Patch Management Solution

COVID19 has forced a drastic increase of working from home PCs.
Whether your strategy is VPN or internet those Windows PCs still need patching and not to mention Feature updates.
If you're currently patching from Altiris then this increase is definitely going to have an impact on your VPN connections and your CEM servers and infrastructure.

I was curious to see what this community thought about policies that would identify the work from home PCs and direct them to download patches directly from Microsoft on their internet connections and if it applies to you to identify those on VPN and suspend as much downloading as possible until the machine returns to the office or internet.

I'm about to go looking for Altiris documentation to see how to configure direct patching from Microsoft while still patch managed by Altiris.
If anyone has any docs to share please do so.

Is anyone else considering an internet patching strategy? Until now we were more than comfortable patching the very few PCs on the internet from CEM but with the amount we have now we're wondering if there was a better way.

Hi,

If you are on 8.5 RU or higher you can use the Default Microsoft Update Configuration Policy, the policy references a link: http://www.symantec.com/docs/DOC11127 not currently working (hey Broadcom guys please assist here!)

The contextual help is still online: https://help.symantec.com/cs/ITMS8.5/Patch/frmMSconfigPolicy/title?locale=EN_US

Best to start there. We use normal patching for our customers over vpn, we enable the updates a few days before the install date so we know the devices will have the update downloaded by the time they need to install, also we report on the size that the endpoints +- will download (normally overestimate here), you can add the update size to the reports if you are comfortable to clone and customize the built-in reports.

Inv_Software_Update table contains the estimated update sizes.

Cheers,





------------------------------
ProServe Consulting
------------------------------

Original Message:
Sent: 03-20-2020 07:45 PM
From: Tsutomu Smith
Subject: Work From Home Patch Strategy

COVID19 has forced a drastic increase of working from home PCs.
Whether your strategy is VPN or internet those Windows PCs still need patching and not to mention Feature updates.
If you're currently patching from Altiris then this increase is definitely going to have an impact on your VPN connections and your CEM servers and infrastructure.

I was curious to see what this community thought about policies that would identify the work from home PCs and direct them to download patches directly from Microsoft on their internet connections and if it applies to you to identify those on VPN and suspend as much downloading as possible until the machine returns to the office or internet.

I'm about to go looking for Altiris documentation to see how to configure direct patching from Microsoft while still patch managed by Altiris.
If anyone has any docs to share please do so.

Is anyone else considering an internet patching strategy? Until now we were more than comfortable patching the very few PCs on the internet from CEM but with the amount we have now we're wondering if there was a better way.

Hi Rufus,

> the policy references a link: http://www.symantec.com/docs/DOC11127 not currently working (hey Broadcom guys please assist here!)

New URL for this KB is https://knowledge.broadcom.com/external/article?legacyId=TECH257230.

Best regards,
Dmitri.
Original Message:
Sent: 07-27-2020 02:53 AM
From: Rufus Swart
Subject: Work From Home Patch Strategy

Hi,

If you are on 8.5 RU or higher you can use the Default Microsoft Update Configuration Policy, the policy references a link: http://www.symantec.com/docs/DOC11127 not currently working (hey Broadcom guys please assist here!)

The contextual help is still online: https://help.symantec.com/cs/ITMS8.5/Patch/frmMSconfigPolicy/title?locale=EN_US

Best to start there. We use normal patching for our customers over vpn, we enable the updates a few days before the install date so we know the devices will have the update downloaded by the time they need to install, also we report on the size that the endpoints +- will download (normally overestimate here), you can add the update size to the reports if you are comfortable to clone and customize the built-in reports.

Inv_Software_Update table contains the estimated update sizes.

Cheers,





------------------------------
ProServe Consulting

Original Message:
Sent: 03-20-2020 07:45 PM
From: Tsutomu Smith
Subject: Work From Home Patch Strategy

COVID19 has forced a drastic increase of working from home PCs.
Whether your strategy is VPN or internet those Windows PCs still need patching and not to mention Feature updates.
If you're currently patching from Altiris then this increase is definitely going to have an impact on your VPN connections and your CEM servers and infrastructure.

I was curious to see what this community thought about policies that would identify the work from home PCs and direct them to download patches directly from Microsoft on their internet connections and if it applies to you to identify those on VPN and suspend as much downloading as possible until the machine returns to the office or internet.

I'm about to go looking for Altiris documentation to see how to configure direct patching from Microsoft while still patch managed by Altiris.
If anyone has any docs to share please do so.

Is anyone else considering an internet patching strategy? Until now we were more than comfortable patching the very few PCs on the internet from CEM but with the amount we have now we're wondering if there was a better way.

This does work. I have it  set up on a few test machines.
It is something we are considering given the size of the Windows 10 and Office 365 updates.  Synching  all off the Office 365 updates and Windows 10 updates to package servers globally takes more time  now.

Eric W.

------------------------------
CB Richard Ellis
------------------------------

Original Message:
Sent: 03-20-2020 07:45 PM
From: Tsutomu Smith
Subject: Work From Home Patch Strategy

COVID19 has forced a drastic increase of working from home PCs.
Whether your strategy is VPN or internet those Windows PCs still need patching and not to mention Feature updates.
If you're currently patching from Altiris then this increase is definitely going to have an impact on your VPN connections and your CEM servers and infrastructure.

I was curious to see what this community thought about policies that would identify the work from home PCs and direct them to download patches directly from Microsoft on their internet connections and if it applies to you to identify those on VPN and suspend as much downloading as possible until the machine returns to the office or internet.

I'm about to go looking for Altiris documentation to see how to configure direct patching from Microsoft while still patch managed by Altiris.
If anyone has any docs to share please do so.

Is anyone else considering an internet patching strategy? Until now we were more than comfortable patching the very few PCs on the internet from CEM but with the amount we have now we're wondering if there was a better way.