Hello everyone,
I need a quick refresher.
I have package groups that apply to OUs, and within these OUs, I have 2-3 computers where I need to lock the version of Java or Firefox, for example.
What's the best approach?
Thanks in advance.
Prevent a package from updating on a single machine
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
-
dcardon
- WAPT Expert
- Messages: 1929
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hello Realynot,
The simplest solution would be to put them in a separate OU that does not inherit from the package that needs to be frozen.
Sincerely,
Denis
To keep a package fixed to an older version, the best approach is to include the version number in the package name itself, e.g., tis-java8.189-1.wapt. However, due to how Organizational Units (OUs) work, the list of packages to install is generated by combining everything inherited by the OUs and everything directly assigned to the machine. This presents a problem if you want to create an exception for two or three machines and disable inheritance. It's possible to exclude certain packages. However, I'm not entirely sure how the dependency management engine will interpret this (does the deny take precedence over the accept? This needs to be verified)...
The simplest solution would be to put them in a separate OU that does not inherit from the package that needs to be frozen.
Sincerely,
Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
I think this is your best option because this method will allow you to keep an eye on these machines which are potentially vulnerable due to this dependency on "old" utilities.
In the case of Firefox, you can configure it to only access the specified website, thus discouraging your users from using this older version of Firefox for their daily activities. As an added bonus, you can deploy a custom icon on their desktop for direct access to the application, without using Firefox shortcuts.
We are familiar with your situation because we have worked extensively with local authorities for whom this situation is unfortunately very common.
Long live the promise of the web!!! Now we have practically as many browsers as business applications, isn't that great? I'm so glad you chose WAPT
Sincerely.
Vincent
Vincent CARDON
Tranquil IT
Tranquil IT
