On Jun 23, 2009, at 4:16 PM, unix_fan wrote: > What do people who manage groups of MacOSX desktop machines actually > use? To bound the exercise, let's just call patch management the > following task. > > A vulnerability is announced, along with the patch. I want to > generate a report that shows how many machines are affected in the > denominator, and how many machines have actually been patched in the > numerator. How do you manage MacOSX group patch deployment in this > scenario?
I'm the IT department at a creative agency, with about 60 OS X users, mostly laptops. I use Apple Remote Desktop for this. Once a machine is associated with the ARD application, you can run a variety of reports, which would include the latest OS version. Where it isn't as smart as it should be is tracking patches that do not update the OS version, such as the latest Java update. To provide updates, I use the Software Update Server function of OS X Server. It's much like Windows Software Update Server- an update cache on your LAN, where the admin can approve what updates are available. Of course, the clients have to be reconfigured to look to the local SUS, but that's easily configured via ARD. Steve. _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
