So guys, is there any way to start with a patch scan template and ADD patches to it via patch groups? I can override the entire template using a patch group as a baseline, I can also layer an exclusion group on top of the patch template via patch groups, but I can't take a patch template and add a patch group to it, to include patches that would otherwise be skipped.
Case and point, this time around for meltdown and spectre, we typically only push critical patches to our environment. The meltdown/spectre patches for server are largely considered important (not critical) this time around. So that means if I use my base patch scan template, I'm missing the important. If I check off important in the template, I'm now including importants from everything (even more of a problem). So I'm left with a stitched together solution which is as follows:
I create a patch group called 'Jan'18 Exceptions' and into it, I place all important patches which aren't the 2 that I need for meltdown/spectre. Then I do a scan from my base template and add the exceptions to it in order to come up with one scan that has everything I need.
Is this also how others do it? Or am I missing something? The alternative of course being to run 2 scans, one for baseline patches, the other for just the meltdown/spectre ones, but that''s double everything, double reporting, double deployments, etc etc.