Topic
  • 4 replies
  • Latest Post - ‏2013-10-03T15:04:56Z by martinc
rich872
rich872
2 Posts

Pinned topic Stop BigFix from Patching Exchange

‏2013-10-02T15:06:24Z |

We recently implemented bigfix to patch all of our servers with windows server securtiy updates.  The problem is it is also patching our Exchange 2007 application with updates.  It installed update rollup 11 on my exchange servers.  How can we stop bigfix from patching Exchange?  Thanks.

  • martinc
    martinc
    4 Posts

    Re: Stop BigFix from Patching Exchange

    ‏2013-10-02T19:43:59Z  

    You have not provided that much info on your patching process, but I think there 2 parts to this that we can break it down to:

    1. Do you want to stop patching everything on the exchange servers

    2. Do you want to stop applying Exchange patches, but keep doing the OS patches on the exchange servers?

    If you are trying to do #1, then when you are targeting the action, just exclude the exchange servers. If you are using groups, then filter the exchange servers out of the group

    If you are trying to do #2, then just remove the exchange fixlets from your baseline.

    Martin

  • liuhoting
    liuhoting
    1 Post

    Re: Stop BigFix from Patching Exchange

    ‏2013-10-03T00:54:12Z  
    • martinc
    • ‏2013-10-02T19:43:59Z

    You have not provided that much info on your patching process, but I think there 2 parts to this that we can break it down to:

    1. Do you want to stop patching everything on the exchange servers

    2. Do you want to stop applying Exchange patches, but keep doing the OS patches on the exchange servers?

    If you are trying to do #1, then when you are targeting the action, just exclude the exchange servers. If you are using groups, then filter the exchange servers out of the group

    If you are trying to do #2, then just remove the exchange fixlets from your baseline.

    Martin

    You can also hide content by right clicking on it in the console and hitting globally hide or local hide.

  • rich872
    rich872
    2 Posts

    Re: Stop BigFix from Patching Exchange

    ‏2013-10-03T11:55:57Z  
    • martinc
    • ‏2013-10-02T19:43:59Z

    You have not provided that much info on your patching process, but I think there 2 parts to this that we can break it down to:

    1. Do you want to stop patching everything on the exchange servers

    2. Do you want to stop applying Exchange patches, but keep doing the OS patches on the exchange servers?

    If you are trying to do #1, then when you are targeting the action, just exclude the exchange servers. If you are using groups, then filter the exchange servers out of the group

    If you are trying to do #2, then just remove the exchange fixlets from your baseline.

    Martin

    Yes, its #2 that we want to accomplish.  So removing the Exchange fixlets from the baseline will stop any future Exchange updates from being installed?

  • martinc
    martinc
    4 Posts

    Re: Stop BigFix from Patching Exchange

    ‏2013-10-03T15:04:56Z  
    • rich872
    • ‏2013-10-03T11:55:57Z

    Yes, its #2 that we want to accomplish.  So removing the Exchange fixlets from the baseline will stop any future Exchange updates from being installed?

    Well... :)

    This stops your baselines actions from applying them, but it is still possible to select the fixlet and deploy it to the system. This really goes back to how you design your processes. You can create the baselines and put them in a custom site and only give access to the custom site to the people who would submit the action. This way they could not see the fixlets in the Patches for Windows site. You could hide the fixlets as liuhoting mentioned, but if everyone is MO, then this will not work. You could also restrict access to the Exchange servers to a select few so that only they can deploy patches to those systems.

    I think that there are quite a few ways to handle this situation, but it really comes down to your internal processes. Since I do not know thing like who patches, who has access to the console, infrastructure layout, AD layout and a few other things, it is difficult to come up with a solution.

    Martin