Can the HPCA Agent reboot defer dialog be managed more granularly? For example you can set to 1 day (which gives 8 hour option) but we would like the longest defer time to be 4 hours or less.
As many of you are already aware, a major cyber-attack was launched recently that targeted a vulnerability in the SMB server. MS17-010 patched this hole for supported OS’s in March but left unsupported OS’s at risk so Microsoft released patches for the unsupported OS’s. Anyone who is managing WinXP, Win8, or Win2K3 and would like to patch this OS's via Patch Manager can send me an email email@example.com.
See links below for more details about the security patch.
FYI - the cab file was updated yesterday (signed at 2:55 am yesterday May 9) and it was just updated again. (signed at 2:25 am today May 10) I am guessing its got something to do with KB4019472 which we didn't acquire yesterday when we asked for it, I am running an acquisition again.
We feel it would be beneficial in our environment to allow our desktop technicians the ability to type in a machine name before the OSM image process starts. Most of the time they start imaging new machines using USB flash drives that connect back to the OSM server. Right now it pulls the serial number automatically. We have a lot of things that happen after the image process takes place and it would work much better for us if our techs had an option to fully name the workstations before it all begins. Has anyone else been able to accomplish this in their environment? Maybe this ability already exists and we just don't know about it..?
I am getting a wsusscn2.cab file corruption error in my lab (9.2, 9.1) when running an acquisition for the April security patches. Anyone else getting this error?
ERROR: Cabinet file wsusscn2.cab is corrupted
On a side note:
Microsoft released the April Security bulletins via the new Security Update website. I have not detected an updated via the legacy Security Bulletin website yet and the Security bulletin website is re-directing to the new Security Update website. If the legacy bulletin naming convention has been dropped than you may no longer acquire bulletins in the following format. MS17-XXX
Security Update website:
This is Ahmad Salman.
I want to ask if we can create a custom agent with all needed policy (Audit, Usage, Security, Software, etc.) so we can deploy it at once instead of doing this after agent installation.
This will save time and effort especially for large environment.
I audit a folder for zip files (like C:\folder\*.zip). As I have to deliver the files at two virtual manager locations, I have 2 audit packages, each with its own location. ACTION is 'YYYYYYN' and 'YYYYYNN'
The zip files are created daily and removed by one of the audit packages. A TIMER (Schedule) runs daily too.
Because of a migration project, I have to deliver the file(s) at a third location. So I copied 1 package. Now 2 packages delete the audited file.
However, now I find that one of the deletes fails and Radia is populating a registrykey 'PendingFileRenameOperations" with the filename. The client's connect.log shows lines like ' cannot find file'. If radia cannot find the file, why add it to the registry key for deletion after reboot? Even worse, the folder itself appears in this registry key. After reboot the folder is deleted when the folder was empty.
Why is this?
Apache foundation made an announcement in July 2016 that Apache webserver 2.2.x will have EOR (End Of Release) in June 2017 and EOL (End Of Life) in December 2017. Apache 2.2.x served our customers for the last 10 years right from 2005. Apache team foresees very minimum maintenance patches to be released between EOR and EOL and has asked all the users to move to version 2.4 as early as possible. 2.2.x will not receive any security updates from December 2017 onwards. You can learn more about this announcement here:
The Radia product will ensure that customers are safe with this transition. We’ll provide hotfixes for the following supported Radia versions so that there is enough time to conveniently move from Apache 2.2.x to 2.4:
- Radia 8.1
- Radia 9.0
- Radia 9.1
- Radia 9.2
- Radia 10.0
The schedule for each of these hot fixes will be announced later, but all of them will be available by May 2017. Please let us know if you have any questions or comments. Please let us know if you have any questions or comments.
I just received this information from one of our clients. It appears that Microsoft will not release any patches this month due to unknown problems with some/all of the patches. Please see below for more information.
Month: February 2017
Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today. After considering all options, we made the decision to delay this month’s updates….
Is anyone making use of the RTBWMGMT setting in COP? I am looking for any experience using this. Previous iterations of bandwidth throttling in Radia were not very successful but it was indicated that this one works better. We did some testing and confirmed that it will in fact work effectively in our lab, we created some very slow connections and observed successful throttling.
Is anyone using this? and if so, what settings did you find effective. (default out of box is 40% with 15 second polling interval)
The custom Office bulletins mentioned at the forums are non-Security Office updates that are NOT available via Radia. While some Office updates are available most are not and require custom bulletins. Before creating custom bulletins we first search Accelerite's non-Security webpage to make sure the bulletins are not available for acquisition by default.
Over the past several years the custom bulletin portfolio between Dignity Health and Evergreen Systems has grown to around 300 custom Radia bulletins and continues to grow monthly. Using custom bulletins greatly increases ROI by expanding the content that can be managed by Radia Patch Manager, utilization of the built in compliance reports, and decreasing the amount of time it takes to package content.
Some of our custom bulletins can be acquired by Radia by default (FLASH PLAYER, ADOBE READER, JRE, etc.), but may be prohibitive.and require some tailoring to meet the needs of individual clients.
Our goal at Evergreen Systems is to make Radia the best third party patching tool on the market and in support of that goal we offer unlimited custom bulletin support to all our support customers.
See below for partial list of the custom bulletin portfolio.
As an example, KB3085607 is a junk email update and not available via Radia non-security bulletins or MUC bulletins.
Accelerite supported Bulletins
* CUSTOM BULLETIN PORTFOLIO (Includes partial Office (OFC) list as a reference). Not all custom bulletins are listed.
Custom in-house developed VBscript compiled to executable to create/enforce registry value.
Java Runtime Environment
Security/Non-Security individual custom KB's
** Microsoft Office Bulletins / *Partial list
VLC Media Player
Custom Uninstall Bulletins to remove problematic software
Windows OS Extended Security Bulletins (XP/2003)
The Windows 10 session at the Accelerite User Summit sparked a lot of questions. We've put a brief summary of the questions and answers from the session. We'd love to get some feedback on this topic from the wider Radia user team:
1. Will there be any change in the policy entitlements with the new MSFT patching?
No, the entitlement process remains the same
2. Upgrading Radia 9.x to 10.x is painful, are there any improvements done in migration process.Acc?
We are working to remove the pain points after 10.cp1, the current approach is once the customer is on Radia 10. The upgrades will be done as updates to the environment.
3. Custom xml process - Is acclerite still going to support office patches and non-security patches or do they need to request as an on need basis?
A we are in the streamlining the process to reduce time iand providing the custom xmls faster.
4. Roll back option for patches specially for cumulative patches?
Currently we cant rollback individual patches in a cumulative patch. And Accelerite will work it as an enhancement.
5. is there an auto entitlement after acquiring pactches as there are 100s of patches and is time consuming to entitle them.
Will work as an enhancement.
6. Supercedence - During acquisition when we mark the supercedence option it should delete the superceded patches after the timelimit expires?
Accelerite will work this as an enhancement.
What would cause Tier 2 servers to sometimes stay soft-locked after there daily sync?
Looking for some points to start investigating.
dmabatch action=unlock usually has to be ran each day on those affected.
Hi, I'm fairly new to PowerShell but I was wondering if anyone has had success exporting the software policy and then being able to assign a package to an AD group? Thanks for any help in advance.
Anyone else deploying the latest security-only patch MS-KB3192391 via a custom bulletin?
What Service\Package setting controls whether the client deletes the compressed resources after the package installation is completed. (not the AIP, I mean the LIB\DATA resources). I thought it was possible to configure these to remain in place but I can't seem to find the setting. (we have 9.2 if it makes a diff)
In 7.8, when deploying the client agent from the Portal we had the capability to select a Profile (Agent Media install) and to select an Initialization file (install.ini).
I'm looking in 10.0 and I dont see the same funcitonality with deploying an Agent.
Is there something that I can enable in 10.0 to give me the drop down for selecting different install.ini when deploying from the Portal.
A quick reminder that our custom Radia Patch Management solutions are not impacted by Microsoft's decision to limit OS patching to roll-ups instead of individual bulletins/kb's. As long as the modules are available for manual download we can develop a custom Radia Patch Management solution based on individual requirements, including any individual kb's/patches released by Microsoft in the future.
I was able to acquire the latest wsusscn2.cab file around 5am this morning.
Our group is at a bit of a stalemate when it comes to adding OS level Zstops to all CSDB services.
We currently support over 800 applications and when a new OS comes out we can spend months testing all our applications on the new OS platform. Unfortunately, and as an example; if the service currently has a WIN7 zstop on it we can’t quickly test the applications on WIN10. It’s a long process carefully adjusting Zstops on every application so they can even be tested. (We have to do this by exporting the .xpi files and opening them in notepad, changing the Zstop, and reimporting back into the system.) That way it doesn’t modify the date and time stamp of the service and force a reinstall of the software throughout the environment. As another example, if the application ends up working on WIN10 we would typically add the new OS Zstop to the service and will be faced with the same problem later when WIN12 comes out.
That means that our only other solution is to NOT add an OS Zstop at all unless the software just won’t work on a particular OS. We’ve gone through many discussions on the pros and cons of adding the OS level Zstop to all software. The biggest pro of adding the OS Zstops is to prevent major catastrophes like blue screening every machine that has a particular software on a new OS. The major con of the OS Zstop is that it can take months of testing on the new OS. With hundreds of supported applications, it becomes a huge undertaking.
I’m curious what other companies are doing and if they face the same pain points that we go through when a new OS enters the picture? Maybe there is some solution we aren’t even considering?
I think I have done it once using a GUI (CSDB Editor?), but cannot remember how I did it.
From the Readme of QCCR1C50138:
1. Add a new attribute SUPLONGF in CLIENT.SETTINGS class.
2. Set the length of SUPLONGF attribute is 1 and value is Y/N.
I can navigate to PRIMARY / CLIENT / SETTINGS / _BASE_INSTANCE_ and there it stops. How do I add this attribute?
1. Can I/How do I, publish files that are not resident on the computer I'm logged into? It seems mapped drives do not appear in the Publisher drop-down, only local drives.
2. When I publish a file for deployment, how do I specify the delivery location desired on the client? (Example: I publish the source file from my machine in c:temp\package\, I wish to have radia deploy the published package to the clients c:\dropzone\ folder.
We are in the inital phases of defining a new infrastuctrrue (Hardware Upgrade) which will require the site Satellite Full stream servers to be re-directed to an new upstream server. I'm wondering if any one has a script to do this? Would save me some time.