After Hours Patch Management

falbrecht
New Contributor III

Hi friends,

 

We are always looking for new ways to improve our patching and one of the biggest challenges we are currently facing is patches and their deployment time. Our users do not have admin rights and our current patching method is using built in patch management. We give users 7 days to install new updates and then the updates install automatically. We get a lot of complaints (especially with Zoom patches) that they can be disruptive.

 

We tried settings up some policies that would wake the computer after hours and install the patches but it was inconsistent and a heavy lift for our small team. I am wondering if any of y'all have experiences automating patching for after hours. My biggest considerations are figuring out how to get the computer to wake and install the updates at a specific non business hour time. Any ideas?

6 REPLIES 6

tculkin
New Contributor III

After hours does not work at all for us since we are fully remote and laptops only.   What I had to do is create a pop-up script for people to install the update and give them three times.  They are warned. After the third time the application is closed and it is updated.  The script has worked right now by doing a touch file with a date on it, then the script sees how many times that file is there. Working on getting this into a deamon and a plist to be more efficient.   The problem I have with the built-in deferral is that is uses macOS notifications and most people don't look at those side bar notifications. A pop-up they have to close is better. 
Would love to hear any other ideas on this since it's been an issue for us as well. 

tomt
Valued Contributor

I leverage Self Service for these kind of updates. I'll publish the update with a pop up message and give them a 2 day deferral option. After that, the update gets pushed. My users are also not admins and this method has been working well. The user can choose when to run the update so it's least disruptive and they also know if they ignore it, it will happen anyway.

sujal1208
New Contributor III

How does the updates work for OS System updates? Is it any different from regular apps like Zoom, MS Office, etc.

obi-k
Valued Contributor II

For Zoom patching, check out this script by Kamal. Works well.

We set it to run once a week. If the Zoom meeting is running, it won't update. Otherwise, it'll update in the background. Nice addition to patching and worth a look.

obi-k
Valued Contributor II

falbrecht
New Contributor III

This is super helpful, thanks for sharing!