In "autofix patches for specific scope," cwarren says, "Don't use repair tasks for a method of patching. It is horribly slow and inefficient." I thought I had heard this same advice elsewhere. I thought it had something to do with the way that the core server handled things, that a Repair would burden the core server more than other patching mechanisms would. And so, I never tried a Repair Task. I avoided them, thought someone (wish I could tell you who) said it was an outdated technology from an earlier version of LDMS.
So recently a co-worker of mine and I started re-evaluating our patching process. She and I separately called Ivanti, and the advice we got both times was that the Repair Task was a fine solution. Repair and Autofix both use the same vulscan patching engine; Repair just tells the systems to do it now, while Autofix (at least by default) waits for the systems to check in before it tells them to scan for and install patches. So when (as we do in some situations) we select a group of systems, tell them to do a patch scan with an autofix-enabled agent setting, that's using exactly the same underlying mechanism (vulscan) as running a Repair task. The only difference is that a Repair task has a presumably shorter list of patches (either manually selected in the moment or put into a custom group) to hand off to vulscan than Autofix does. So by that logic, a Repair task should actually go more quickly than an Autofix task.
So, for cwarren and any others who have given the advice that Repair tasks are slower and less efficient, what did you mean? What am I missing in my understanding here?
Thanks for your help.