×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
Helix Automation Console 19.11 ... Using Patch policies

Working with patch policies

This topic provides instructions on adding, viewing, editing, disabling, or removing patch policies. 

To understand the concept of patch policies, see Patch policies

Adding a patch policy

On the Manage > Patch Policies page, click Add Policy and do the following:

  1. Enter a unique name for the policy. 
  2. Click Browse to select a catalog.
    Catalogs are created in TrueSight Server Automation.
  3. Click  and choose one of the policy filters:
    • Patch Classifications (only for Windows). Select this filter to scan assets based on classifications such as Security Patches, Security Tools, and Non-Security Patches.
      To skip service packs while scanning assets, select Exclude Service Packs
    • Include Patch Groups. Select this filter to scan assets based on the patch groups that exist in Server Automation. 
      To exclude a specific set of patches, select one or more patch groups and save your options. 
  4. To specify targets, do one of the following:
    • Select all assets enrolled in the endpoint manager.
    • Select Asset Groups (server groups or server smart groups in Server Automation) and then select one or more groups. 
  5. In the Patch Schedule section, specify a schedule for the policy:
    • Daily: Click the clock icon in the Time field, and specify the time.
    • Weekly
      1. From the Recur Every list, select the number of weeks after which the policy should run again. 
      2. Click the clock icon in the Time field, and specify the time.
      3. Specify the days of the week when the schedule should run.

    • Monthly: Click the clock icon in the Time field, specify the time, and then specify one of these options:

      • Specify the frequency (first, second, third, or fourth) and the day of the week for the schedule.

      • Specify the day in every month when the schedule should run. 

      • Select the last day of every month.  

      The schedule summary is displayed.

      Can I schedule a policy in another timezone?

      No. Automation Console shows the browser time zone. You can only schedule policy scans in the local time zone.

After you save the patch policy, it is enabled and appears on the Manage Policies page. When you create a policy, in Server Automation, the policy is saved at the Jobs/<username>_<user_role>/<Policy_Name> location.

Viewing patch policy results

After a policy runs on the selected assets according to the schedule, the results are displayed on the Manage Patch Policies page.

You can see the policies available in the product and additional information such as name, scope of the policy scan according to the assets, the date and time of the last run, and the status.

On the Manage > Patch Policies page, do the following:

  1. Click the policy name.
    The Scan Run Results page shows results of each policy scan according to the schedule.
  2. To view results for any previous scan, click on the scan in the Scan Start Time column. 
    The following image shows the results of a policy scan.

    The following details are displayed: 
    • Total number of assets scanned by the policy
    • Number of assets that were scanned successfully or with warnings, and failed scans
    • List of assets scanned by the policy and the number of missing and installed patches on these assets
    • Log for the policy that contains errors and warnings, if any
    • Date, time, and duration of the policy scan
  2. To view the policy results for each asset, click the asset name.

    You can see each installed and missing patch identified on the selected asset.

Editing a patch policy

On the Manage > Patch Policies page, do the following:

Warning

When you edit, disable, or remove a policy, all missing patches displayed after the last scan are removed from the Automation Console.

  1. Select a policy and click Actions > Edit.

  2. Update the policy details, and click Update

 Missing patches according to the new configurations are displayed after a successful scan.

Disabling and enabling a policy

You may want to stop running scanning policies for a while or the policy may no longer be relevant. To stop the policy from running, disable the policy. 

On the Manage > Patch Policies page, do these steps: 

  • Select a policy and click Actions > Disable and click Continue
    The policy status changes to Disabled and the policy no longer runs according to the schedule. It still appears in the patch policy list. 
  • To view details of a disabled policy, click Actions > View
  • Select a policy and click Actions > Enable.
    The policy status changes to Enabled and the policy runs according to the schedule. New missing patches are reported after a successful scan. 

Removing a patch policy

You cannot delete a policy if it is used by any operation. In such a case, delete the operation first, and then delete the policy. 

When you remove a policy from the BMC Helix Automation Console it continues to exists in TrueSight Server Automation. 

On the Manage > Patch Policies page, do the following:

  1. Select a policy and click Actions > Remove.
  2. Click Continue
Was this page helpful? Yes No Submitting... Thank you
Last modified by Adlapalli sunil kumar Achary on Jun 11, 2020
patch_policy

Comments

Log in or register to comment.

Patch policies
Scans
© Copyright 2019 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.