The method is really using a smart label. The SmartLabel targets all machines that have a MACHINE.CREATED data between X days ago and Today. With this newly created label, create a new patch schedule to do aggressive patching, and next run that patch schedule at a fairly small interval (like every hour).
Here is the process step by step:
- Create a new Machine Label, and call it “Created 1 day ago”
- Create a Smart Label with the following SQL query in it:
select MACHINE.*, C.CLIENT_CONNECTED, UNIX_TIMESTAMP(now()) - UNIX_TIMESTAMP(LAST_SYNC) as LAST_SYNC_TIME,
UNIX_TIMESTAMP(LAST_SYNC) as LAST_SYNC_SECONDS
LEFT JOIN KBSYS.KUID_ORGANIZATION O ON O.KUID=MACHINE.KUID LEFT JOIN KBSYS.SMMP_CONNECTION C ON C.KUID = MACHINE.KUID AND O.ORGANIZATION_ID = 1
where DATE(CREATED) BETWEEN DATE_SUB(CURDATE(), INTERVAL 1 Day) AND CURDATE()
- Create a new patch schedule, and target the label you just created.
- Set it to do a Detect and Deploy on all patches and upgrades (or whatever you’d like to patch with)
- Set the interval to run every 30 minutes or 1 hour
Tip: a custom cron schedule is needed for that. For 30 minutes every monday through friday, the crontab will look like this:
*/30 * * * 1-5
This completes the tasks needed.
Now anytime new machines are checking in, they will fall under that label, and will get their patches right away. 2 days later, they will fall out, and then fall in line with whatever other patch schedules you have for these machines.
Set a prompt informing the users explicitly regarding the reason their machine is being patched, then add a fairly restrictive user prompt for reboot and snooze option, which would give the user just enough time to save their work, but not wait all day to do their patching.