Looking recommendations on patching software for Windows

S

Shadowhaxor

Limp Gawd
Joined
Jul 15, 2005
Messages
311
Morning HardForum Folks,

My company is looking for a solution to assist us in patching Windows 2008/2012 servers, across several locations in the North American region. Currently this is a manual patching progress that involves 10+ servers and it's getting a bit dry. So I'm going to try and get them looking into the right direction.

However since my role shifted many moons ago, I haven't used any patching assisted software, not since my former years where we used Altiris, which Symantec owns now. I did do some reach and I see that MangeEngine's Desktop Central seems to be pretty robust and comes recommended, but I wanted to see what people here were using and what they think about those solutions.

Thanks in advance all!
 
Set up one of your servers as a WSUS server, and then have a server at each location be a WSUS replication server.

You can also use it to push out non-MS updates.

And it will cost you absolutely nothing other than a bit of time setting it up.

We have around 8k PCs worldwide and we use Dell KACE for software pushes and non-MS updates, reporting, etc.

For a smaller business though, I don't see why WSUS wouldn't work just fine. I used to manage WSUS for 3 locations and it was pretty much a set it and forget it. I did run a cleanup every couple months to clean out space from obsolete updates, but other then that it just worked. I was not using it to push non-MS updates.

Edit: We use ManageEngine for our helpdesk software. It is a slow, buggy, and painful for users to use piece of software.
 
cyclone3d said:
Set up one of your servers as a WSUS server, and then have a server at each location be a WSUS replication server.

Edit: We use ManageEngine for our helpdesk software. It is a slow, buggy, and painful for users to use piece of software.
Click to expand...


I forgot to add there is an issue with using WSUS, the engineers and operation team have not explained why but it has a lot to do with our infrastructure.

Thanks for feedback on ManageEngine as well, I'll cross that off my list.
 
Id suggest finding out the exact reason why WSUS is an issue? I've got it running between 5 sites, one of which is heavily fire-walled, and 3 of the sites or on slow links, and it just works.

As cyclone says, it's free.
 
So regarding WSUS, apparently there are two factors here; Time Management / Selection and Selective Patching.

They mentioned that they want to be able to stagger the patching times as well as being able to select which servers get patched and at what time. But I thought you could schedule patches using the task scheduler.
 
Shadowhaxor said:
I forgot to add there is an issue with using WSUS, the engineers and operation team have not explained why but it has a lot to do with our infrastructure.

Thanks for feedback on ManageEngine as well, I'll cross that off my list.
Click to expand...

If you are having issues with WSUS, chances are you will have issues with other solutions as well.
I'd try solving those problems first.

If you know powershell, you could do a script that pushes the updates to your servers. I tried to do it once, but why replicate what you can do with WSUS
 
create different GPOs that configure different date/time for patching.
Add servers to appropriate GPOs to stagger patching date/time.

Also, you could set up/configure BranchCache instead of spinning up more WSUS servers.
 
Check out microsoft system center. Patches all of our desktops and servers. Works very well and we have tried other solutions before this. 500+ machines are patched using this.
 
You must log in or register to reply here.
Back
Top