Patch management notifications dilemma

It's always been challenging to choose either to check "Hide all deployments from end users" in "Software Updates Client Agent Properties".

If you decide to suppress it - you won't be able to patch the computers manually. It may be challenging for servers, where administrators want to do it manually, with notifications of service interruption involved, and so on.

If you don't suppress them, you'll face two challenges:

1. If you rely on Maintenance Windows, even if there is no maintenance window available, but deployment is active (after start time), your users will receive task bar notification

2. If your update fails, users will see it.

You may want to prevent it by setting "Hide updates" on all computers except servers. So, you set the site wide setting to "Hide" (check the box) and distribute the setting that will unhide it where needed (Servers and, for example, your "Patch testing group")

 Here is a VB script for that:

   ' Initialize the updatesDeployment variable.

   dim updatesDeployment

   ' Create the COM object.

   set updatesDeployment = CreateObject ("UDA.CCMUpdatesDeployment")

   ' Set interactive mode on the client by using the SetUserExperienceFlag method

   ' and the newUserExperienceFlag (set with a value of 1) passed in.

   updatesDeployment.SetUserExperienceFlag 1

 Reference:

 https://msdn.microsoft.com/en-us/library/cc145097.aspx

https://msdn.microsoft.com/en-us/library/cc143858.aspx

Comments

• Anonymous
  November 08, 2011
  The comment has been removed
• Anonymous
  October 15, 2012
  Great Post!Thanks for sharing helpful information about patch management deployment. It is nice post to help and tips about Patch Management. How about trying this new technology that i found at www.manageengine.com/.../windows-patch-management.html