I'm fairly new to Kaseya and I recently put Kaseya on a few of our servers which means it's time for patch management. My problem is filtering the available updates in a way that I can actually pick out what I need. For instance KB 2973112 is Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2973112). The listed product in Kaseya is Windows 7 but as the article and the title show it also applies to Server 2008. I'm looking for a way to filter the results so I don't have to scroll through a bunch of non applicable updates. I tried filtering by title for "Server 2008" or just server and it doesn't list any updates. Filtering by product doesn't work since they're all tagged as Windows 7 in the product list instead of having both Windows 7 and Server 2008.
Hey Trevor - Welcome to VSA!
Many MSPs put way too much effort into patching to justify the results that they get. We regularly audit a VSA platform and find many systems aren't fully patched or have issues when patching.
Windows is smart enough to not apply workstation updates to servers and vice-versa, so don't waste time trying to approve only server or workstation patches. Our Core Automation suite provides 12 pre-built patch policies. We use 5 of these in our MSP practice - the others are so we can handle special situations if/when they arise. The core concept is layered policies - what do you want to block from EVERY agent, from every workstation, and from every server - this combination of two policies suits 90% of the customers. We then have policies that we add that block things like DotNET or IE upgrades that often break customer apps. We apply these to customers that need them.
My blog has a recent article on Effective VSA Patching - www.mspbuilder.com/.../effective-patching
Our Core Automation provides a fully automated patch solution based on patch policies and system policies. Using this in-house, our patch admin spends about 10 minutes a week to verify operation and add new schedules to servers, and 30-45 minutes once a month to review/approve new updates.
Thanks Glenn, I guess my question wasn't quite clear. I was trying to make my life a little easier so I could inspect those critical server only patches to check for things that could cause issues. I'm not an MSP but a SMB and we have 24/7 production going on at some sites that would require us to schedule any downtime during non-peak hours which can vary wildly per week. Workstation patching is easy, it's more worrisome just for the server side of things when I have some specific servers that I need to pay special attention to when approving patches.
This was less of a "how to automate" and more of a "reduce screen clutter" type question. I guess I really should put in a feature request for better filtering options and better categorization of the patches. Rather than listing the 90+ patches available I wanted to get things filtered down to the 8 applicable ones so I could check them for manual approval and if necessary schedule any downtime with the production departments.
There are various ways to do this if you're looking for a shortlist of patches for review.
1. Patch Management > Scan Machine > Run Now (wait a few minutes) - so you've got most recent patch info for that server.
2. Patch Management > Patch Status > click on the 'Missing Approved' and 'Missing Denied' links to see what's needed, each of these has links to the KBs for you to review.
The move to cumulative updates has meant a lot less KBs to individually review and approve, thankfully.
Another view (after the scan) is Patch Management - Manage Updates - Machine Update -- select the machine and uncheck "Hide patches denied by Patch Approval"