Hi guys,
I am pretty new to SMP so apologies if this is a common question...
I am just wondering what is the best practise to deploy a new version of any software.
Scenario:
E.g. upgrade of Symantec Endpoint Protection from 12.1.4112.4156 (ver4) to 12.1.5337.5000 (ver5)
I have several pilot groups, lets say
Group1, Group2, Group3, Group4 and the rest of the company
Currently, SEP 12.1.4 policy is targeting all computers
To make things easy, I thought I could use the version from registry key and
- set up ver4 detection rule to be version >= 12.1.4
- set up ver5 detection rule to be version >= 12.1.5
This means every time I deploy 12.1.5 to a machine that is part of a group getting 12.1.4, 12.1.4 will not be installed again, because the detection rule will still match.
Unfortunately, came across some issues as the actual build number is 12.1.5337.5000 and not 12.1.5.xxxx so my detection rule >= 12.1.5 will never install the newer version because 12.1.4112 is greater than 12.1.5. I will be playing with setting up the rule to be >= 12.1.5000 and see if this works or not.
Other solution I thought about was, every time I deploy SEP to new group, I will
- configure ver5 policy to target the new group
- configure ver4 policy to target all machines but the group
What I am after is simply the best practise as how to deploy a newer version of the software without risking it to be overwriten again with the old policy that is still targeting the rest of the machines.
If there is a built-in solution in NS, could you point me to the right direction as what to focus on?
Thanks