What are best practices maintaining a consistent LANDesk patch management structure across 2 core servers?
In our environment we have 2 core servers, one for the East one for the West then a rollup server. We have been told in the past that we cannot use a rollup server for LANDesk patch management in the 9.5 release. LANDesk phone support didn’t have clear answers on this but ultimately I was told it couldn’t be done in 9.5. I would like to know is that really true in the 9.6 release?
Second question would be if this is true and there is no way to manage this from one central location then administration is a bit of a nightmare. Currently we have a separate administrator in the East and from the reports I am generating our patch levels are very inconsistent.
Not really worth describing how we are setup because I will change it shortly but here is how I am thinking we should be setup. Computers should scan for all vulnerabilities and not necessarily for items in a patch group like we currently are doing. All detected should be looked over and put in a pilot group first and then deployment group after tested. So now we are maintaining 2 groups in each location and the “Do Not Scan”, “unassigned” and scan groups. So how would I keep consistency in these groups in the most efficient manner? Should I export and import the groups every month? Even if I did that there would be inconsistencies in the “unassigned” and “do not scan” group. How would I keep them consistent? The margin of human error is very large especially with a language barrier.
We had been pulling reports from WSUS which were showing how badly patched the East is and the West isn’t bad however there are a few patches that need to be manually reconciled with WSUS. Apparently a few patches got declined that should not have been. Anyone know the most effective way in reconciling this? If you do a search for the KB article number LANDesk typically returns nothing which is another source of frustration. What would be a good way to solve all these problems and make this product easier to use? Our current methods surely aren’t consistent with the set it and forget it email I received a few weeks ago regarding patch management and I would like to get back on track.