Patch management Question

[spond]

Dschaldedfg,

the whole point of having ZPM is not to push patches out without
thought - that's what WSUS is for With ZPM you have ability to test
patches on groups of workstations before you push them to your whole
organization: trusting that patches will never cause any problems in
your environment is a gamble that I frankly would not want to take.
Once you have pushed patches out in a controlled manner to most of your
workstations, you can consider adding the most important patches to a
mandatory baseline, which will ensure that the patches are not removed.
This should not be used for normal deployment, because you have much
less control over when the patches are deployed, and what happens when
they are deployed - it's a device for saying "it's unacceptable to have
a computer on our network without this patch, do it now!".

--

Shaun Pond