Kaseya Community

Best Practice Document

  • Does Kaseya

    have a best practice patch management document?


    Been looking for one on the website, but have not found it.



  • Not that I've seen...

  • Check out www.tullibo.com/.../kaseya-patch-management

    This is a great article for configuring PM.  And Tullibo is an awesome resource for most things Kaseya related so I recommend you spend some time on his site.

    In case Tullibo visits this forum, I hope it's ok that I posted your link.

  • I would like to know what option is more used to download the patches directly from internet or from file source?

  • They actually DO have a patch management best practices doc.


  • Part of the Tullibo article is confusing to me. He states this:

    I have two master groups, workstation & server and all machines are member of one or the order. I then have two policies specifically for each client, workstation and server again. By default patches are all pending approval. I generally only use the master policies unless I specifically need to approve/deny a patch for a client. For example with IE8, some end clients wanted it, some clients it would break for particularly if they were using line of business apps that were browser based. So with my approach I can approve patching on an individual client basis or across the entire system and neither method interferes with the other.


    From reading this, it sounds as though he is assigning each machine to two different Patch Policies (Master Workstation and ClientA Workstation) and using Kaseya Patch Policies similar to AD GPOs, where settings that are not explicitly defined are ignored. However, my understand is that Kaseya Patch Policies do not work this way. In Kaseya, 'Pending Approval' is considered a setting and is more restrictive than 'Approved'.

    He obviously knows what he is doing so I am either reading this wrong, or my understand of Kaseya Patch Policies is flawed. Can anybody enlighten?


  • After few test, my conclusion is identical to yours  

    I don't see the interest to use multiple groups attachment because we must manage all patch policy.

    if anyone can explain this situation

  • hematic

    They actually DO have a patch management best practices doc.


    Is there an update to this document?  Screenshots are all based on v5 and the module has probably had a few updates, too.


    Specifically - has the reboot action improved?  We're still seeing machines reboot with failed patch installs, and continuously reboot when the nag flag doesnt clear.

    Also - there is no where to set "skip if offline" for the reboot action.  We're concerned that many machines may be asleep or hibernating and not actually offline, and would skip a necessary post-update reboot.