{CWoC} PatchExclusion: a companion tool to ZeroDayPatch and PatchAutomation

PatchExclusion is a companion tool for ZeroDayPatch and PatchAutomation.

It is designed to help Altiris Administrator verify the content of the exclusion table, to add, remove entries or to clear the table (and even recreate it in full - should this be needed).

Here are the utility command line options:

PatchExclusion (version 10):

Background:
        ZeroDayPatch and PatchAutomation both have the ability to exclude 
        bulletins from the bulletin working set retrieved from the SMP. This 
        tool will allow you to verify if any bulletins are excluded or to add
        or remove entries from the exclusions when and as needed.

        The excluded entries are stored in the table patchautomation_exclusion
        which has 3 fields: Id (int), Bulletin (nvarchar(255)) and CreatedDate
        (timestamp).

Supported commands:

    ls | list
        Print out the content of the exclusion table to the console.

    ++ | add <bulletin list>
        Add bulletins provided in the <bulletin list> to the exclusion table.

    -- | del <bulletin list>
        Delete bulletins provided in the <bulletin list> from the exclusion table.

    reset
        Delete all entries from the exclusion table.
		
    forceinit
        Delete the exclusion table 

    version
        Print out the current version of the tool.

    help | /?
        Display this help message.

As a reminder, there are 2 command (for both ZeroDayPatch and PatchAutomation) line that will create entries in the "patchautomation_excluded" table:

• /duplicate
• /exclude-on-fail

The first for safety reasons. If you ever went to add the /duplicate switch on a config file, you would only risk to create a duplicate entry, instead of a duplicate entry with each run (which could be disastrous if you had scheduled the task to run daily).

The second is also there for safety, but in case of failure. If you fail to dowlnlaod certain patches (because of firewall rules) you can automatically exclude a given bulletin and act upon it outside of the automation scope.

Known issue: there is a single known issue with this release. If ZeroDayPatch or PatchAutomation prior to version 10 have created the "patchautomation_excluded" table, you will not be able to list excluded bulletins. This is because the original table schema had a tyop in it (CreateDate" instead of "CreatedDate". If you encounter this issue, the best option is to backup the table content and then run 'patchexclusion forceinit'. This will delete the table which will be recreated when you next run the tool, or if ZeroDayPatch or PatchAutomation require it.