This document is meant to describe the best practices for the order in which to apply updates with Protect when using agentless patch scanning and deployment.
When preparing to deploy updates to your systems with Shavlik Protect, it is best to follow the order listed below:
- If you wish to deploy software using the software distribution feature of Protect, do so first.
See the following document for more information on software distribution: http://community.shavlik.com/docs/DOC-23116
- Run a patch scan for Security Patches and/or (optional) Non-Security Patches and Security Tools.
More info about creating a patch scan template can be found here:
- View scan results. How many service packs show missing? These should be applied prior to patches/hotfixes.
- Deploy operating system level service packs first.
- Run your patch scan again after applying OS level SPs.
- Deploy any remaining service packs. Take into account that each service pack must be deployed separately, and each service pack will require a reboot.
This can seem tedious, however, it's important that you do service packs first. Service packs may update the base code for the application as well as apply currently missing updates during the process. New updates may be required once the service pack is applied as well.
- After all service packs have been applied, run a patch scan on the systems once more, and then deploy missing patches.
More information about agentless deployment of service packs and patches can be found in Protect's online Help under "Agentless Patch Management Tasks".
Protect Online Help:
Additional Information from Microsoft about best practices for applying updates can be found here:
Shavlik Protect 9.x
vCenter Protect 8.x