I have just joined this community and this is my first discussion.
We are service provider. Providing many services to the customers. We are having kaseya 9.5 version deployed for management purpose. Now i am in process of configuring patch management module. So that we can patch customer's desktop and servers.
I want to configure Patching policies like shown below.
I am planning to create policies based on the requirement. Like First policy will be for Security Updates. I have multiple versions of OS. So i need to create multiple policies for security updates.
1. Security Updates for Win 7 (Once policy created then approve only security updates application for win7 )
2. Security updates for Win 8 (Once policy created then approve only security updates application for win8 )
3. Security Updates for Win10 (Once policy created then approve only security updates application for win10)
Same way for Critical patches and updates.
Let me know the best and easiest solution to achieve my requirement.
Layer policies or you'll have so much work to maintain, it likely won't get maintained properly. Overly complex patch policies are the #1 cause we see with patching not working when we start working with MSPs.
1. Policy to approve everything everywhere except specific updates known to cause issues (broken updates);
2. Block All but Critical Updates - only apply critical updates;
3. Block All but Important Updates - Apply Critical and Important updates;
4... Block specific categories like DotNET, SQL, service packs, etc.. one block policy for each category.
Apply the policies as needed to orgs or machines. This way you don't need O/S or customer-specific policies, and certainly not a "No Patching" policy. There are 3 rules to follow for efficient and effective use of Patch Policies:
1. Policies merge
2. Deny (in any policy) overrides approve.
3. Pending Approval is the same as Deny
#3 is often misunderstood, and for this to work, ALL policies must be fully either approved or denied, with no update in a Pending Approval status. Leaving updates in Pending Approval denies them from other policies that are applied to an agent.