Jump to content
Welcome to our new Citrix community!

EPA Windows Update missing patches


Ross Bender

Recommended Posts

We are using EPA and have a policy configured (post-auth via nfactor) checking for no missing Windows update patches of "critical" type:

sys.client_expr("sys_0_WIN-UPDATE_MISSED-PATCH_==_CRITICAL")

However, today we faced issues with users not being able to connect due to Windows updates that were released just yesterday (e.g. KB4565633).

 

I'm trying to see if there a way to configure a "grace period" where we can enforce critical patches need to be installed within X number of days. The only other relevant policy option I see for Windows update is "last update check" with X days. However I've seen CTX219293 which notes the last update check requirement will fail unless automatic updates are enabled. This would cause users with a manually up-to-date system to fail the EPA scan.

 

Is there any other way that I could approach this problem, to still have some enforcement of an up-to-date system that has some built-in leniency?

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...