We have patch management (in ZCM 11.2.2), but honestly don't use it much. I have a few questions about how it works that might make me use it more, if I understand it more.

  • If I deploy a patch (or a set of patches), it creates a bundle for that deployment. That bundle seems to include actions that deploy the actual patch bundles (correct?). Do I have to recreate a new deployment bundle every time I want to push a new patch? i.e. If I push a Java update, and a month later, a new one comes out, do I build out a new bundle with the new patch in it, or do I modify the old one?
  • Once the patch is deployed, can I safely delete that deployment bundle, or should they just pile up?
  • Is there a way to "auto-approve" patches? Lets say I always want a group of machines to have the latest Adobe Flash Player patches. Can I set up ZPM to automatically cache and push the latest patches for a specific product, or do I have to manually remediate each patch? (I'm thinking of how MS's WSUS does "auto-approval")
  • I see most packages aren't cached in list, but occasionally, a patch is cached without me touching it. Why? Can I change what gets automatically cached?

Thanks for any help/answers you can provide.