Provide setting to allow Superseded Patches to be Inactivated after a Delay of 30 Days
Currently we patch all Test/Dev servers following MS Patch Tuesday with all current patches.
We then patch all Production Servers with those same patches 1 month later.
Since Microsoft Supersedes patches every month, causing the patches from 1 month to be superseded before the Production Servers get patched, and we tell SMA to Inactivate Superseded Patches, they never get installed on Production Servers.
If we could have a setting to delay the "Inactivate Superseded Patches" for 1 month or any number of days, we would then be able to patch our Production Servers 1 month behind our Test/Dev servers and still be in compliance with patching.
Harry Hubler
shared this idea
-
Jeff Caniglia
commented
We have the same issue/need. We do controlled rollouts for both workstations and servers over a 4 week period, working patches through test groups and then finally out to general users. If we are not very aggressive about it and ensure patching is complete prior to Microsoft’s next release our systems are no longer able to be patched.
We currently must disable the auto inactive option to ensure everything gets patched; this in turn causes reporting issues.
I’d expect this would be a high priority item and classified as a fix rather than a feature request given that it is addressing end point security and reliability in reporting on a production environment.