CA Client Automation

  • Private Community

  • 1.  PATCH Management

    Posted Feb 09, 2018 01:20 AM

    Hi Team,

     

       Is it possible to collect the information from an agent machine that what are all the patches required for a individual machine and it should deploy automatically after creating the policies in Patch Management.



  • 2.  Re: PATCH Management
    Best Answer

    Broadcom Employee
    Posted Mar 06, 2018 03:00 PM

    there are not really any Reports that show what Patches a specific machine needs, but if you are up-to-date with you Full Rollups or IntelliRollups , then you should be up-to-date with your patches.

     

    Am collects the patches that are applied , so if you want to check on a certain patch you can create Queries and Groups based on certain patches and OS's.



  • 3.  Re: PATCH Management

    Posted Mar 06, 2018 03:32 PM

    I have such a report (attached), but it runs as a DMS Script which calls a SQL script, it doesn’t run in the reporter. You can run it as an engine job, and it produces two HTML reports, one list patches per computer. sorted by computer, the other lists computers needing each patch, sorted by patch. The DMS script needs a few simple modifications to work in a particular environment, see below. At some point I’ll set this to read from an INI instead:

     

     

       

    •   Put these 3 files into a suitable directory on the Domain or Enterprise Manager, preferably one created for this purpose.

       

    •   The default output directory for the reports is c:\inetpub\wwwroot, which since patch management is installed the server must be a web server so it should exist, but if you have configured the web server home directory elsewhere you may need to change the ‘ReportDir’ variable.

       

    •   There is an ‘Env’ variable in the DMS script set to “Test” by default, which causes it to use my test settings. Change it to “Dev” or “Prod” (case sensitive), then set up the ‘P’ variable in the Dev and Prod sections to the ca_itrm password for the corresponding environment, and change the Server variable to the appropriate SQL server params (-S servername,port), or set it to “” if SQL is local.

       

    •   Last, set the script to run as an external utility type engine job. I suggest setting:

          

    •   Content download a few minutes AFTER midnight (the default midnight settings can cause timeouts due to too many systems hitting the servers at once)

          

    •   Agent collection at the default 1AM with 90 minute random

          

    •   Patch maintenance at 3AM or 4AM

          

    •   The report script to 5AM or later

       

    •   These time settings make sure the system is as up to date as possible prior to running the reports. Obviously any agents not online won’t be updated but that can’t be helped. If you like, set the report to run at 10AM or later to catch people logging on at 8-9AM.

       

    •   The script produces two reports. Same data, different order and grouping:

          

    •   Applicable_Patches_ByComputer.htm               -              Grouped by Computer, shows all patches required for each computer

          

    •   Applicable_Patches_ByPatch.htm                        -              Grouped by Patch, shows all computers needing each patch

     

    NOTE: This is an UNSUPPORTED field developed utility. It comes with no warranties. I’m sure support will help where they can if you have issues with it, and I’ll help where I can when I have time.

     

    Steve McCormick, ITIL

    CA Technologies

    Principal Services Consultant

    Stephen.McCormick@ca.com

    <mailto:Stephen.McCormick@ca.com>

    Attachment(s)

    zip
    PatchReport.dms.zip   2 KB 1 version
    zip
    Applicable_Patches_ByPatch.sql.zip   802 B 1 version
    zip
    Applicable_Patches_ByComputer.sql.zip   804 B 1 version