you with kindness" from the information side of things, but you can do a bunch of stuff to automate or make your life easier.

           

          First up - what version of LANDesk are you on? If you're on 2016 you can automate a heck of a lot with roll-out projects. Conveniently, we have videos & articles on that here:

          - How To: Get Started Using the New Rollout Projects Tool for Software Distribution

          - [Tech Brief On-Demand Webinar 2016] How to utilize "Rollout Projects" in Management Suite 2016

          - Rollout Project Order of Operations

           

          ... if you're looking for patches that apply to a specific OS and/or criticality level, you can make use of filters to help you along:

          Filters_Where.jpg

           

          ... you can filter by OS Name, Criticality level and (with LD 2016) custom tags that you can add to patches (so "approved" for instance):

          Filters_OS_Selection.jpgFilters_Criticality.jpg

           

          ... then, there's the subject of patch supercedence (i.e. "patch X includes the fix for patch y"). By default, we show you "ALL" the stuff that's detected & needs fixing in the vulnerability view of a device, but you can hit a button to effectively apply supercedence to that view as per here:

           

          View before superceedence - notice the multiple entries for 7-zip alone for instance, totalling not far from 500 detected vulnerabilities / patches needed:

          PatchSuperceedence_Before.jpg

           

          Now, I've clicked on the "Hide replaced definition results" button (highlighted in the previous screenshot) and my "required" patch install count is down to a bit over 300. That's 150 patches odd that I didn't "really" have to install, purely because of superceedence rules!

          PatchSuperceedence_After.jpg

           

          ... so depending on how homogenous your server environment is, you MIGHT make use of this to make your life a LOT easier.

           

          We "have" to list every individual vulnerability, as not every company can install "just the superceeded patches" because "patch X" might break something, and/or there's tight version controls (often on stuff like - say - Java and/or .NET) as these can severely affect (usually age-old) software that's running on those servers quite adversely.

           

          So ... between these points, your life should be a bit easier? You can use the filters for "stuff you care about" and then just trawl through the "detected" section in the vulnerabilities view, so you only actually look at the vulnerabilities that are actually relevant to your organisation, rather than the 1,000-s of entries in patch content in general, for instance as well .

          DetectedVuls.jpg

           

          And with rollout projects, you can even automate the roll-out of (for instance) critical patches from Microsoft (or "vendor of choice) to your desktop estate automatically ... it's sort of the "paralysis by sheer number of choice / possibilities" situation, so I figured let's get you started & comfy with these things first ... and then see how you get on with other things as appetite grows & you feel more confident with what you want/need & what the software can do for you.

           

          Hope this helps?

          1 of 1 people found this helpful
          • 2. Re: Selecting Definitions for a Repair Group
            Apprentice

            Thank you, this is very helpful!

             

            Sam

            • 3. Re: Selecting Definitions for a Repair Group
              phoffmann SupportEmployee

              OK - marking this as "assumed answered" for now then ... if there's anything else, feel free to post another question .