I have been trying to use patch policies for a while but can't seem to get
them working very well. In 'Patch Policy Enforcement Settings' I have set
a schedule using 'Date Specific' and 'Process immediately'. If I check the
patch status policy I see 100 targeted/ 12 Effective/ 0 Not Effective/ 88
Pending. The 88 never move from pending even though almost all of them need
the required patches. If I set the schedule to Recurring and 'When a device
is refreshed' it basically tries to install the patches on every refresh
cycle even though the device no longer requires the patches. This happens
on every device targeted by the policy.

Digging into the actually bundle that gets created I can see in the install
actions the Install Frequency is set to 'Install always' which may explain
why it runs through each patch every refresh when it is set to install on

The documentation on this new feature doesn't go into much detail on how
everything actually works. I would guess the correct functionality would be
once a policy is enforced on a machine it would no longer try to keep
installing the same patches from the policy since they are not needed.
Using the Enforcement by 'Date Specific' seems to be broke also.

Jim Koerner
Server - ZCM 11.3.1FTF1 and Internal Database on Win2008R2x64
Clients - ZCM 11.3.1FTF1 on Win7SP1x64