How to: Delete patches from target machines using a Custom Action

Version 12

    Purpose

     

    This document will give customers a viable method to remove patches from target machines on demand if hard drive space is an issue.  This will remove patches from the C:\Windows\ProPatches\Patches folder.

     

    Cause

     

    The option Remove Temp Files in the Deployment Template no longer deletes patches from the C:\Windows\ProPatches\Patches folder after patch deployment finish.  The patches are now deleted 180 days after deployment in Protect 9.2.

     

    Resolution


    The Custom Actions feature can be used to delete all files from C:\Windows\ProPatches\Patches after patch deployment finish.  Since some patches install at reboot, this should only be used in combination with a Scan Template that only scans for the Custom Action patch type.  This should not be used during production patch deployments.

     

    Creating the Custom Actions Scan Template:

     

         1. Click on New > Patch Scan Template

     

         2. Name the Scan Template, our recommendation is Custom Actions Scan.

         3. Uncheck Security Patches under Patch Properties

         4. Check Custom Actions

         5. Save the Scan Template.

     

     

    Creating the Custom Actions Deployment Template:

     

         1. Click New > Deployment Template

     

        2. Name the Deployment Template, our recommendation is Custom Actions Delete Patches From Target

        3. General tab:

             a. Uncheck Send Tracker Status    

              b. Check Remove Temp Files

         4. Post-deploy Reboot tab:

              a. Choose Never reboot after deployment

     

         5. Custom Actions tab:

              a. Click New

              b. Set Step 1 to: All Deployments using this template

              c. Set Step 3 to: After all Patches

              d. Set Step 4 to: if exist "%PathtoFixes%..\..\Patches" (del /Q /F "%PathtoFixes%..\..\Patches\*.*")

              e. Click Save

     

    This will delete all files in the specified path. Be certain to enter the correct path to avoid deleting unintended files.  Our recommendation is to copy and paste the command from Step 4 above instead of typing it. Customers assumes all risk when running commands to automatically delete files and should test before implementing in production.

     

         6. The Custom Action tab should look like this:

     

         7. Click Save

     

    How to use your new Scan and Deployment Templates:

     

    This example will be using the Home Page to setup a scan with automatic deployment due to ease of use.  The Home Page is displayed when you open Protect, you can also navigate to it by clicking the Home button in the upper left corner of the screen.

         1. Name this operation:

              a. Give the job a name, our recommendation is to give it a name that makes sense to you. Customer Actions Delete Patches is an example

         2. Select/confirm targets:

              a. Choose the Machine Group you want to run the Custom Action against

         3. Select schedule:

              a. Choose when you want to run the job, in this example we choose to run Now

         4. Select/confirm operation:

              a. Select your Custom Actions Scan template

              b. Enable Auto-deploy patches after scan

              c. Select your Deployment Template

             d. Select Install Immediately

         5. Click Scan now

     

    At this point, Protect will scan the target machine and run the Custom Action against them without reboot.  All of the files located in the C:\Windows\ProPatches\Patches folder will be deleted.

     

    Affected Product(s)

         

    Protect 9.2