Machine groups, subgroups and patch policy inheritance

An org we manage has one main machine group:  corp.workstations.  Now a line of business would like a different patch policy, but absolutely everything else managed in VSA the same.  What is the best way to accomplish this?  Can we create a new machine group named corp.workstations.special and have everything inherit, but apply a different patch policy?

  • Apply the patch policies with System Policies. These can be controlled by views.

    Our patching solution allows deploying one patch config to most agents, but uses custom fields to define server patch schedules, suspend patching, and similar configurations. Alternate configurations are deployed using a combination of system policies linked to orgs or machines and custom fields that control the policies in a very granular manner. An update today even provides the ability to suppress the pre and post-update reboots.

    We don't apply patch policies manually - only by system policy, which provides an excellent control ability.


  • , yes.    You have some choices.  You can create a new group (or org), create a new policy and assign it to that Machine Group.  This should override the default settings.

    2nd choice is to create a view that incorporates any and all machines that you want to update, assign that view to your new policy, and then make sure that this policy is ABOVE the default policy in the policy assignments in Global.