Patch Management Solution

I'm trying to have a patch policy download a patch based on a schedule window. What I did was export the patch policy that I want to add a schedule window as a xml. Edit the xml and set the date and time in the future:

From:
<installSchedule></installSchedule>​

To:
<installSchedule><schedule tz="Local" start="2020-09-16 00:00:00 "><trigger type="Daily" exact="True" at="09:30:00 " duration="01:30:00" repetition="01:00:00" frequency="1" /><trigger type="Once" exact="True" at="09:30:00 " /></schedule></installSchedule>​

Change immediately="true" to immediately="false", so the download does not start when the assessment scan is done:
<download useClientDefaults="false" option="always" multicast="Enable" minDownloadSpeed="0" minExecuteSpeed="0" requiresUserActivation="false" notifyWhenAvailable="false" removeAfterRun="false" immediately="false" clientDownloadsDisabled="false" notifyBeforeExecution="false" maxExecutionDeferral="0" peerDownloadEnabled="true" />​After the policy is enabled and the client's configuration is updated, the download starts immediately even though the policy says no. I double click on the patch from the software updates tab on the client and confirmed it shouldn't download immediately:

Download the package files as soon as possible: No
====================================

So was that supposed to happen? Is there a way to schedule the patch to download at a specific time?

it is a very annoying problem.   We asked it to be changed multiple time in the past when talking with tech support but it seems they don't care enough.


------------------------------
National research council of Canada
------------------------------

Original Message:
Sent: 09-16-2020 08:45 PM
From: Unknown User
Subject: Download patch based on schedule

I'm trying to have a patch policy download a patch based on a schedule window. What I did was export the patch policy that I want to add a schedule window as a xml. Edit the xml and set the date and time in the future:

From:
<installSchedule></installSchedule>​

To:
<installSchedule><schedule tz="Local" start="2020-09-16 00:00:00 "><trigger type="Daily" exact="True" at="09:30:00 " duration="01:30:00" repetition="01:00:00" frequency="1" /><trigger type="Once" exact="True" at="09:30:00 " /></schedule></installSchedule>​

Change immediately="true" to immediately="false", so the download does not start when the assessment scan is done:
<download useClientDefaults="false" option="always" multicast="Enable" minDownloadSpeed="0" minExecuteSpeed="0" requiresUserActivation="false" notifyWhenAvailable="false" removeAfterRun="false" immediately="false" clientDownloadsDisabled="false" notifyBeforeExecution="false" maxExecutionDeferral="0" peerDownloadEnabled="true" />​After the policy is enabled and the client's configuration is updated, the download starts immediately even though the policy says no. I double click on the patch from the software updates tab on the client and confirmed it shouldn't download immediately:

Download the package files as soon as possible: No
====================================

So was that supposed to happen? Is there a way to schedule the patch to download at a specific time?

You mean that you distribute a patch policy, setting required schedule for a patch cycle start but want to set separate schedule to download patch packages? (In this case it looks like Managed Delivery policy usage when you set when to start compliance check and when to start remediation action. Download patch packages)

In Patching, "Add Schedule", means that on this schedule it performs assessment and immediately downloads and install applicable patches to be 100% patch compliance as soon as possible == patching != just software delivery like Managed Delivery policy allows/does
Also check what settings are set in "Default Software Update Plug-in policy" regarding 'when installing updates' & 'when preparing to install' for available maintenance window(s) on client side. Use custom schedule in "Default Software Update Plug-in policy" or in each distributed Patch Policy in delivery options to set there required date/time so then you will 100% know when clients will start downloading patch updates.


------------------------------
Software QA Engineer
Broadcom Inc.
------------------------------

Original Message:
Sent: 09-16-2020 08:45 PM
From: Unknown User
Subject: Download patch based on schedule

I'm trying to have a patch policy download a patch based on a schedule window. What I did was export the patch policy that I want to add a schedule window as a xml. Edit the xml and set the date and time in the future:

From:
<installSchedule></installSchedule>​

To:
<installSchedule><schedule tz="Local" start="2020-09-16 00:00:00 "><trigger type="Daily" exact="True" at="09:30:00 " duration="01:30:00" repetition="01:00:00" frequency="1" /><trigger type="Once" exact="True" at="09:30:00 " /></schedule></installSchedule>​

Change immediately="true" to immediately="false", so the download does not start when the assessment scan is done:
<download useClientDefaults="false" option="always" multicast="Enable" minDownloadSpeed="0" minExecuteSpeed="0" requiresUserActivation="false" notifyWhenAvailable="false" removeAfterRun="false" immediately="false" clientDownloadsDisabled="false" notifyBeforeExecution="false" maxExecutionDeferral="0" peerDownloadEnabled="true" />​After the policy is enabled and the client's configuration is updated, the download starts immediately even though the policy says no. I double click on the patch from the software updates tab on the client and confirmed it shouldn't download immediately:

Download the package files as soon as possible: No
====================================

So was that supposed to happen? Is there a way to schedule the patch to download at a specific time?

You mean that you distribute a patch policy, setting required schedule for a patch cycle start but want to set separate schedule to download patch packages? Yes, just like Managed Software Delivery Policy. So it just can't be done.
Original Message:
Sent: 10-23-2020 03:16 PM
From: Igor Perevozchikov
Subject: Download patch based on schedule

You mean that you distribute a patch policy, setting required schedule for a patch cycle start but want to set separate schedule to download patch packages? (In this case it looks like Managed Delivery policy usage when you set when to start compliance check and when to start remediation action. Download patch packages)

In Patching, "Add Schedule", means that on this schedule it performs assessment and immediately downloads and install applicable patches to be 100% patch compliance as soon as possible == patching != just software delivery like Managed Delivery policy allows/does

Also check what settings are set in "Default Software Update Plug-in policy" regarding 'when installing updates' & 'when preparing to install' for available maintenance window(s) on client side. Use custom schedule in "Default Software Update Plug-in policy" or in each distributed Patch Policy in delivery options to set there required date/time so then you will 100% know when clients will start downloading patch updates.

------------------------------
Software QA Engineer
Broadcom Inc.

Original Message:
Sent: 09-16-2020 08:45 PM
From: Unknown User
Subject: Download patch based on schedule

I'm trying to have a patch policy download a patch based on a schedule window. What I did was export the patch policy that I want to add a schedule window as a xml. Edit the xml and set the date and time in the future:

From:
<installSchedule></installSchedule>​

To:
<installSchedule><schedule tz="Local" start="2020-09-16 00:00:00 "><trigger type="Daily" exact="True" at="09:30:00 " duration="01:30:00" repetition="01:00:00" frequency="1" /><trigger type="Once" exact="True" at="09:30:00 " /></schedule></installSchedule>​

Change immediately="true" to immediately="false", so the download does not start when the assessment scan is done:
<download useClientDefaults="false" option="always" multicast="Enable" minDownloadSpeed="0" minExecuteSpeed="0" requiresUserActivation="false" notifyWhenAvailable="false" removeAfterRun="false" immediately="false" clientDownloadsDisabled="false" notifyBeforeExecution="false" maxExecutionDeferral="0" peerDownloadEnabled="true" />​After the policy is enabled and the client's configuration is updated, the download starts immediately even though the policy says no. I double click on the patch from the software updates tab on the client and confirmed it shouldn't download immediately:

Download the package files as soon as possible: No
====================================

So was that supposed to happen? Is there a way to schedule the patch to download at a specific time?