2 Replies Latest reply on May 5, 2017 1:31 PM by cwarren

    How to exclude some systems from patching periodically

    CampDirector Rookie

      Hello all, here is my situation.


      I have two patching groups.  Production and non-production.  We install all of the newest patches to non-production first, and then if they don't break anything, we install them to production.  However, one of my business units who has all of their systems in the production group has requested that I not install patches next month as they anticipate a high workload.  And, they may occasionally ask this to be done again so I want to develop a repeatable process to exclude them.  It's about 65 systems of the total 1000 or so systems.  Any ideas how to exclude just these systems, some of the time?  Thanks in advance!

        • 1. Re: How to exclude some systems from patching periodically
          phoffmann SupportEmployee

          Use queries.


          One essentially to each cover:

          • All your production systems
          • All your production systems minus the 65 devices.


          ... the 65 devices can be excluded by including a "AND COMPUTER NAME NOT = 'Device_1'" through to Device_65 (tip - use the "Multi-insert" option to add up to 50 devices at a time).


          ... If that department has a single identifier for themselves / those devices, it can be even easier. Add a piece of custom data to those boxes and just include a


          ... AND "Custom Data - My Tag - Special Status" != "I am Special"



          for instance.


          There's all sorts of ways of skinning this particular cat. But the above two are two fairly simple ways to approach this.


          Does that help?

          • 2. Re: How to exclude some systems from patching periodically
            cwarren SupportEmployee

            It's also important to know how you currently patch.

            Are you using autofix by scope? Then in that case you would just need a new scope that doesn't include them.


            We don't have an exclude list per se.

            You could maintain seperate settings so that autofix was turned off on specific systems that at times (would have to be fairly regular to be worth it) can not be patched, then have a process to patch them. (pretty simple thing to get around)


            Essentially you just have to think of it as a list of what to include, and there isn't any way to exclude, you just don't include, if that makes sense.

            It all comes down to what process you use though to get into more specifics.