How do you handle patch management?

dustincleveland · 2016-02-26T19:54:55.000Z

I work in a school district and we currently use KACE. I was wanting to explore some other options that are possibly cheaper than how we do it now. Does anyone have some good patch tools that can be run silently as well as outside local networks? We are sending our staff home with their laptops over the summer and would like to test it out then. Thank you for all your help in advance!

@Microsoft

Denis-Kelley · 2016-02-26T20:01:01.000Z

WSUS for the Microsoft stuff and PDQDeploy Pro for the rest

georgemcfarlin · 2016-02-26T20:04:07.000Z

WSUS for microsoft and ninite pro for the rest.

bnoga · 2016-02-26T20:04:43.000Z

Denis Kelley:

WSUS for the Microsoft stuff and PDQDeploy Pro for the rest

Same here for our local. For our remote offices, we use ControlNow and are in the process of migrating to @MAXfocus for Microsoft and 3rd party patches.

kptim · 2016-02-26T20:07:36.000Z

I don’t…

Just kidding. We use Vipre Business Premium and it patches everything non-MS and works well, but only on the domain.

dustincleveland · 2016-02-26T20:12:33.000Z

Do any of these work update outside your local network?

bnoga · 2016-02-26T20:16:16.000Z

Clever6242:

Do any of these work update outside your local network?

Yep. See my post. ControlNow/MaxFocus allows me to control what patches and when my remote PCs get them. It uses a Web console, so it is accessible from any place I have an Internet connection.

ceciforheat · 2016-02-26T21:56:02.000Z

Hi Dusty! I know you want to hear suggestions from other SpiceHeads, but I wanted to throw in HEAT PatchLink for you to check out.

What applications are you looking to patch?

jeffdoty2 · 2016-02-26T21:58:49.000Z

We use SCCM (which uses WSUS for MS stuff) and then deploy software with SCCM.

dustincleveland · 2016-02-26T21:59:47.000Z

Hey Ceci, looking at 3rd party apps and Ms updates. What we want to explore is the ability to do that outside our network.

ceciforheat · 2016-02-26T22:29:34.000Z

Gotcha! So just to clarify… you are looking a solution that you can run on your staff’s laptops and then manage remotely from a single console where you can deploy patches?

Also, how many users are you looking to cover?

dustincleveland · 2016-02-26T22:33:04.000Z

Correct. Possibly looking to do it for our students windows machines. We are 1:1 here. Total around 700 devices.

niccrockett · 2016-02-26T23:35:02.000Z

I implemented a free solution by using WSUS for Microsoft updates and the free version of PDQ Deploy for most everything else. The stuff that the free version of PDQ Deploy doesn’t handle I do manually, but that’s not much. Given the amount of devices you’re talking about you’d probably want to invest in the Pro version of PDQ Deploy so you wouldn’t have to worry about the manual installs like I do.

eldonn · 2016-02-27T16:36:48.000Z

I have a “Patch Day” philosophy where once a month, we analyse the poop out of everything. It is a once a month effort.

I think a lot of people spend time on Windows desktops or Windows Servers but with IoT and so much “else” out there, I have decided to take a more hands-on, holistic and unified approach.

Some random examples off the top of my head. Wifi device firmware, Firewall patches, printer firmware, Cisco IOS updates, WordPress AND all the plugins, this list goes on. We also inspect the virus console to ensure that all devices are running the latest virus agent and signatures and have performed a full scan recently, we review login audit trails to see if any user/device has NOT authenticated with our domain controller in the last 30 days. We validate not only DATA backups but backups for firewall configs, pbx configs, cisco router backups, etc, etc, The spreadsheet I use includes links to the vendor site and we manually check to ensure that they haven’t published something we are not aware of.

I have a team of 3, we split it up and it takes an entire day, once a month. This also includes email blast to our staff telling THEM to be diligent on updates not only for the company PC but many their home PC. Microsoft’s patch day is the 2nd Tuesday of each month. We pick the Thursday right after that. As a post-mortem, we usually strategize on which things are next on our “keep the crap out” philosophy and it helps me to negotiate budget for future months/years.

kevinmitchell · 2016-02-29T13:35:21.000Z

This is the easiest combination for a noob like me. Having 5 Remote sites, this is the best combination for us to make sure all our machines get the proper updates.

christophgrabmer · 2016-02-29T13:37:14.000Z

We use the open source tool wpkg and it is just nice! No more problems anymore

jonahgeib5194 · 2016-02-29T13:37:21.000Z

I wouldn’t touch Microsoft updates with anything but WSUS… I use Manage Engine for third party, which seems to be ok.

glomo · 2016-02-29T13:42:11.000Z

WSUS for Microsoft stuff.

ZENworks for everything else (it does way more than patch management)

stephenkurtz · 2016-02-29T13:44:58.000Z

WSUS then PDQ Deploy.

dustincleveland · 2016-02-29T13:46:53.000Z

Does PDQ deploy do patches to devices outside your network?