Problem:
I have several server groups that have different patching levels that are approved. Is there an easy way to bring a new server up to that level.
Solution:
You can use custom groups and a specific Scan and repair setting to bring new computers up to the approved level of patches. Below are the instructions on how to do this.
- Open the 32bit console.
- Click on Tools | Security and Compliance | Patch and Compliance
- Expand Groups
- Right click on Custom Group and click New Group.
![New Group.png]()
- Give the New Group an appropriate name related to a specific server group.
- Drag appropriate Vulnerabilities for this server group into the group.
- Expand Settings.
- Right click on "Scan and Repair" and select New...
![SaR new.png]()
- Give the new Scan and Repair settings an appropriate name related to a specific server group.
- Click on Scan Tab.
- Click Group and Immediately Repair All Detected Items.
![Scan tab.png]()
- Click the ... button and then select the custom group.
![Group selection.png]()
- Click ok.
- Click the Repair tab.
- Check Start Repair even if reboot is already pending.
![Start repair.png]()
- Make any other changes to the Scan and repair settings as needed.
- Click ok.
- Click Create a task then security scan.
![Create a task security scan.png]()
- Give the new Security Scan an appropriate name related to a specific server group.
- Click Create as a policy or Scheduled tasks.
- Choose the Scan and Repair Setting created in step 9.
![Create security scan task.png]()
- Drag the query representing the computers you want at this level of patching into the task.
- Start the task according to the schedule that fits your environment.
Once this tasks has run and you make additions to the vulnerability in the group. Restarting the task will not automatically restart the task on all of the computers.
- Right click on the Scheduled task and choose properties.
- Click on Schedule task.
- Choose Start now or Start later.
- Under Schedule these devices, select All.
![Scheduled task all computers.png]()
This will rerun the security scan on all computers and install any additional patches that have been added to the group.
