How can we improve the SMA (K1000)?

Get rid of 'All Devices' in Patch Management

Get rid of the check box (or GREATLY restrict access or Allow it to be disabled) for 'All Devices' in Patch Management. This box is extremely dangerous and can be devastating to companies. If you really need to patch to all devices at once then build a LABEL so that you are fully aware of what you really intend to do. We have had several people select that box when rolling patches to a handful of servers (thinking 'yeah, I want to patch all my systems in this patch schedule'), rebooting ALL systems in the middle of the day.

115 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    G-ManG-Man shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    8 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Jim WJim W commented  ·   ·  Flag as inappropriate

        Hey Nick, This needs to be moved out of review and done asap since version 7 has removed functionality that allowed us to set up the user console section for Tier 1 to be able to deploy approved software without having access to "all devices" in addition to the patch management.

        Version 7 has removed functionality and placed a significant workload back onto our shoulders.

      • Keith VKeith V commented  ·   ·  Flag as inappropriate

        I don't know if this is a version thing or IE issue but if you remove your devices and leave the device field blank in patching when you save it Kace checks all devices for you. This does not occur in Scripting.

        All devices including servers patched and rebooted, over 400 devices because of this issue during the work day. .

      • Jim WJim W commented  ·   ·  Flag as inappropriate

        I agree completely. We would like to give Tier 1 techs the ability to push approved software installs to clients but this inability to hide the all devices option is keeping us from doing so.

      • Drew WhittleDrew Whittle commented  ·   ·  Flag as inappropriate

        We had yet another incident of a well meaning apps team member deploy to all devices (7000+) and reboot during business hours.

        I've been handed down a mandate to either fix this or abandon Kace as our management platform. My hands are tied with what Dell is offering me.

        This could be as simple as having the granularity in Security to allow a user/role to "Run" the schedule without the ability to "Modify" the job.

        What's up Dell? You're about to lose an Enterprise account.

      • Mark HMark H commented  ·   ·  Flag as inappropriate

        I hold my hand up! I made this mistake. I saw the box come up "Do you want to deploy to all devices" - I didn't read it properly, ticked OK and only realised my mistake as the calls started coming in! It is very easy to do despite the warnings.

        There has to be a better way of doing this one.

      • BlaiseGBlaiseG commented  ·   ·  Flag as inappropriate

        I agree! Hide this option on any page where it appears. This is one of the first things we say to NEVER, EVER do to anyone that is granted access to our appliance.

        And don't tell me, "You've not selected any targets. Do you want to deploy to all devices?" NEVER, EVER. Just warn me that no targets have been selected and let me decide.

      • Tom PetersonTom Peterson commented  ·   ·  Flag as inappropriate

        All Devices in Patch Management, Scripting, etc. should be able to be hidden or disabled. Rolling it into permissions/roles would be good, because while I want my technicians to have access to pushing out scripts, I definitely don't want them to be able to accidentally push to all devices.

      • Sherie DrewSherie Drew commented  ·   ·  Flag as inappropriate

        I agree. We just had an issue because it is located under the dropdown menu for the list of scripts to select in the Run Now page. Another options is to make this an option that companies could turn off in preferences. It is not a feature we would ever use because we want more granular control and would push to stations in smaller batches than everyone at once.

      Feedback and Knowledge Base