Hello, I apologize for the basic nature of my questions and confusion, but I have been reviewing the manual and documentation and also viewing as many videos as I can find to watch. However, I'm afraid after 2 weeks, I still have some basic questions and confusion.
We have recently purchased LANDesk 9.6 and I was asked to look into the Patch Management piece. I've picked up some (very) basic knowledge in my efforts to learn, but have hit a bit of a stumbling block to continue learning and am at a point I need to show my lack of understanding of this product and ask for help.
My understanding is that in the Patch and Compliance area, after you download the updates, they are placed into the "\Unassigned" folder. Then it is up to me to figure out what to do with them. To get the vulnerability scan (vulscan.exe) to check if these updates are needed on our workstations, I must copy the desired updates into the "\Scan" folder. And vulscan.exe will ONLY check the workstations for the updates in this \Scan folder.
I have many questions and items that are confusing to me in LANDesk, but my initial question & confusion is 'Which of the thousands of updates that were downloaded should I copy to the \Scan folder?' Now I realized the obvious answer is "You dummy, copy the ones you want to scan for!", but that is the problem. I don't understand how LANDesk is doing this check. In my mind it should simply check for "Adobe Reader", yet there are numerous 'versions' of Adobe Reader updates that get downloaded and I don't understand why, and more importantly, how these different versions are used.
In a specific example, but questions and confusion is below. Thank you for any help or pointers that will get this beginner past this initial hurdle.
- We have thousands of computers and they all have Adobe Reader installed. There are many updates downloaded that are listed for Adobe Reader and various versions. Do I ONLY need to copy the very latest Adobe Reader update into the \Scan folder? (I..e - Adobe Reader 11.0.10) If I do that and a machine has Adobe Reader 9 or 10, will the fact that I copied just the Reader 11 update show those workstations as needing an update?
- Also, there are currently 3 different updates that were downloaded for Adobe Reader v11.0.10. Why, and which one should I copy to the \Scan folder? (We don't want to be scanning for unnecessary things.) This occurs with other products too where there are multiple items referencing the same version that were downloaded. I guess I'm having a mental block as to why LANDesk does this? I don't want to take a shotgun approach and just put "everything" in the \Scan folder, but how do I know which of the Adobe Reader (or JAVA, Flash Player, etc.) items are truly needed?
- How does vulscan.exe flag what the 'fix' is? In other words, I have machines with Adobe Reader v9. Is LANDesk going to install the most current version as the fix? (i.e. - LANDesk will tell me the fix for computers with Adobe Reader 9 is to install Adobe Reader 11.0.10.) Is so, how do we control versioning? Because we actually have some computers that require a specific version of Adobe Reader 9. Thus, if LANDesk says those computers are vulnerable, how can you ensure that the 'fix' for those computers is to simply install the latest Adobe Reader 9 version, which is 9.5.5 and do NOT 'fix' them by installing Adobe Reader 11.0.10?
- And finally, what if a machine did NOT have Adobe Reader installed? Can I perform an installation of that product via LANDesk Patch Management?
Keith Hemmelman