Patching needs a Workflow Builder with Scripts, Notifications, Machine Actions.
KACE needs the ability to build out a patching session as a workflow.
With a Pacthing Workflow you can add in functions such as separate OS and Application patching schedules, Notifications, Scripts, Machine actions, etc. and have them all run within a set overall time and recieve vaulable notifications as the process is running or if something isn't working.
Currently I have to run scripts before and after certain servers are patched to manage applications/services so a Detect and Deploy job with multiple reboots doesn't corrupt data. Whenever a schedule time needs adjusted, changes have to be made all over the place to prevent potential unplanned outages and have functional patching sessions for my servers.
How would this ideally look:
Workflow: Provide a if/then ability for each step based off success/failure.
Workflow Schedule: Allow the time to be set to run and end at a specifc time just like a patching schedule, make the time value available throughout the workflow builder to help keep all steps managed.
Scripts: allow them to run with specific domain service accounts (Securely stored passwords would be a requirement)
Scripts: Powershell is a must.
Scripts: setup a time frame for them as well with some way to kill the process if it doesn't complete in time.
Notifications: set a notification option inside every step of the workflow.
Step Time Management: Set a minimum/maximum time for each step that runs inside a Workflow and a check against the overall workflow alloted time to verify that all the step minimum/maximum values are capable of completing in the workflow.
Machine Actions: Reboot, Shut Down, Run a program locally, etc.
Caveats:
I haven't done more than a cursory glance at scripting in KACE, maybe some of the features for Scripts already exist.
The time management of the steps would be a pain to build out and get running smoothly, but the ability to take a designated workflow that's been setup correctly and change the start time to a different date/time would save much time and aggravation and be much safer when managed from a central place vs. KACE and various other machines running scripts via Task Scheduler.
Tim Lawhead
shared this idea
Thank you for your suggestion. We encourage others to “vote this up” to help prioritize it for future releases.
-
Cody Lee
commented
This is definitely needed. Currently KACE does not work or play nice with patching and the use of Cylance AntiVirus due to an issue with Patchlink.com.
The current recommendation from KACE is to run a script to remove the Patchlink.com registry entry from each system to be patched before you run a detect or a deploy. Being able to just set all of our Patching Schedules to automatically run this kscript before hand would be amazing.
The same thing could be said about running kscripts after patching has completed. In order to make sure there are no pending reboots or that KACE Agent did not properly kick off the forced reboot, we have to run another kscript scheduled for after the patching window.
It would make my life a lot easier to change the schedule in one spot for both scripts running before a patching schedule, as well as the patching schedule itself.
I wouldn't imagine it would be that difficult to add this functionality since as long as the script exists and as an ID in KACE, it would merely trigger a "Run Now" for each machine.
Please add in this functionality to the next release.