W88top trò chơi online
Menu

Maintenance Windows: The Never Never Land of Patching

0 Comment

Dam Good Admin Or at least not entirely useless Toggle mobile menu Toggle search field.
Maintenance Windows: The Never Never Land of Patching.
March 3, 2020 5 Comments Maintenance Windows are a concept that can be tricky to fully grasp at first.
I’m too lazy to even try to help you there so if you need some ‘splainin then I suggest you first head over to the docs and Jason Sandy’s excellent rundown.
Before we get into it though I want to quickly rant about one thing first.
Maintenance windows can only decrease your patch compliance.
Use them because there’s a real life and/or business threatening reason to do so.
If you just need to make sure that patches/ applications /task sequences install at a specific date or time … that’s what deployment deadlines are for.
Ok, off the soap-box.
There’s two requirements I’ve seen frequently asked about that I use maintenance windows to solve.

Image: YouTube / AFP News READ THE REST
Thursday September 10, 2020

/ David Pescovitz / 10:18 am Thu Sep 10 2020 Fantastic Azerbaijan rug woven to look like it”s melting. https://www.instagram.com/p/CErdWHyl6rO Azerbaijan textile artist Faig Ahmed employs ancient craft to create mind-bending textile sculptures. His work is featured in an online exhibition at the Sapar Contemporary gallery titled “Textile Traditions Re-Imagined.” (via Laughing Squid) https://www.instagram.com/p/CEuApCFliad/ SHARE […]

The post Image: YouTube / AFP News READ THE REST appeared first on M88bet.

This week we’re just going to tackle the first one: I Never

Ever, Want You To Patch This Box.
If you’ve followed along with my blog or talked with me for even the briefest of time you will recognize how painful that heading was to type.
It burns.
Patching is too important to leave to us meat-bags and should be automated as much as possible.
However, there are certain situations where a legitimate reason exists not to automate patching and rebooting (which are the same thing).
Those situations tend to be on the server side of things where workloads need to be moved around (ex.
SQL, .

© Copyright Chaturbate.com 2011 – 2020
Tuesday September 08, 2020

SWAG. SIGN UP Advanced Options Hide Advanced Options ALL FEMALE. MALE. COUPLE. TRANS. Advanced Options. Search Broadcasters: Visible Regions: North America South America. Asia. Europe/Russia. Other. Options: Prioritize HD Cameras Show Locations Enable Recommendations Animate Room Images Enable floating player Refresh cams every: 30 Seconds 45 Seconds 60 Seconds 90 Seconds Disable HIDE ALL ADS […]

The post © Copyright Chaturbate.com 2011 – 2020 appeared first on M88bet.

Exchange) but there are some workstation use cases as well

If you have workstations in an operating room you get a pass on automatically updating those.
At least while I’m on the table please.

We’ve detected that JavaScript is disabled in your browser
Friday September 11, 2020

We’ve detected that JavaScript is disabled in your browser. Would you like to proceed to legacy Twitter Yes Something went wrong but don’t fret — let’s give it another shot.

The post We’ve detected that JavaScript is disabled in your browser appeared first on M88bet.

Your Windows 2000 box running a nuclear reactor is probably fine too

Please don’t power cycle that thing.
There’s a variety of solutions to this problem but to be perfectly honest the only good one doesn’t exist: Support Available Deployments for ADRs.
Until then the solution I like best and in my opinion is the most reliable is to create what I call a ‘Never’ maintenance window.
Create a non-recurring maintenance window that occurred in the past.
It should end up looking something like this: This works because once a device has a single maintenance window it will not act outside of it.
If that single maintenance window is in the past and doesn’t repeat itself then nothing will ever automatically install on that device again.
Instead, when a deployment’s deadline hits it will try to install, detect that it is currently not within a maintenance window, and permanently report itself as ‘Past Due’ waiting for a maintenance window that will never come.
Poor little updates … so lonely.
They will forever stay that way until someone opens Software Center and manually initiates the install.
If you wanted to get all fancy-shmancy you could trigger the manual installs remotely using a variety of techniques including something like the Right Click Tool’s Install Missing Software Updates tool shill mode>.
There’s two assumptions being made here.
First: that you don’t deploy something that overrides maintenance windows.
There’s no fixing stupid so don’t be stupid.
Second: that you do not apply another maintenance window to the devices in the Never collection.
This one is a little trickier and is part of why it is almost universally agreed upon that you should create separate collections that exist only for maintenance window purposes.
Further, I highly recommend making it easy to identify your maintenance windows by putting them in a folder and/or prefixing the collections with something meaningful.
For example: ‘MW – Never’.
This way you know where your maintenance windows are and you can make sure that they all exclude your Never maintenance window.
If you make sure that every maintenance window collection excludes your Never maintenance window then simply adding devices to your Never maintenance window guarantees that you do not cross the streams: A Maintenance Window With Benefits!.
There’s some fringe benefits of using a Never maintenance window that you don’t get trying to solve this problem other ways.
First, .

Using a Never maintenance window is a great way to ease into fully automated patching

Have some team members that believe their devices are special little snowflakes instead of cattle ready for slaughter.

Put their devices in a Never maintenance window and deploy patches to them normally

You get control and reporting while the end user gets to avoid having to wait for Windows Update scans and updates to download.
My server admins loved the fact that they could open Software Center during the day to validate what patches were waiting to be applied before they logged in during the evening to apply them.
They also loved the ability to script the process so it could be done manually but without having to log into each machine.
Crucially, after a while many asked themselves why they were getting up at ass o’clock to push a single button.
It made automated patching converts for the good of the computing race.
Second, your Never maintenance window is an agreed upon black-list of devices that are dead to you.
My reporting dashboard was written specifically to report on servers globally, servers with active maintenance windows, .

And servers with the Never maintenance window

This allowed me to show management how awful some of my fellow admins were at manually patching their devices while also excluding them from the compliance numbers I cared about.
When security came knocking about a particular box step one was to review my Never maintenance window membership for the device(s) in question.
If they were there then I happily told them to take it up with the app owners who held on to manual patching their own devices.
This too helped create automated patching converts … albeit less willing ones.
Lastly, related to the above, the Never maintenance window was an outlet for for dealing with cumulative updates that impacted only a small subset of applications.
With cumulative updates, just blocking this month’s patch means they’ll just break again when next month’s patches come out unless the underlying problem is resolved.
If an application owner told me to not patch their box I directed them to our CIO and required the CIO’s written approval to place their boxes in the Never maintenance window and … this is the crucial part … never patch those boxes again.
Roughly 50% of cases never got past that part and the ones that did were no longer my problem because they were excluded from the reporting that matters to me.
So there you have it.
As I said, there’s more than one way to address this requirement but for the reasons above the concept of a Never maintenance window is one I constantly fall back on as the best solution until the product team gives us available deployments in ADRs.
Though even then, if you’re concerned about applications and task sequences accidentally being deployed as required instead of available then only a Never maintenance window can guarantee that.
Automation, Configuration Manager, Maintenance Windows, Software Updates AutomationConfiguration ManagerMaintenance WIndowsSoftware Updates Previous post.
MMS JAZZ: Less Jazz Hands, More Fancy Jackets Next post.
All My Devices Left Me.
I’m Scared.
What Do I Do Now.
5 Comments.
Paul July 16, 2020 at 9:54 am I’ve been frustrated that you can’t make ADRs with Available deployments, and it seems like having a non-recurring maintenance window in the past can be an excellent solution to that problem.
I never would of thought of that, thanks for the great tip!.
Reply.
Ken March 4, 2020 at 6:30 pm I’ve used this technique since SMS 2007 was released, and it works very well, but isn’t perfect.
I was always irritated that there was no good method to have a recurring maintenance window that would be something like, From the 2nd Tuesday +/- X number of days, or the 1st Saturday after the 15th of the month.
We have a “floating” maintenance window that is different each month because it’s based on the weekend following the 15th of the month for test systems, then two weeks later for production.

The Gregorian calendar makes automating that impossible

We also have other app owners who want test servers on the Xth Thursday

and then production the next day, which again, isn’t possible to automate.
Maybe some day.
Side question for the masses: I’ve been looking for a good way to use PowerShell to report a month’s worth of devices’ maintenance windows, and in fact, I’ve not found a good PowerShell method to calculate the “next maintenance window” of a device that isn’t broken when it crosses into the next month.
I haven’t found any existing code to point me in the right direction.
Any suggestions.
I really don’t want to reinvent the wheel if there’s available code I just haven’t seen.
Reply bryandam March 4, 2020 at 7:18 pm Jordan has you mostly covered: https://www.scconfigmgr.com/2019/04/10/patching-how-to-automate-your-maintenance-windows/ Reply Ken March 5, 2020 at 10:24 am This right here is why I love this site.
THANK YOU.
Reply.
david zemdegs March 3, 2020 at 3:49 pm I though maintenance windows are used to prevent servers restarting in the middle of the day.
We have a 2-6am maint window on all servers for that reason.
Reply.
Leave a Reply Cancel reply.
Search.
Maintenance Windows: The Never Never Land of Patching.
Tags.
Always On VPN Applications Automation (7) Client Upgrade Cloud Management Gateway ConfigMgr Configuration Manager (15) Cumulative Updates Distribution Point Intune Maintenance WIndows Microsoft Endpoint Manager Midwest Management Summit MMS Operating Systems OSD Powershell PullDP Reporting Server Group Patching Servicing Stack Updates Software Updates (20) Speaking Task Sequence Windows 10 Workgroup WSUS.
Maintenance Windows: The Never Never Land of Patching.
Recent Comments.

Fixitjm on Yet Another Software Update Dashboard

Hacienda del Patron on Intune Patching Part II: The Good

The Bad, The Ugly.
bryandam on Intune Patching Part 1: Human Translation.

Yeswanth Kumar on Intune Patching Part 1: Human Translation

Ben G on Fully Automate Software Update Maintenance in Configuration Manager

(1).
(1).
(1).
(1).
(1).
(3).
(1).
(1).
(2).
(1).
(1).
(1).
(2).
(1).
(2).
(1).
(3).
(1).
(4).
(3).
Categories.
Always on VPN (1).
Applications (3).
Automation (7).
Client Upgrade (1).
Cloud Management Gateway (1).
Configuration Manager (16).
Content Distribution (2).
Intune (2).
Maintenance Windows (1).
Midwest Management Summit (1).
MMS (1).
Operating Systems (1).
Powershell (2).
Reporting (3).
Server Group Patching (3).
Software Updates (19).
Uncategorized (6).
Windows 10 (3).
WSUS (1).
© 2020 Dam Good Admin Theme by Anders Noren — Up ↑.

Tags: , , , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *