1 2 Previous Next 10 Replies Latest reply on Sep 1, 2010 11:01 AM by patty.d00

    Pilot Group for patches

    patty.d00

      Does McAfee intend on giving us a way to allow us to Pilot test the distribution of patches??    ie:  AV 8.7 patch 3 

      What do other people do besides a manual install?  (looking to pilot aprox. 150 machines)

        • 1. Re: Pilot Group for patches

          I think you can do this by checking the patch into the Evaluation branch in ePO's repository.  Then set the update task for your group of test systems to check for VSE 8.7 patches and set their Agent policy to get VSE patches from the Evaluation branch.

           

          Jay

          • 2. Re: Pilot Group for patches

            Unfortunately that would only work once you have the extension for epo 4.5 patch 1 installed as that is supposed to make the other branches available for patches.  Previously they were just available for full installs.  We also use a method involving custom props (requires agent 4.5) which allows us to push out the simple registry key for that.  Once it is deployed and being reported back by your agents you can setup tag groups that label these machines as pilots and do your patch testing with those.  Let me know if you need more information.

             

            Andrew

            • 3. Re: Pilot Group for patches
              serc09

              andymease schrieb:


              Let me know if you need more information.

               

              Andrew

               

              Go on Andrew, sounds great.

               

              Regards,

               

              serc09

              • 4. Re: Pilot Group for patches

                Take the file I have attached and modify the 'CustomProps1' field to whatever terms you would like.  We use three phase pilots and label them as such.  You can then push this out to your pilot machines via SMS or some other method.  Once that is pushed out you can create a tag like this:

                 

                Tag Pilot Machines

                1. Click on      the ‘Menu  >>  Systems  >>  Tag Catalog’ icon:
                2. Select      ‘Tag Actions >> New Tag’
                3. Select a      Name (ie Pilot Group 1) and click ‘Next’
                4. Under      Criteria select ‘Custom 1’ by clicking the arrow along with any other      properties that were populated
                5. Specify      the custom property you previously included in the reg key and click      ‘Next’
                6. Select      evaluation options and click ‘Next’ and then ‘Save’
                7. Make      sure you have the tag you just created highlighted and then click ‘Run Tag      Criteria’

                 

                Deployment via Tag

                1. Create a      new task at the appropriate OU level
                2. Select      an appropriate name and the type of task (likely either ‘Product update’      or ‘Product deployment’)
                3. Under      the ‘Tags’ section select ‘Send this task to only computers which have the      following criteria’ and set the ‘Has any of these tags:’ entry to include      the pilot tag(s) setup previously.  You can also set any tags to avoid for the pilot at this time:

                4. Click      ‘Next’ and select the appropriate products to update
                5. Click      ‘Next’ and select the appropriate schedule
                6. Click      ‘Next’ and ‘Save’
                7. After      their next ASCI, the deployment will commence to each machine with the tag      you specified (ie ‘Pilot Group 1’ ) according to the task      schedule.
                • 5. Re: Pilot Group for patches

                  wouldn't let me attach this to the other message...

                  • 6. Re: Pilot Group for patches

                    Hi Andymease,

                     

                    Tried this and does not work for me. I'm using McAfee Agent 4.0.0.1494 and ePO 4.5 P3.

                    What could be the issue?

                    • 7. Re: Pilot Group for patches

                      Hi Nishantha,

                      Customprops require agent 4.5...

                       

                      Andrew

                      • 8. Re: Pilot Group for patches

                        I was under the impression that you could not check patches into the Evaluation Branch.  Is that not longer the case?  EPO console 4.5 P1 here with 4.5 agents and VSE 8.7 P2.  the last time a McAfee rep remote assisted me with Patch 2 and it blasted patch 2 to every machine at 5:00 p.m. EST (Update task defined for that time).

                         

                        I am very interested in this because I, like the original poster, need to evaluate the patch with a small number before kicking it off to the entire company again. 

                         

                         

                        Message was edited by: kire98 on 9/1/10 10:01:50 AM GMT-05:00
                        • 9. Re: Pilot Group for patches
                          patty.d00

                          Kire98 it looks like Andrew has documented the solution for you.  SInce you have the 4.5 agents, I would give that a shot..  We are still running 4.0 so that is not an option for me at this time..  Thanks for the great info Andrew!

                          1 2 Previous Next