Get rid of 'All Devices' in Patch Management
Get rid of the check box (or GREATLY restrict access or Allow it to be disabled) for 'All Devices' in Patch Management. This box is extremely dangerous and can be devastating to companies. If you really need to patch to all devices at once then build a LABEL so that you are fully aware of what you really intend to do. We have had several people select that box when rolling patches to a handful of servers (thinking 'yeah, I want to patch all my systems in this patch schedule'), rebooting ALL systems in the middle of the day.
Addition of option to disable “All Devices” checkbox in Patching was completed in v7.0.
Jim W commented
Hey Nick, This needs to be moved out of review and done asap since version 7 has removed functionality that allowed us to set up the user console section for Tier 1 to be able to deploy approved software without having access to "all devices" in addition to the patch management.
Version 7 has removed functionality and placed a significant workload back onto our shoulders.
Keith V commented
I don't know if this is a version thing or IE issue but if you remove your devices and leave the device field blank in patching when you save it Kace checks all devices for you. This does not occur in Scripting.
All devices including servers patched and rebooted, over 400 devices because of this issue during the work day. .
Jim W commented
I agree completely. We would like to give Tier 1 techs the ability to push approved software installs to clients but this inability to hide the all devices option is keeping us from doing so.
Drew Whittle commented
We had yet another incident of a well meaning apps team member deploy to all devices (7000+) and reboot during business hours.
I've been handed down a mandate to either fix this or abandon Kace as our management platform. My hands are tied with what Dell is offering me.
This could be as simple as having the granularity in Security to allow a user/role to "Run" the schedule without the ability to "Modify" the job.
What's up Dell? You're about to lose an Enterprise account.
Mark H commented
I hold my hand up! I made this mistake. I saw the box come up "Do you want to deploy to all devices" - I didn't read it properly, ticked OK and only realised my mistake as the calls started coming in! It is very easy to do despite the warnings.
There has to be a better way of doing this one.
I agree! Hide this option on any page where it appears. This is one of the first things we say to NEVER, EVER do to anyone that is granted access to our appliance.
And don't tell me, "You've not selected any targets. Do you want to deploy to all devices?" NEVER, EVER. Just warn me that no targets have been selected and let me decide.
Tom Peterson commented
All Devices in Patch Management, Scripting, etc. should be able to be hidden or disabled. Rolling it into permissions/roles would be good, because while I want my technicians to have access to pushing out scripts, I definitely don't want them to be able to accidentally push to all devices.
Sherie Drew commented
I agree. We just had an issue because it is located under the dropdown menu for the list of scripts to select in the Run Now page. Another options is to make this an option that companies could turn off in preferences. It is not a feature we would ever use because we want more granular control and would push to stations in smaller batches than everyone at once.