Showing results for 
Search instead for 
Did you mean: 
Create Post

Automatic publishing of selected third-party packages

Automatic publishing of selected third-party packages

What value would you place on being able to automatically publish, as metadata-only packages, selected third-party updates?

For example, automatically publishing all Security Updates, or automatically publishing all Java updates.

Would this have value as a metadata-only package (which would provide state information as Microsoft updates get upon synchronization), but would still require manual download of the installation files and re-publishing the update for deployment?

How important would it be to auto-publish the full package (including installation files), where possible?

Level 11

I have thought about this but decided because 3P packages require so much manual testing before deployment that adding automation doesnt really make sense.  However you mentioned just publishing the metadata and that got me thinking.  I have not used the 'just publish metadata' options before and maybe I need to.  Does this option allow me to put a 3P package 'out in the wile' just to see what will come back installed, not installed, not applicable without the fear of stuff actually getting installed?  Do accomplish this I simply publish a 3P package, and do not approve it.  How does using the metadata option change things?

Level 11

I don't know why people are voting this down. I like the idea, even if I would likely never auto-approve the patches, at least having them published would be helpful. Having the updates automatically published to WSUS would allow me to see new additions much more easily than when they are buried in the Patch Manager repositories. The WSUS filter lists are great for listing new, unapproved packages and there's no analogue in the Patch Manager software publishing view. Also, as noted, publishing the package metadata would let me see how many systems are in need of the package.

When it's possible to automate the download, it would be great if I could designate an automatic download and publish the full package. For the third party updates that I deploy, I almost always publish the latest release as soon as possible, so anything that saves some time is helpful.

Level 17

I'd also be interested in hearing about the negative responses. I suspect it may be because we've not emphasized the nature of the feature. As written in the original post, the idea has two key attributes:

  • Updates would be published metadata-only.
  • The Administrator would be able to choose by vendor, product, and classification which updates would be auto-published.

@Mark, yes, publishing metadata-only allows you the ability to get state information on a particular update (Installed, Not Installed, Not Applicable) without the obligation to [a] download the binaries, or [b] manage approvals. This is exactly the same scenario that happens naturally in WSUS for the Microsoft updates. They are synchronized (metadata-only) from Microsoft, and then you "obtain the binaries" by approving the update. (For 3rd party updates, the publishing process pushes the binaries prior to the approval.)

@Andrew, you make another important point - autoApproval is an entirely separate activity from autoPublish. The idea with automatic publishing is merely to make the update available in WSUS so that the client systems can report state information about that update package.

Community Manager
Community Manager
Status changed to: Implemented