One of the nice things about Patch Management is the ability to deliver a whole series of patch bulletins/updates through a single master policy. This makes monthly patch runs easier – select all desired bulletins, such as all applicable critical and important bulletins, and say distribute and the system does the rest.
It also makes doing best practice of sequencing delivering easy. Set the policy to deliver to a test group/collection first, then, after a period, add, say, the collection of local machines and then, after a further period of time, add, say, the collection of remote machines and so on. The amount of time effort becomes minimal to deploy patches to a large number of machines while minimising issues.
However, one of the weaknesses with the system is monitoring of patch deployment. The delivery report is update centric rather than policy centric and it is difficult to understand what is going on with a particular policy. For example: How many haven’t received the policy? How many are at the package download stage? How many are pending execution? How many have executed and what was the result? How many are pending reboot? How many have completed? And are there any other outcomes?
The attached reports are aimed to resolve this. They enable a particular active and applicable master patch policy to be selected and then show how many patches within that policy are at each stage of the process.
You can the drill down to see for a particular status to get further details
Or you can just get a detailed report for all status’ for a particular policy.
These reports help answer the question ‘Is there anything I need to be aware of before I push this policy out to the next batch of computers?’ quickly and effectively and to pinpoint where you might have an issue that needs investigating and what the potential nature of that issue.
To install unzip and import the xml files in the console to a suitable folder. Note this is intended for Windows patching.