"Lock" a patch label
Our current patching procedure involves running a test job of newly released patches from our smart labels on the Wed. following Patch Tues. We run this test job on approx. 10 IT lab PC’s + the PC’s of users who use critical applications. Once the test job and application testing is complete, we would like a way to lock the patch job to prevent additional patches from being added to the Smart Labels. Currently, patches that are downloaded to the K1000 subsequent to our testing and prior to the scheduled company-wide patch deployment can be dynamically added to the Smart Labels (so patches that were not tested could potentially be added and deployed). We can no longer accept this risk. We want to continue using the Smart Labels for patching convenience but we must have a way to “lock” the patch job at the point where we do our test patch deployment (so the users only get the patches that were tested!).
Marcus Gormsen commented
You cannot though Don,
That release date is based on the Vendor's release date. If Kace takes a few days to receive the patch, then uses the Vendor's release date, it could bridge the gap of what your test PCs received, but then still make it to production. We just had this happen last month. Our release date on our patch label was set to 7/16/2019. We patched our test group that night. Well Google Chrome had an update come out on 7/15/2019 that didn't reach Kace until 7/17/2019, but since the Vendor Release Date was prior to 7/16/2019, all of our production PCs received the untested patch a week later.
Don Kiiskila commented
You can do that easily by adding release date < XX/XX/XXXX in the form for the patch label