Important

   

This space contains documentation for TrueSight Server Automation 8.9.03 and the later service packs for 8.9. For earlier releases, see BMC Server Automation 8.9.

Creating a Patching Job

This topic describes how to create a Patching Job. A Patching Job identifies missing patches on your servers.

It includes the following sections:

Contents of the Patching Job

A Patching Job includes the following:

  • Analysis — The Patching Job checks the configuration of target servers and determines which patches are needed.
  • (Optional) Creation of remediation artifacts — The Patching Job performs the following actions:
    1. (Microsoft Windows, Solaris only) Downloads the required payload
    2. Packages the payload as a BLPackage
    3. Creates a Deploy Job

      Note

      The Patching Job creates the Deploy Job. The Deploy Job executes according to the schedule you define for Deploy Jobs. 
      By default, the patching job creates the Deploy Job but does not run it. However, if users schedule a Deploy Job as part of a Patching Remediation Job to execute immediately (using the Execute Now option), the Deploy Jobs are chained to the parent Patching Job, and the parent Patching Job is marked as complete only after the Deploy Job finishes execution.
      If you have permission for the analysis part of a Patching Job, then you also have permission for the remediation part of the job.

Before you begin

  • You need to enable the required permissions for anyone responsible for creating and executing the patching job, see Role-based permissions for creating and running a patching job for the list of permissions. In addition, ensure that anyone who can view results of the Patching Job, has the DepotObject.Read permission enabled for the patch catalog that is used for the analysis.
  • (Solaris Only) For an agent, running on a target server in single-user mode, to mount a source location using the NFS transmission protocol, the following must be done prior to deployment:
    • Enable NFS client services on the target server.
    • Change the server property setting, DEPLOY_ALLOW_NFS_DURING_SUM, to true.

For more information, see Using NFS to mount a location while running single-user mode.

To create a Patching Job

  1. In the Jobs folder, navigate to the folder where you want to create a Patching Job.
  2. Do one of the following actions:
    • Right-click and select New > Patching Job >platformNamePatching Job. For example, Microsoft Windows Patching Job, Solaris Patching Job.
    • Right-click a specific server and select Patch Analysis.
    • Right-click a catalog and select Analyze Using This Catalog.
  3. Provide information for the Patching Job as described in the following topics.

     PanelDescription  
     Patching Job - General

    On the General tab, you can enter following basic information about a Patching Job:

    Name

    Enter the name of the Patching Job.

    Description

    Enter some information about the Patching Job.

    Save inSelect a folder where you would want the job to be stored.

    Specify a Catalog

    Browse to and select a patch catalog.

    Unlimited

    Select this to have the job to run in parallel on as many target servers as possible.

    Limited

    Select this to have the job to run in parallel on a specific number of target servers.

    Set Execution Override

    Select when the Patching Job always execute as the user, BLAdmin, and the role, BLAdmins.

    Clear Execution Override

    Select when the Patching Job always execute using the user and role that scheduled the job.

     Patching Job - Analysis OptionsComplete one of the following panels, based on patch platform.
     Patching Job - Analysis Options for Microsoft Windows

    A Patching Job checks the configuration of patches on specific servers according to the filters defined as part of the job definition.

    You can select List and create an Include/Exclude list for specific patches through the Include or Exclude Selection dialog box. You can specify the patches that you want to include or exclude, or you can specify a .txt file that contains a list of QNumbers for these patches.

    BMC recommends only adding those patches that you want to test against the target, to the include list, because adding additional patches to the include list might increase the time taken to analyze the target.

    Note

    During analysis, shavlik filters out patches that have been superseded by later patches and only displays the latest applicable patch as missing. However, shavlik does not filter the patches added to the include list and all patches in the include list will be tested against the target.

    If you do not select List, you can choose from one of the following analysis options:

     Click here to see a description of the options.

    Field definitions

    Security patches (Recommended)

    Analyze patches that address security vulnerabilities. The Patching Job performs analysis against all patches in the patch catalog. Any security patch in the catalog that is found to be missing from the target being tested will show as missing in the Job Run Log.

    Security tools

    Analyze patches that prevent or clean up malicious software.

    Non-security patches

    Analyze performance-related fixes, fixes for known bugs, and hardware drivers.

    Exclude Service Packs

    (Optional) Select when you do not want to include service packs in the analysis results.

     Patching Job - Analysis Options for Solaris

    You can select List and create an Include/Exclude list for specific patches through the Include or Exclude Selection dialog box, or choose from one of the following options:

     Click here to see a description of the options.

    Field definitions

    Analyze all Patches

    Select to analyze all patches contained in the patchdiag.xref file.

    Analyze Recommended patches

    Select to analyze patches that were recommended by the vendor according to information contained in the patchdiag.xref file.

    Analyze Security patches

    Select to analyze patches that address security vulnerabilities.

    Analyze Without Dependencies

    Analyze the patches from the Include List without analyzing associated dependencies.

     Patching Job - Analysis options for AIX

    A Patch Analysis Job on AIX does not show any fileset or BFF file dependency issues in the analysis log files and the Deploy Job might fail. You must ensure that all the required filesets and BFF files are installed on the target computer. You can create an Include/Exclude List for specific patch containers (PTFs or APARs) through the Include or Exclude Selection dialog box, or choose from one of the following options:

     Click here to see a description of the options.

    Analysis Option

    Choose one of the following options for the Patch Analysis:

    • Stop Analysis if any applied fileset found
      Stop analysis on any target server that has filesets in the applied state (installed but not committed).
    • Use Patch global configuration settings
      Use the settings in the Global configuration parameters.
    • Continue Analysis if any applied fileset found
      Continue analysis on any target server that has filesets in the applied state (installed but not committed).

    Analysis Mode

    Choose either Install Mode or Update Mode.

    For AIX, the Patch Analysis Job fails in the Install Mode because of missing rpms in the repository. A single repository will contain updates for all available packages. The Install Mode is intended to install new packages on the target. Hence, BMC recommends the use of Install Mode on selective packages, rather than using the Install Mode on the complete repository.

    Upgrade Installp during analysis

    Depending on how you want to upgrade the ‘bos.rte.install’ package, choose one of the following options:

    • Skip: The ‘bos.rte.install’ package on the target is not upgraded.
    • Apply: The ‘bos.rte.install’ package on the target is upgraded to the later version available in the catalog during the analysis. ‘bos.rte.install’ is deployed on the target in the applied state.
    • Apply and Commit: The ‘bos.rte.install’ package on the target is upgraded to the later version available in the catalog during the analysis. ‘bos.rte.install’ is deployed on the target in the committed state.

    Note: Using Apply and Apply and Commit options, the Patch analysis is done in one pass only.

    Additional Installp option

    (Optional)

    Enter any additional options that you want to use with the Installp command. By default, TrueSight Server Automation passes the following options: -V -e -p -a -Y -g -d -f to the Installp command.

    Warning:

    • The options that you enter here are passed in addition to the default options passed by TrueSight Server Automation. You cannot modify these default options.
    • The options entered in this field are directly passed to the Installp command.

    NEW IN 8.9.03.001Analyse with efix/ifix

    Select this option if you want to run the patch analysis job when an eFix/iFix is installed on the target machine. The efix must be part of a service pack. By default, the checkbox is not selected.

    Note: If the eFix on the target server machine is not part of a service pack, BMC recommends you to remove the efix and execute the analysis job.

    Group

    Select to use the entire patch catalog for patch analysis.

    List

    Create an Include List or an Exclude List, depending on your requirements. For an APAR or PTF-based catalog, you can create an Include List for specific APAR or PTF IDs. You can also create an Exclude List for a specific fileset. Use this option if inclusion of the fileset would lead to deployment failure, such as if the fileset had dependency issues, whereas exclusion of the fileset would result in successful analysis and deployment.

    Analysis of a specific APAR or PTF includes the entire service pack. Therefore, the version of the target server is upgraded to the same version as the service pack that was analyzed.
    Note: Exclusion is the only action you can perform at the fileset level.

     Patching Job — Analysis Options for Red Hat Enterprise Linux, Oracle Enterprise Linux or SUSE Linux Enterprise
     Click here to see a description of the options.

    On the Basic Options tab, you can perform the following actions:

    1. (Additional step for SuSE Patching only) Select whether you want to perform patching using the Zypper or yum tool.

       Click here for more information about the Zypper patching tool.

      An improved packaging framework called Zypper has been introduced in SUSE Linux 10.3 and later versions. TrueSight Server Automation now supports patching using the Zypper packaging framework. Because Zypper is an improved packaging framework, BMC strongly recommends using the Zypper tool for patching instead of the existing YUM patching tool.

      Important

      • Ensure that you have Zypper 1.3.7 or later is installed on your SuSE repository server, before you use Zypper for patching.
      • BMC strongly recommends using Zypper when creating a patching job for a patch catalog that was created using the Subscription Management Tool (SMT).
    2. Choose one of the following options:
      • Analyze for missing RPMs and updates available for installed RPMs on a target server (Install Mode).

        Notes

        Do not choose Install Mode if you are including all errata or all RPMs from the catalog. Various conflicts and dependency issues between RPMs may occur because Install Mode attempts to install RPMs for which the base versions or earlier versions are not present.

        You are not required, nor is it recommended, to include the default RPMs Patch smart group that is part of the catalog. If no includes are specified, the analysis will check for the missing patches for the target server OS version and platform. If the include list is specified, there will be an explicit check for each rpm in the patch smart group.

      • Analyze only for updates available for installed RPMs on a target server (Update Mode).

      • (Additional option for SuSE if you are patching with Zypper) Analyze only for distribution upgrade or service pack upgrade (Dist-Upgrade Mode).

        Important

        If you have created a SuSE patch catalog in the online mode, you can only update your target from the existing OS level to the next OS level. For example, to update a target from SuSE Linux Enterprise 11 SP2 to SuSE Linux Enterprise 11 SP4, you must first update your target to SUSE Linux Enterprise 11 SP3, and only then upgrade to SUSE Linux Enterprise 11 SP4.

        Note

        Zypper supports updates for distributions and service packs, which is not supported by the YUM patching tool. The Zypper method of analysis automatically skips distribution and service pack upgrade-related rpms during normal package updates (Install mode and Update mode). In yum method of analysis, however, the distribution and service pack upgrade-related rpms must be manually excluded during the normal package updates. As a result, you may find a difference in the analysis results of Zypper and yum.

        Your selection between Zypper and Yum is captured in the job property OTHER_LINUX_ANALYSIS_PATCHING_TOOL, with a value of 0 for Zypper or 1 for Yum (the default). This job property is available as of TrueSight Server Automation 8.9.01.

          Click here to see steps to for upgrading SuSE 11 SP1 to SuSE 11 SP2 using zypper

        For an online catalog:

        1. Create a SuSE online catalog for SuSE 11 SP2 by selecting following repositories during filter selection:
          • SLES11-SP2-Update
          • SLES11-SP2-Pool
          • SLES11-SP1-Update
          • SLES11-SP2-Pool
        2. Run the patch analysis job using the patch catalog created above.


        For an offline catalog:

        1. Provide URLs for the following repositories in SuSE downloader config xml and run the offline downloader
          • SLES11-SP2-Update
          • SLES11-SP2-Pool
          • SLES11-SP1-Update
          • SLES11-SP2-Pool
        2. Create the offline catalog by providing repository created by offline downloader.
        3. Run the patch analysis job using the patch catalog created above.
    3. Create an Include/Exclude list for specific patches through the Include or Exclude Selection dialog box to override the default, which includes the entire Patch catalog in the analysis.

      (only for 8.9 SP1 and later releases) For more information about Include/Exclude list optimizations in Red Hat patch analysis using the By Complete Package Name and By Package Name only options, click the following link:

       Click here to expand information about optimizations in the Include/Exclude list for Red Hat

      TrueSight Server Automation can automatically select the appropriate rpm version or versions while including or excluding an rpm package in an RHEL patch analysis job. To enable this version optimization, select the By Package Name Only option while including or excluding patches. Whenever any rpm package is selected with the By Package Name Only option, TrueSight Server Automation automatically performs the following:

      • In case of an include patch operation—includes the latest rpm version of the package from the catalog, even if that version is not manually selected
      • In case of an exclude patch operation—excludes all rpm versions of the package from the catalog, even if all versions are not manually selected

      You can still individually specify rpm versions for include or exclude by selecting the By Complete Package Name option. When this option is selected, TrueSight Server Automation does not automatically include or exclude any rpm version that is not manually selected by the user from the catalog. Whenever any rpm package is selected with the By Complete Package Name option, TrueSight Server Automation automatically performs the following:

      • In case of an include patch operation—includes the latest rpm version of the package, from the selected rpm packages
      • In case of an exclude patch operation—excludes all rpm versions of the package, from the selected rpm packages

      Important

      The exclude operation takes precedence over the include operation. Therefore, If a package is excluded with the By Package Name Only option, all versions of the package will be excluded from analysis, even if specific versions are manually included.


      Examples:

      When a selection is made with the By Complete Package Name option you can manually select each version to include or exclude from the catalog.

      Manually select each version from the catalogSpecific versions displayed in the Include/Exclude list
      When a selection is made with the By Package Name Only option, you can select any one version of the rpm packages and TrueSight Server Automation automatically selects the appropriate versions for the packages.

       
      Select any one version of the rpm packages Only package names are displayed in the Include/Exclude list

    On the yum.conf tab, perform either of the following actions:

    • Select the Use Patch Global Configuration File check box if you want to use a yum.conf file with default settings provided with TrueSight Server Automation.

    Or

    • Deselect the Use Patch Global Configuration File check box if you want to use a custom yum.conf file. You can customize the yum.conf file to configure the different patch analysis and deployment parameters. Your desired entries should be added in the text box provided. 

       Click here to see a sample of a yum.conf file.

      [main]
      debuglevel=4
      logfile=/var/log/yum.log
      pkgpolicy=newest
      distroverpkg=RedHat-release
      tolerant=1
      obsoletes=1
      plugins=0
      gpgcheck=0
      bootloader=1

    Notes

    The system default /etc/yum.conf file is not used in either of the above cases. 

    In addition to the options listed in the sample yum.conf above, if you want to avoid the removal of old RPMs during patch analysis when a native yum is used, you can include the installonly_limit option in the yum.conf file. For more information, see the description of this issue in Troubleshooting Patch Management issues.

    For more information about all the options that you can include in the yum.conf file, see the yum.conf man page.

    The yum.conf tab applies only to Red Hat Enterprise Linux, Oracle Enterprise Linux, and SUSE Linux Enterprise servers. You can also customize the yum.conf file from the Patch Global Configuration option. For more information, see Global Configuration parameter list.

     Patching Job - Analysis Options for Ubuntu
     Click here to see a description of the options.

    A Patching Job checks the configuration of patches on specific servers according to filters defined as part of the job definition.

    1. Choose one of the following options:
      • Analyze for missing patches and updates available for installed patches on a target server (Install Mode).
      • Analyze only for updates available for installed patches on a target server (Update Mode).

    2. Create an Include/Exclude list for specific patches through the Include or Exclude Selection dialog box to override the default of including the entire patch catalog in the analysis.

    Note

    Depending on which mode you have selected, you cannot perform the following operations:

    • If Install Mode is selected, you cannot exclude a patch or smart group.
    • If Update Mode is selected, you cannot include a patch or smart group.

     Patching Job - Analysis Options for Debian
     Click here to see a description of the options.

    A Patching Job checks the configuration of patches on specific servers according to filters defined as part of the job definition.

    1. Choose from one of the following options:
      • Analyze for missing patches and updates available for installed patches on a target server (Install Mode)
      • Analyze only for updates available for installed patches on a target server (Update Mode)

    2. Create an Include/Exclude list for specific patches through the Include or Exclude Selection dialog box, to override the default of including the entire patch catalog in the analysis.

    Note

    Depending on which mode you have selected, you cannot perform the following operations:

    • If Install Mode is selected, you cannot exclude a patch or smart group.
    • If Update Mode is selected, you cannot include a patch or smart group.

    Patching Job - Remediation Options

    If the Patching Job autoremediates after completion of analysis, enter the following information:

    Create remediation artifacts

    Select to remediate on completion of analysis. All other options are available only if Create remediation artifacts is selected.

    Package name prefix

    Enter text that the Patching Job automatically adds to the name of all BLPackages and Deploy Jobs created. The name of the Patching Job appears as the default.

    Save package(s) in:

    Enter a depot location where the remediation package is stored. By default, the location is the same one used to store the Patching Job.

    Save batch/deploy job(s) in:

    Enter the folder where the Remediation and Deploy Jobs created by the Patching Job are stored. By default, the location is the same one used to store the Patching Job.

    ACL Policy for Package(s)/Deploy Job(s):

    Browse to and select the ACL policy to assign to each BLPackage, Deploy Job, and Batch Job created by the Patching Job.

    Deploy Job Options

    Select to open Deploy Job Options. The options defined here are the same ones defined for any Deploy Job.

    Deploy Job Properties

    Select to open a list of Deploy Job properties. The properties defined here are the same ones defined for any Deploy Job.

    Patching Job - Targets

    Use the Targets panel to choose the servers where this job runs. When first defining and saving a job, you do not have to specify target servers. You can specify target servers at a later time.

    Field definitions

    Field

    Description

    Available Servers

    Specify the operating system of the servers you want to select. To display servers running any operating system, select All.

    By Group, By Name

    Select servers from a tree or sortable list and click the right arrow to move your selections to the right panel

    To select servers:

    • Click the By Group tab at the bottom of the window. The left panel displays servers in a hierarchical list arranged by server group. Choose servers by selecting a server group or selecting one or more individual servers. If you select a server group, the job runs against the servers assigned to that group at the time of execution. The servers assigned to smart groups can change dynamically based on their server properties. You can modify static server groups manually by adding or removing servers.
    • Click the By Name tab at the bottom of the window. The left panel lists servers by name in a Group Explorer view. Sort servers in ascending or descending order by clicking on any column header. Select one or more servers.

    Patching Job - Output

    The Output panel lets you capture job completion status for the current job and use it to populate a predefined property that you created in the Property Dictionary, within the built-in property class for the job targets — the Server, Component, or Device property class.

    The list of properties for selection includes all complex properties of the JobRunStatusEnumeration type. It does not include intrinsic and deprecated properties.

    Using the property that you specify here, you can create smart groups based on the completion status of the current job at the various targets. For example, you can create a smart group that includes all servers at which this job has not yet run or a smart group for all servers at which this job has completed successfully.

    Such smart groups can serve as the targets either in the current job or in other jobs. When used in a separate job, the smart group targets link the execution of one job with the outcome of a previous job. In fact, you can optionally join both jobs together within a Batch Job.

    Patching Job - Default Notifications

    The Default Notifications panel provides options for defining default notifications that are generated when a job completes. If you have set up notifications for a particular scheduled job, those notifications are generated instead of default notifications.

    Default notifications can take the form of emails or SNMP traps. When a job completes, an SNMP trap is sent to a specified server, where it can be read using software that receives and interprets SNMP traps. Default notifications are sent when you run a job immediately (that is, you do not schedule the job) or a scheduled job completes but you have not set up email or SNMP notifications for that scheduled occurrence.

    Patching Job Run Notifications

    FieldDescription
    Send email toLists email addresses of the accounts to notify when a job completes with the status that you specify. Separate multiple email addresses with semicolons, such as sysadmin@bmc.com;sysmgr@bmc.com. After entering email address information, select the statuses that cause an email to be generated.

    Append patch analysis results to email

    Indicates emailed notifications should include detailed patch analysis results.

    Note: This option is relevant only for Patching Jobs and not for Patching Remediation Jobs. You cannot send attachments for Patching Remediation Jobs, or for the child Deploy Jobs of Patching Analysis and Patching Remediation Jobs

    Limit email body size

    Limits the size of email that is generated by appending patch analysis results. Enter the maximum size, in kilobytes, in the text box. The default value is 1000 KB.

    Send SNMP trap to

    Provides name or IP address of the server to notify when the job completes. After entering server information, select the statuses that should cause an SNMP trap to be generated.

    TrueSight Server Automation provides a management information base (MIB) that describes its SNMP trap structure. You can use this MIB to create scripts that integrate traps into your trap collection system. The MIB is located at installDirectory/Share/BladeLogic.mib.

    List failed servers in email notificationIndicates email notifications should list all servers on which a job has failed.

    Create incident on job failure

    Creates an incident in BMC Remedy ITSM if the job fails.

    This option is available if this job type was selected to support the creation of ITSM incidents and a connection to BMC Remedy ITSM was set up. For more information, see Enabling Change Automation for TrueSight Server Automation jobs.

    Note

    Email notification settings specified for a Patching Job with the autoremediation option or for a Patching Remediation Job are propagated to its child Deploy Jobs. You can, however, specify different email notification settings in a child Deploy Job to override the settings in the parent job.

    Patching Job - Schedules

    The Schedules panel lets you schedule a job to execute immediately, schedule a job at a specific time in the future, schedule a job on a recurring basis, and define notifications that are issued when a job runs.

    When scheduling a job, you can perform any of the following tasks:

    • Scheduling a job that executes immediately — To schedule a job that executes immediately, select Execute job now. If your system has been configured to require approval for this job type, select Execute on Approval and then click Browse to display the Change Request Information dialog box. For more information, see Patching Job - Execute on Approval and Change Request settings.
    • Scheduling a job — The Schedule tab lets you schedule a job so it can run one time, recur hourly, daily, weekly, or monthly, or recur at some arbitrary interval. For more information, see Patching Job - Scheduling.
    • Defining job notifications — The Job Notifications tab lets you set up notifications that are generated when a scheduled job runs. For more information, see Patching Job - Scheduled Job Notifications.
    • Providing Change Request information — The Change Request information tab lets you provide Change Request information. This tab only appears when your system has been configured to require approval for this job type. For more information, see Patching Job - Execute on Approval and Change Request settings.
    Patching Job - Properties

    The Properties panel provides a list of properties automatically assigned to a Snapshot Job. In this list, you can modify the value of any properties that are defined as editable.

    For any property that has a check in the Editable column, select the property and click in the Value column.

    • To set a property value back to its default value, click Reset to Default Value .
      The value of the property is reset to the value it inherits from a built-in property class. The Value Source column shows the property class from which the value is inherited.
    • Depending on the type of property you are editing, you can take different actions to set a new value, such as entering an alphanumeric string, choosing from an enumerated list, or selecting a date.
      To insert a parameter into the value, enter the value, bracketed with double question mark delimiters (for example, ??MYPARAMETER??) or click Select Property .

    The following table provides a list of editable properties:

    Property nameProperty typeDescription
    AUTO_GENERATEDBooleanSpecifies whether the object was auto generated.
    DEBUG_MODE_ENABLEDBoolean

    Specifies whether the Debug Mode has been enabled for the patching job.

    If this property is set to TRUE, the logs that are created while performing a patch analysis job on the targets are saved on the Application Server.

     Click here for the location.

     <ApplicationServerName>/ opt/bmc/bladelogic /NSH/tmp/debug /application_server/ <JobName>/ <TimeAndDateStamp> / <TargetServerIPAddress>

    JOB_PART_TIMEOUTIntegerSpecifies the number of minutes the job part or work item should run before it is automatically canceled.
    JOB_TIMEOUTIntegerSpecifies the number of minutes the job should run before it is automatically canceled.
    MAX_PARALLEL_PER_VM_HOSTIntegerSpecifies the maximum number of parallel work items processed per Vitrual Machine host.
    PRIORITYJobPriorityEnumerationSpecifies the priority of the Patching Job
    RESULTS_RETENTION_TIMEIntegerSpecifies the number of days to retain old job runs and job results for the job.
    Patching Job - Permissions
    Using the Permissions panel, you can add individual permissions to an object. You can also set permissions by adding ACL templates or ACL policies. The Permissions list is an access control list (ACL) granting roles access to any objects created in the system, such as depot objects. ACLs control access to all objects, including the sharing of objects between roles. For more information, see the following table:
    TaskDescription

    Adding an authorization

    An authorization grants permission to a role to perform a certain type of action on this object.

    To add authorization to this object, click Add Entry  in the Access Control List area. Then use the Add New Entry dialog box to specify the role and authorization you want to add.

    Adding an ACL template

    An ACL template is a group of predefined authorizations granted to roles. Using an ACL template, you can add a group of authorizations to the object.

    To add an ACL template to the object, click Use ACL Template  in the Access Control List area. Then use the Select ACL Template dialog box to specify an ACL template that you want to add to this object.

    To set the contents of the selected ACL templates so that they replace all entries in the access control list, select Replace ACL with selected templates. If you do not select this option, the contents of the selected ACL templates are appended to existing entries in the access control list.

    Adding an ACL policy

    An ACL policy is a group of authorizations that can be applied to this object but can be managed from one location.

    To add an ACL policy to this object, click Use ACL Policy  in the ACL Policies area. Then use the Select ACL Policy dialog box to specify an ACL policy that you want to add to the object.

    To set the contents of the selected ACL policies so they replace all entries in the access control list, select Replace ACL with selected policies. If you do not select this option, the contents of the selected ACL policies are appended to existing entries in the access control list.

  4. After completing the last step of the wizard, click Finish
    A Patching Job is stored in the appropriate Jobs folder. You can open the job and edit it.

Where to go from here

Performing patch remediation

Was this page helpful? Yes No Submitting... Thank you

Comments