PatchAutomation and ZeroDayPatch builds for 8.0 - Protirus/patchautomation GitHub Wiki

{CWoC} PatchAutomation and ZeroDayPatch builds for 8.0 https://www.symantec.com/connect/blogs/cwoc-patchautomation-and-zerodaypatch-builds-80

ITMS 8.0 was release just a week ago, so it is time for the Patch Automation toolkit to receive it's new addition to the familly: Version 11, built for 8.0 :D.

This release doesn't have much else - but keeping up to date is good enough as the tool is now quite mature.

Finally, all the existing documentation related (and updated) to both tool still apply (both document contain the 7.1 builds as well):

{CWoC} ZeroDayPatch: Patch Automation Tool for PMS 7.1 SP2 {CWoC} PatchAutomation - Automated patching with Full Test Life-cycle 7.5 builds are also available as downloads:

{CWoC} Patch Automation and Zero Day Patch builds for 7.5 SP1 {CWoC} PatchAutomation and ZeroDayPatch with Patch Management 7.5 Native Support Whilst the 7.6 release are available on a blog entry:

{CWoC} PatchAutomation and ZeroDayPatch builds for 7.6

Quick reference: ZeroDayPatch Command line help message

ZeroDayPatch (version 11) command line usage:

/vulnerable
        Use this command line switch to install and run a custom stored
        procedure to retrieve candidate bulletins. The procedure will be
        installed is and named ZeroDayPatch_GetVulnerableMachines-0003.

/targetguid=
        Use this option to set the target guid to be used with newly 
        created policies. This will over-write the default target defined
        globally.
		
        Note that you can specify more than 1 target guid. Just add more
        /targetguid= to you command line or config file. This
        is most useful if you are delegating computer targetting to other
        team (such as server , workstation administrators).

/config=
    Reads the file at the provided path and parses each line for com-
    -mand line options. Here is a sample config file content:
        /severity=critical
        /custom-sp=CWoC_GetAllBulletins
        /vendor=google
        /dryrun
        /debug

/test   
    Run the automate in test mode only. A maximum of 10 policies will
    be created in this mode.

/dryrun 
    Run the automate in dry run mode. No changes will be made to the 
    system, but expected operation will be printed to the console.

/severity=|*
    Set the severity used to select bulletins that will be handle by 
    the automate. The * wildcard can be use to match all severities.

/patchall
    Use this command line if you want to manage bulletins from all
    vendors in the database. By default we only handle Microsoft bul-
    -letins.

/released-before=
    Configure a date filter that will include bulletin released before
    the specified date. It is set by default to the current date.

/released-after=
    Configure a date filter that will include bulletin released after
    the specified date. It is set by default to (current date -1 year).

/custom-sp=
    This option allows the user to specify a custom stored procedure to
    be called during the execution. The stored procedure may be present
    on the database (if not the automate will return with no errors) and
    must contains the following columns that are used and needed:
        * _resourceguid [Software bulletin guid]
        * released [Software bulletin release date]
        * bulletin [Bulletin name]
        * severity [Bulletin Severity]
    You can also add a vendor column if you want to filter bulletins by
    vendor (see option /vendor)

/vendor=|*
    Configure a vendor filter to only return bulletins that match the
    vendor string from a custom procedure. This is because the vendor
    field doesn't exist in default Patch Procedures used by this tool.

    If /vendor is specified with a custom-sp that doesn't contain the
    vendor field the setting will be ignored (all bulletins will be
    returned).

/debug
    Output extra information on the command line to allow debugging or
    reporting problems to Symantec Connect.

/duplicates
    Use this command if you want the tool to generate duplicate
    policies. This is useful if you want, for example, to migrate
    policies from a parent to a child SMP without disruption.

    Note! Duplicated and new entries will be added to the exclusion 
    table in the database for safety reasons.

/exclude-on-fail
    Use this command to add bulletins to the excluded table if it fails
    3 times during the stagging or policy creation phases. If not uses
    the failing bulletin will only be skipped.

/retarget
    Use this command if you want to switch existing policies to use a
    new target. The target guid should be provided with /targetguid=...

/version
    Print out the current version of the tool.

/?
    Print this help message to the console (stdout).

Update 1: Uploaded a new verison of ZeroDayPatch, with an increment on the schema version used for the /vulnerable command line switch. Thanks Mistral for the help troubleshooting and validating the changes!

Update 2: Adding tool command line help for quick reference.