Best practice for ITMU.

I'm just curious how other admins are using the ITMU.

This is how I do it:
When a new change request comes through for a set of patches I bundle
them up into one ITMU package and deploy it to all PCs. I have around
4000 Windows XP as my target collection. They are roughly 50/50
laptops and desktops. After about 2 weeks I have around 3000 (75%) of
those correctly installed.

Roughly every two months I take all the patches that have hit at least
75% of their targets and repackage them into bundles not exceeding 5
patches. I have found that any more than 5 patches and I get some
clients not installing the patches over thin (64K) links. These
clients are using a 3rd party SMS tool called SMSNomad by 1E. It works
great. I'm not sure whether it is the thin link or SMSNomad, but I
have definately seen that when the ITMU package has more than 5 patches
then I get very low success rates at these satellite sites. Anyhoo, I
target these "second wave" packages using a WQL query. I pick the
individual package with highest number of PCs left to install and
create a collection to hit those targets. For example:
SELECT SMS_R_System.ResourceID, SMS_R_System.ResourceType,
SMS_R_System.Name, SMS_R_System.SMSUniqueIdentifier,
SMS_R_System.ResourceDomainORWorkgroup, SMS_R_System.Client FROM
SMS_R_System inner join SMS_G_System_PatchStatusEx on
SMS_G_System_PatchStatusEx.ResourceID = SMS_R_System.ResourceId where
SMS_G_System_PatchStatusEx.QNumbers = "914388" and
SMS_G_System_PatchStatusEx.LastStateName = "No Status"

is my query to target MS06-036 (KB914388). To this collection I am
sending a package containing MS06-030, 032, 034, 035 and 036.

So I am curious:
Do other administrators do it roughly like this?
Can anyone suggest a better way?
I am tempted at the 75% compliance stage to split the initial package
into individual packages containing one patch each. The only reason I
don't do that at the start is because rebooting 4000 PCs once as
opposed to five times is vastly different in its effect on the end user
(and the client has told me I'm not allowed to so there you go).

Yours curiously,

Paul.

.

Relevant Pages

  • Re: sunmanagers Digest, Vol 34, Issue 14
    ... Christopher sent me a link to ftp.cs.tu-berlin.de that has all patches sun ... Subject: SUMMARY: Setting up mail on a Solaris Server ... however I seem to be having issues finding a binary package. ... Problems while installing 108528-29 for Sol8 machine ...
    (SunManagers)
  • Re: Solaris 8 - Kernel Patches Not Updating 64-bit Files
    ... tried installing the latest recommended patches as 'uname -a' ... Original package not installed. ...
    (comp.unix.solaris)
  • Re: Solaris 8 - Kernel Patches Not Updating 64-bit Files
    ... tried installing the latest recommended patches as 'uname -a' ... Original package not installed. ...
    (comp.unix.solaris)
  • Reinstalling OS Service on a Server with Patched OS Service
    ... After initial install and setup of a Solaris 7 sun4m server, ... Now I try to reinstall the OS service from the Solaris 7 CD-ROM with the ... patched resulting in being different than the package on your media. ... You will have to backout all patches that patch this package before ...
    (SunManagers)
  • Re: attach ticket to package?
    ... there would be more patches. ... other recent suggestions about CTAN. ... A package would essentially ... generate email to the maintainers and contributors, ...
    (comp.text.tex)