Skip navigation
1184 Views 5 Replies Latest reply: Feb 24, 2012 2:56 PM by tanner RSS
Rookie 9 posts since
May 17, 2010

Has received 1 of 9 achievements.
Currently Being Moderated

Feb 23, 2012 8:18 AM

Is there is any way to Scan against a different group and patch against different group?

Hi All,

 

Is there is a way in LANDesk to scan against all vulnerabilities in Scan group but repair only against a certain group?

  • Frank Wils SSMMVPGroup 1,216 posts since
    Feb 25, 2008

    Has received 8 of 9 achievements.

    Actually, this is kind of default as only things in the SCAN folder will be scanned on the devices, but how and what you repair is based on creating repair jobs for individual vulnerabilities or the contents of custom groups. Only when you put vulnerabilities on Autofix you loose control as they will be repaired on all devices that have autofix in enabled in their scan settings and on the agent.

     

    Frank

    Axle-IT

  • mrspike SSMMVPGroup 1,321 posts since
    Dec 19, 2007

    Has received 9 of 9 achievements.
  • mrspike SSMMVPGroup 1,321 posts since
    Dec 19, 2007

    Has received 9 of 9 achievements.

    Manoj,

     

    Using the basics of the document I pointed to you can achieve this, but you cannot do it as you are asking.. that I know of.

     

    You can do it a couple ways...

     

     

    Method 1

     

    • Leave the agent config so that it scans everything in the Scan Folder by default
    • Create a repair task that repairs a group as shown in the document
    • Schedule the repair task when to run, or set as a policy.  If set as Policy have the policy task repeat daily, or weekly, etc...
      • If set as a policy that will repeat, if new patches are added to the baseline group the clients will run the repair again
    • There is no need to recreate the repair task again (I may have said otherwise in the document) each month if you have your scheduled task or policy set to repeat.  Just add new patches to be included in the baseline to the group

     

     

    Method 2

     

    • Set the behavior in your agent config to ONLY scan and repair the baseline group
    • Now, create a new Scheduled Task in the patch tool (let me know if need guidance on this)

      • Set it to use a behavior that you have set that scans the entire baseline (this is a default)
      • Set it to never reboot
      • Set as a Policy that has a Silent, Never Reboot delivery method (or you can set as a scheduled task, but policy is better)
      • In that delivery method, under Type and frequency, set it as required > periodic > weekly
    • Now add your systems (best to use a query that will target all the systems you want, that way if new machines are built they automatically get added to the task... drag the query to the task, not the list of machines.
    • Start the Policy... now once a week your systems will scan the entire Scan Group so that you know about all vulnerabilities, but your systems will only repair by default the ones in the baseline group

     

    Let me know if you need more info or are confused

  • tanner SupportEmployee 155 posts since
    Jun 4, 2008

    Has received 5 of 9 achievements.

    What about using Autofix? You can set the Scan and Repair settings to either scan everything in the Scan folder, or just a particular group. You can then group your baseline patches into another group just for ease of management.

     

    Once a patch is added to the baseline, you can move it into the group, but then you set it to Autofix. That means that anytime vulscan runs and finds the machine vulnerable to that definition, it will immediately (at the end of the scan) repair the vulernability and install the patch.

     

    If you have machines where you can't allow Autofix, the Scan and Repair settings can be set to not allow Autofix, as can the Agent Configuration.

     

    This way, you don't have to create repair jobs or anything like that. Once a patch is approved, you add it to the group and set it to Autofix. Then it rolls out to your environment.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 20 points
  • Helpful Answers - 10 points
LANDESK Community powered by Jive SBS® 4.5.7.1  |  Legal Notices  |  Privacy Policy  |  Icon 

TweeterOn Twitter  |  Icon FacebookOn Facebook © 2007 LANDESK Software