Best Practice Naming of Patching Groups

Whether you are working with an EDF based selection method or adding machines to groups manually it's always easier to avoid mistakes when the patching groups your're working with have names that clearly define what they do to the machines added to them. Our first advice is to never create groups that cater directly to an individual client ex: "Acme Corps Workstations" should be avoided. Instead, work down a list of what your clients are in need of and build an appropriate naming scheme that can easily be expanded on as new clients have additional needs. For example, if the first subset of my clients are town halls that need workstations online from 7am to 4pm m-f, then patching can (and should) occur anywhere outside those hours to ensure systems are staying up to date on the most recent 0 day security patches.

Breaking it Down

Rather than making a client specific patch group and naming it

"Town Hall 1"
we should instead name it:
"Workstations - Everyday 1a-5a - R+30 +D"

This tells us the group is for workstations, patching happens every day of the week from 1am to 5am with a reboot window that is from 1am to 5:30am (R+30). The +D indicates that this group also has daytime patching enabled. By creating this group and naming it after what it does, we reduce confusion and allow more clients to be grouped into the same patch window making them easier to manage.

Expanding on this idea we can easily make a 6 basic patching groups:

Selling it to Clients

This requires a fundamental shift in how MSPs interact with clients on patching and can be difficult to present at first. Its best to shift the conversation from "When would you like to patch?" to advising clients on best patching practices ex: "We have X standard patching windows, with the majority of clients on an everyday patching schedule where we see the best . Which option works best for you?". Facilitating this conversation and helping clients understand the importance of more frequent patching than they might have been used to only gets easier when you can present the percent of fully patched machines on more frequent groups against their own machines.

Best Practice Naming of Patching Groups

Breaking it Down

Selling it to Clients

Categories

Labtech

Mac Agent Functionality Within ConnectWise Automate

ConnectWise RMM vs Automate: Should I be using CW RMM?

ConnectWise Automate on Linux – Best Practices

ConnectWise Automate Maintenance Mode Explained Best Practice

Uninstalling and Offboarding Automate Agents

How to Set Up Automate users to use ConnectWise SSO

Windows 10 Build Upgrades are Inevitable - Use Kaseya/ConnectWise Automate to Deploy

Best Practice Naming of Patching Groups

Automate 12 Patch 9 Now Available!

5 Tips for using the Report Center

Business Continuity

Proactive Maintenance

Kaseya

What Should I be Automating in Kaseya VSA 9.5?

Security Best Practices for Kaseya VSA

Kaseya VSA: Software Management vs. Patch Management

Software Management Enhancements

Two-Factor Authentication in Kaseya VSA

Windows 7 & Windows 10 Multiple Builds End of Life – Upgrade Using Kaseya or ConnectWise Automate

Kaseya Network Monitor: Benefits & Features

Kaseya Patch 9.5.0.22 and Future Updates

Kaseya's New State-of-the-Art Contemporary User Interface

Kaseya Product Release - April '19

Datto

Creating & Implementing a Disaster Recovery Plan

Disaster Recovery – Minimizing Impact of Downtime

Updating a Datto Device

Datto Agent Communication Errors

Datto

StorageCraft

Get in touch today for MSP Centralized Services